big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)

Browse Source 
Reviewed-by: Ashutosh Gupta <ashugpt@amazon.com>
Reviewed-by: Tao Li <tomscut@apache.org>
This commit is contained in:
Takanobu Asanuma 2022-10-27 14:39:01 +09:00 committed by GitHub
parent ba77530ff4
commit 545a556883
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
View File

@ -226,9 +226,8 @@ public void handleInteraction(HttpInteraction interaction)
final String query = interaction.getQueryString(); final String query = interaction.getQueryString();
final String uri = interaction.getRequestURI(); final String uri = interaction.getRequestURI();
if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) { if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) {
LOG.trace("Rejecting interaction; wrong URI: {}", uri); LOG.trace("Proceeding with interaction since the request doesn't access WebHDFS API");
interaction.sendError(HttpServletResponse.SC_NOT_FOUND, interaction.proceed();
"The request URI must start with " + WebHdfsFileSystem.PATH_PREFIX);
return; return;
} }
final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length()); final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length());

13
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
View File

@ -244,14 +244,13 @@ public void doFilter(ServletRequest servletRequest,
} }
/** /**
* Test acceptable behavior to malformed requests * A request that don't access WebHDFS API should pass through.
* Case: the request URI does not start with "/webhdfs/v1"
*/ */
@Test @Test
public void testInvalidURI() throws Exception { public void testNotWebhdfsAPIRequest() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getMethod()).thenReturn("GET"); Mockito.when(request.getMethod()).thenReturn("GET");
Mockito.when(request.getRequestURI()).thenReturn("/InvalidURI"); Mockito.when(request.getRequestURI()).thenReturn("/conf");
HttpServletResponse response = Mockito.mock(HttpServletResponse.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Filter filter = new HostRestrictingAuthorizationFilter(); Filter filter = new HostRestrictingAuthorizationFilter();
@ -260,11 +259,7 @@ public void testInvalidURI() throws Exception {
FilterConfig fc = new DummyFilterConfig(configs); FilterConfig fc = new DummyFilterConfig(configs);
filter.init(fc); filter.init(fc);
filter.doFilter(request, response, filter.doFilter(request, response, (servletRequest, servletResponse) -> {});
(servletRequest, servletResponse) -> {});
Mockito.verify(response, Mockito.times(1))
.sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND),
Mockito.anyString());
filter.destroy(); filter.destroy();
} }