From 825365d1d0e22d2021208371dcb313c927f51ce3 Mon Sep 17 00:00:00 2001 From: Vinod Kumar Vavilapalli Date: Fri, 6 Jun 2014 20:32:43 +0000 Subject: [PATCH] YARN-2121. Fixed NPE handling in Timeline Server's TimelineAuthenticator. Contributed by Zhijie Shen. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1601000 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-yarn-project/CHANGES.txt | 3 ++ .../api/impl/TimelineAuthenticator.java | 16 ++++++-- .../api/impl/TestTimelineAuthenticator.java | 40 +++++++++++++++++++ 3 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index 1ec1d926d2..f32978745e 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -201,6 +201,9 @@ Release 2.5.0 - UNRELEASED YARN-2117. Fixed the issue that secret file reader is potentially not closed in TimelineAuthenticationFilterInitializer. (Chen He via zjshen) + YARN-2121. Fixed NPE handling in Timeline Server's TimelineAuthenticator. + (Zhijie Shen via vinodkv) + Release 2.4.1 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java index f4f1507a4f..25333c7551 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java @@ -35,13 +35,15 @@ import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.yarn.api.records.timeline.TimelineDelegationTokenResponse; +import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts; import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier; import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenOperation; -import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts; import org.apache.hadoop.yarn.webapp.YarnJacksonJaxbJsonProvider; import org.codehaus.jackson.JsonNode; import org.codehaus.jackson.map.ObjectMapper; +import com.google.common.annotations.VisibleForTesting; + /** * A KerberosAuthenticator subclass that fallback to * {@link TimelineAuthenticationConsts}. @@ -77,9 +79,15 @@ public static void injectDelegationToken(Map params, } } - private boolean hasDelegationToken(URL url) { - return url.getQuery().contains( - TimelineAuthenticationConsts.DELEGATION_PARAM + "="); + @Private + @VisibleForTesting + boolean hasDelegationToken(URL url) { + if (url.getQuery() == null) { + return false; + } else { + return url.getQuery().contains( + TimelineAuthenticationConsts.DELEGATION_PARAM + "="); + } } @Override diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java new file mode 100644 index 0000000000..19aaa88533 --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java @@ -0,0 +1,40 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.client.api.impl; + +import java.net.URL; + +import org.junit.Assert; +import org.junit.Test; + +public class TestTimelineAuthenticator { + + @Test + public void testHasDelegationTokens() throws Exception { + TimelineAuthenticator authenticator = new TimelineAuthenticator(); + Assert.assertFalse(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource"))); + Assert.assertFalse(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource?other=xxxx"))); + Assert.assertTrue(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource?delegation=yyyy"))); + Assert.assertTrue(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource?other=xxxx&delegation=yyyy"))); + } +}