HDFS-16563. Namenode WebUI prints sensitive information on Token expiry (#4241)
Contributed by Renukaprasad C
This commit is contained in:
parent
a406f49bc0
commit
7bd4ac3ce0
@ -510,15 +510,19 @@ protected DelegationTokenInformation checkToken(TokenIdent identifier)
|
|||||||
throws InvalidToken {
|
throws InvalidToken {
|
||||||
assert Thread.holdsLock(this);
|
assert Thread.holdsLock(this);
|
||||||
DelegationTokenInformation info = getTokenInfo(identifier);
|
DelegationTokenInformation info = getTokenInfo(identifier);
|
||||||
|
String err;
|
||||||
if (info == null) {
|
if (info == null) {
|
||||||
throw new InvalidToken("token " + formatTokenId(identifier)
|
err = "Token for real user: " + identifier.getRealUser() + ", can't be found in cache";
|
||||||
+ " can't be found in cache");
|
LOG.warn("{}, Token={}", err, formatTokenId(identifier));
|
||||||
|
throw new InvalidToken(err);
|
||||||
}
|
}
|
||||||
long now = Time.now();
|
long now = Time.now();
|
||||||
if (info.getRenewDate() < now) {
|
if (info.getRenewDate() < now) {
|
||||||
throw new InvalidToken("token " + formatTokenId(identifier) + " is " +
|
err =
|
||||||
"expired, current time: " + Time.formatTime(now) +
|
"Token has" + identifier.getRealUser() + "expired, current time: " + Time.formatTime(now)
|
||||||
" expected renewal time: " + Time.formatTime(info.getRenewDate()));
|
+ " expected renewal time: " + Time.formatTime(info.getRenewDate());
|
||||||
|
LOG.info("{}, Token={}", err, formatTokenId(identifier));
|
||||||
|
throw new InvalidToken(err);
|
||||||
}
|
}
|
||||||
return info;
|
return info;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user