HADOOP-8249. invalid hadoop-auth cookies should trigger authentication if info is avail before returning HTTP 401 (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1310235 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
31aee4aa2a
commit
90d9cab02e
@ -331,7 +331,14 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
|
|||||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||||
try {
|
try {
|
||||||
boolean newToken = false;
|
boolean newToken = false;
|
||||||
AuthenticationToken token = getToken(httpRequest);
|
AuthenticationToken token;
|
||||||
|
try {
|
||||||
|
token = getToken(httpRequest);
|
||||||
|
}
|
||||||
|
catch (AuthenticationException ex) {
|
||||||
|
LOG.warn("AuthenticationToken ignored: " + ex.getMessage());
|
||||||
|
token = null;
|
||||||
|
}
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
if (LOG.isDebugEnabled()) {
|
if (LOG.isDebugEnabled()) {
|
||||||
LOG.debug("Request [{}] triggering authentication", getRequestURL(httpRequest));
|
LOG.debug("Request [{}] triggering authentication", getRequestURL(httpRequest));
|
||||||
@ -371,6 +378,9 @@ public Principal getUserPrincipal() {
|
|||||||
}
|
}
|
||||||
filterChain.doFilter(httpRequest, httpResponse);
|
filterChain.doFilter(httpRequest, httpResponse);
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
throw new AuthenticationException("Missing AuthenticationToken");
|
||||||
|
}
|
||||||
} catch (AuthenticationException ex) {
|
} catch (AuthenticationException ex) {
|
||||||
if (!httpResponse.isCommitted()) {
|
if (!httpResponse.isCommitted()) {
|
||||||
Cookie cookie = createCookie("");
|
Cookie cookie = createCookie("");
|
||||||
|
@ -349,7 +349,7 @@ public Object answer(InvocationOnMock invocation) throws Throwable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void _testDoFilterAuthentication(boolean withDomainPath) throws Exception {
|
private void _testDoFilterAuthentication(boolean withDomainPath, boolean invalidToken) throws Exception {
|
||||||
AuthenticationFilter filter = new AuthenticationFilter();
|
AuthenticationFilter filter = new AuthenticationFilter();
|
||||||
try {
|
try {
|
||||||
FilterConfig config = Mockito.mock(FilterConfig.class);
|
FilterConfig config = Mockito.mock(FilterConfig.class);
|
||||||
@ -380,6 +380,12 @@ private void _testDoFilterAuthentication(boolean withDomainPath) throws Exceptio
|
|||||||
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
|
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
|
||||||
Mockito.when(request.getQueryString()).thenReturn("authenticated=true");
|
Mockito.when(request.getQueryString()).thenReturn("authenticated=true");
|
||||||
|
|
||||||
|
if (invalidToken) {
|
||||||
|
Mockito.when(request.getCookies()).thenReturn(
|
||||||
|
new Cookie[] { new Cookie(AuthenticatedURL.AUTH_COOKIE, "foo")}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
|
||||||
|
|
||||||
FilterChain chain = Mockito.mock(FilterChain.class);
|
FilterChain chain = Mockito.mock(FilterChain.class);
|
||||||
@ -437,11 +443,15 @@ public Object answer(InvocationOnMock invocation) throws Throwable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void testDoFilterAuthentication() throws Exception {
|
public void testDoFilterAuthentication() throws Exception {
|
||||||
_testDoFilterAuthentication(false);
|
_testDoFilterAuthentication(false, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testDoFilterAuthenticationWithInvalidToken() throws Exception {
|
||||||
|
_testDoFilterAuthentication(false, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testDoFilterAuthenticationWithDomainPath() throws Exception {
|
public void testDoFilterAuthenticationWithDomainPath() throws Exception {
|
||||||
_testDoFilterAuthentication(true);
|
_testDoFilterAuthentication(true, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testDoFilterAuthenticated() throws Exception {
|
public void testDoFilterAuthenticated() throws Exception {
|
||||||
|
@ -332,6 +332,9 @@ Release 2.0.0 - UNRELEASED
|
|||||||
|
|
||||||
HADOOP-8251. Fix SecurityUtil.fetchServiceTicket after HADOOP-6941 (todd)
|
HADOOP-8251. Fix SecurityUtil.fetchServiceTicket after HADOOP-6941 (todd)
|
||||||
|
|
||||||
|
HADOOP-8249. invalid hadoop-auth cookies should trigger authentication
|
||||||
|
if info is avail before returning HTTP 401 (tucu)
|
||||||
|
|
||||||
BREAKDOWN OF HADOOP-7454 SUBTASKS
|
BREAKDOWN OF HADOOP-7454 SUBTASKS
|
||||||
|
|
||||||
HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh)
|
HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh)
|
||||||
|
Loading…
Reference in New Issue
Block a user