HttpFS server should check that upload requests have correct content-type. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1221616 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
8fe3dd3fea
commit
6b4f40cbf9
@ -98,6 +98,8 @@ public class HttpFSFileSystem extends FileSystem {
|
||||
|
||||
public static final String SET_REPLICATION_JSON = "boolean";
|
||||
|
||||
public static final String UPLOAD_CONTENT_TYPE= "application/octet-stream";
|
||||
|
||||
public static enum FILE_TYPE {
|
||||
FILE, DIRECTORY, SYMLINK;
|
||||
|
||||
@ -459,7 +461,7 @@ private FSDataOutputStream uploadData(String method, Path f, Map<String, String>
|
||||
String location = conn.getHeaderField("Location");
|
||||
if (location != null) {
|
||||
conn = getConnection(new URL(location), method);
|
||||
conn.setRequestProperty("Content-Type", "application/octet-stream");
|
||||
conn.setRequestProperty("Content-Type", UPLOAD_CONTENT_TYPE);
|
||||
try {
|
||||
OutputStream os = new BufferedOutputStream(conn.getOutputStream(), bufferSize);
|
||||
return new HttpFSDataOutputStream(conn, os, expectedStatus, statistics);
|
||||
|
@ -0,0 +1,112 @@
|
||||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.apache.hadoop.fs.http.server;
|
||||
|
||||
|
||||
import org.apache.hadoop.fs.http.client.HttpFSFileSystem;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* Filter that Enforces the content-type to be application/octet-stream for
|
||||
* POST and PUT requests.
|
||||
*/
|
||||
public class CheckUploadContentTypeFilter implements Filter {
|
||||
|
||||
private static final Set<String> UPLOAD_OPERATIONS = new HashSet<String>();
|
||||
|
||||
static {
|
||||
UPLOAD_OPERATIONS.add(HttpFSFileSystem.PostOpValues.APPEND.toString());
|
||||
UPLOAD_OPERATIONS.add(HttpFSFileSystem.PutOpValues.CREATE.toString());
|
||||
}
|
||||
|
||||
/**
|
||||
* Initializes the filter.
|
||||
* <p/>
|
||||
* This implementation is a NOP.
|
||||
*
|
||||
* @param config filter configuration.
|
||||
*
|
||||
* @throws ServletException thrown if the filter could not be initialized.
|
||||
*/
|
||||
@Override
|
||||
public void init(FilterConfig config) throws ServletException {
|
||||
}
|
||||
|
||||
/**
|
||||
* Enforces the content-type to be application/octet-stream for
|
||||
* POST and PUT requests.
|
||||
*
|
||||
* @param request servlet request.
|
||||
* @param response servlet response.
|
||||
* @param chain filter chain.
|
||||
*
|
||||
* @throws IOException thrown if an IO error occurrs.
|
||||
* @throws ServletException thrown if a servet error occurrs.
|
||||
*/
|
||||
@Override
|
||||
public void doFilter(ServletRequest request, ServletResponse response,
|
||||
FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
boolean contentTypeOK = true;
|
||||
HttpServletRequest httpReq = (HttpServletRequest) request;
|
||||
HttpServletResponse httpRes = (HttpServletResponse) response;
|
||||
String method = httpReq.getMethod();
|
||||
if (method.equals("PUT") || method.equals("POST")) {
|
||||
String op = httpReq.getParameter(HttpFSFileSystem.OP_PARAM);
|
||||
if (op != null && UPLOAD_OPERATIONS.contains(op.toUpperCase())) {
|
||||
if ("true".equalsIgnoreCase(httpReq.getParameter(HttpFSParams.DataParam.NAME))) {
|
||||
String contentType = httpReq.getContentType();
|
||||
contentTypeOK =
|
||||
HttpFSFileSystem.UPLOAD_CONTENT_TYPE.equalsIgnoreCase(contentType);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (contentTypeOK) {
|
||||
chain.doFilter(httpReq, httpRes);
|
||||
}
|
||||
else {
|
||||
httpRes.sendError(HttpServletResponse.SC_BAD_REQUEST,
|
||||
"Data upload requests must have content-type set to '" +
|
||||
HttpFSFileSystem.UPLOAD_CONTENT_TYPE + "'");
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Destroys the filter.
