big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-16563. Namenode WebUI prints sensitive information on Token expiry (#4241)

Browse Source 
Contributed by Renukaprasad C

Change-Id: I5cd2cec1dd79917f810207821b3bdf4fe1a5d24c
This commit is contained in:
Renukaprasad C 2022-06-03 23:07:27 +05:30 committed by Steve Loughran
parent 7223a337f6
commit 0c15daa77a
No known key found for this signature in database
GPG Key ID: D22CF846DBB162A0
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
View File

@ -497,15 +497,19 @@ protected DelegationTokenInformation checkToken(TokenIdent identifier)
throws InvalidToken {
assert Thread.holdsLock(this);
DelegationTokenInformation info = getTokenInfo(identifier);
String err;
if (info == null) {
throw new InvalidToken("token " + formatTokenId(identifier)
+ " can't be found in cache");
err = "Token for real user: " + identifier.getRealUser() + ", can't be found in cache";
LOG.warn("{}, Token={}", err, formatTokenId(identifier));
throw new InvalidToken(err);
}
long now = Time.now();
if (info.getRenewDate() < now) {
throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
"expired, current time: " + Time.formatTime(now) +
" expected renewal time: " + Time.formatTime(info.getRenewDate()));
err =
"Token has" + identifier.getRealUser() + "expired, current time: " + Time.formatTime(now)
+ " expected renewal time: " + Time.formatTime(info.getRenewDate());
LOG.info("{}, Token={}", err, formatTokenId(identifier));
throw new InvalidToken(err);
}
return info;
}