Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-16563. Namenode WebUI prints sensitive information on Token expiry (#4241) 

Contributed by Renukaprasad C
This commit is contained in:
Renukaprasad C 2022-06-03 23:07:27 +05:30 committed by GitHub
parent a406f49bc0
commit 7bd4ac3ce0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
View File

@ -510,15 +510,19 @@ extends AbstractDelegationTokenIdentifier>
throws InvalidToken { throws InvalidToken {
assert Thread.holdsLock(this); assert Thread.holdsLock(this);
DelegationTokenInformation info = getTokenInfo(identifier); DelegationTokenInformation info = getTokenInfo(identifier);
String err;
if (info == null) { if (info == null) {
throw new InvalidToken("token " + formatTokenId(identifier) err = "Token for real user: " + identifier.getRealUser() + ", can't be found in cache";
+ " can't be found in cache"); LOG.warn("{}, Token={}", err, formatTokenId(identifier));
throw new InvalidToken(err);
} }
long now = Time.now(); long now = Time.now();
if (info.getRenewDate() < now) { if (info.getRenewDate() < now) {
throw new InvalidToken("token " + formatTokenId(identifier) + " is " + err =
"expired, current time: " + Time.formatTime(now) + "Token has" + identifier.getRealUser() + "expired, current time: " + Time.formatTime(now)
" expected renewal time: " + Time.formatTime(info.getRenewDate())); + " expected renewal time: " + Time.formatTime(info.getRenewDate());
LOG.info("{}, Token={}", err, formatTokenId(identifier));
throw new InvalidToken(err);
} }
return info; return info;
} }