HADOOP-6495. Identifier should be serialized after the password is

  created In Token constructor (jnp via boryas)  


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@901924 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -108,6 +108,9 @@ Trunk (unreleased changes)
     that Avro can read FileSystem data.
     (Aaron Kimball via cutting)
 
+    HADOOP-6495.  Identifier should be serialized after the password is
+     created In Token constructor (jnp via boryas)
+
   OPTIMIZATIONS
 
   BUG FIXES

src/java/org/apache/hadoop/security/token/SecretManager.java

@@ -45,10 +45,11 @@ public abstract class SecretManager<T extends TokenIdentifier> {
   
   /**
    * Create the password for the given identifier.
+   * identifier may be modified inside this method.
    * @param identifier the identifier to use
    * @return the new password
    */
-  public abstract byte[] createPassword(T identifier);
+  protected abstract byte[] createPassword(T identifier);
   
   /**
    * Retrieve the password for the given token identifier. Should check the date

src/java/org/apache/hadoop/security/token/Token.java

@@ -42,8 +42,8 @@ public class Token<T extends TokenIdentifier> implements Writable {
    * @param mgr the secret manager
    */
   public Token(T id, SecretManager<T> mgr) {
-    identifier = id.getBytes();
     password = mgr.createPassword(id);
+    identifier = id.getBytes();
     kind = id.getKind();
     service = new Text();
   }