|
||||
* <p/>
|
||||
* This implementation is a NOP.
|
||||
*/
|
||||
@Override
|
||||
public void destroy() {
|
||||
}
|
||||
|
||||
}
|
@ -60,6 +60,11 @@
|
||||
<filter-class>org.apache.hadoop.lib.servlet.HostnameFilter</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>checkUploadContentType</filter-name>
|
||||
<filter-class>org.apache.hadoop.fs.http.server.CheckUploadContentTypeFilter</filter-class>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>fsReleaseFilter</filter-name>
|
||||
<filter-class>org.apache.hadoop.fs.http.server.HttpFSReleaseFilter</filter-class>
|
||||
@ -80,6 +85,11 @@
|
||||
<url-pattern>*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>checkUploadContentType</filter-name>
|
||||
<url-pattern>*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>fsReleaseFilter</filter-name>
|
||||
<url-pattern>*</url-pattern>
|
||||
|
@ -0,0 +1,91 @@
|
||||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.apache.hadoop.fs.http.server;
|
||||
|
||||
import org.apache.hadoop.fs.http.client.HttpFSFileSystem;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
public class TestCheckUploadContentTypeFilter {
|
||||
|
||||
@Test
|
||||
public void putUpload() throws Exception {
|
||||
test("PUT", HttpFSFileSystem.PutOpValues.CREATE.toString(), "application/octet-stream", true, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void postUpload() throws Exception {
|
||||
test("POST", HttpFSFileSystem.PostOpValues.APPEND.toString(), "APPLICATION/OCTET-STREAM", true, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void putUploadWrong() throws Exception {
|
||||
test("PUT", HttpFSFileSystem.PutOpValues.CREATE.toString(), "plain/text", false, false);
|
||||
test("PUT", HttpFSFileSystem.PutOpValues.CREATE.toString(), "plain/text", true, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void postUploadWrong() throws Exception {
|
||||
test("POST", HttpFSFileSystem.PostOpValues.APPEND.toString(), "plain/text", false, false);
|
||||
test("POST", HttpFSFileSystem.PostOpValues.APPEND.toString(), "plain/text", true, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getOther() throws Exception {
|
||||
test("GET", HttpFSFileSystem.GetOpValues.GETHOMEDIR.toString(), "plain/text", false, false);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void putOther() throws Exception {
|
||||
test("PUT", HttpFSFileSystem.PutOpValues.MKDIRS.toString(), "plain/text", false, false);
|
||||
}
|
||||
|
||||
private void test(String method, String operation, String contentType,
|
||||
boolean upload, boolean error) throws Exception {
|
||||
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
|
||||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||
Mockito.reset(request);
|
||||
Mockito.when(request.getMethod()).thenReturn(method);
|
||||
Mockito.when(request.getParameter(HttpFSFileSystem.OP_PARAM)).thenReturn(operation);
|
||||
Mockito.when(request.getParameter(HttpFSParams.DataParam.NAME)).
|
||||
thenReturn(Boolean.toString(upload));
|
||||
Mockito.when(request.getContentType()).thenReturn(contentType);
|
||||
|
||||
FilterChain chain = Mockito.mock(FilterChain.class);
|
||||
|
||||
Filter filter = new CheckUploadContentTypeFilter();
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
|
||||
if (error) {
|
||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_BAD_REQUEST),
|
||||
Mockito.contains("Data upload"));
|
||||
}
|
||||
else {
|
||||
Mockito.verify(chain).doFilter(request, response);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
@ -185,6 +185,9 @@ Trunk (unreleased changes)
|
||||
HDFS-2657. TestHttpFSServer and TestServerWebApp are failing on trunk.
|
||||
(tucu)
|
||||
|
||||
HttpFS server should check that upload requests have correct
|
||||
content-type. (tucu)
|
||||
|
||||
Release 0.23.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
Loading…
Reference in New Issue
Block a user