diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java index abbf37949c..cbe923be8e 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java @@ -233,10 +233,15 @@ protected String constructLoginURL(HttpServletRequest request) { } String loginURL = authenticationProviderUrl + delimiter + ORIGINAL_URL_QUERY_PARAM - + request.getRequestURL().toString(); + + request.getRequestURL().toString() + getOriginalQueryString(request); return loginURL; } + private String getOriginalQueryString(HttpServletRequest request) { + String originalQueryString = request.getQueryString(); + return (originalQueryString == null) ? "" : "?" + originalQueryString; + } + /** * This method provides a single method for validating the JWT for use in * request processing. It provides for the override of specific aspects of diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java index 4ac95354de..019ecb416c 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java @@ -356,6 +356,40 @@ public void testValidJWT() throws Exception { } } + @Test + public void testOrigURLWithQueryString() throws Exception { + handler.setPublicKey(publicKey); + + Properties props = getProperties(); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Mockito.when(request.getRequestURL()).thenReturn( + new StringBuffer(SERVICE_URL)); + Mockito.when(request.getQueryString()).thenReturn("name=value"); + + String loginURL = ((TestJWTRedirectAuthenticationHandler)handler).testConstructLoginURL(request); + Assert.assertNotNull("loginURL should not be null.", loginURL); + Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL + "?name=value", loginURL); + } + + @Test + public void testOrigURLNoQueryString() throws Exception { + handler.setPublicKey(publicKey); + + Properties props = getProperties(); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Mockito.when(request.getRequestURL()).thenReturn( + new StringBuffer(SERVICE_URL)); + Mockito.when(request.getQueryString()).thenReturn(null); + + String loginURL = ((TestJWTRedirectAuthenticationHandler)handler).testConstructLoginURL(request); + Assert.assertNotNull("LoginURL should not be null.", loginURL); + Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL, loginURL); + } + @Before public void setup() throws Exception, NoSuchAlgorithmException { setupKerberosRequirements(); @@ -367,7 +401,7 @@ public void setup() throws Exception, NoSuchAlgorithmException { publicKey = (RSAPublicKey) kp.getPublic(); privateKey = (RSAPrivateKey) kp.getPrivate(); - handler = new JWTRedirectAuthenticationHandler(); + handler = new TestJWTRedirectAuthenticationHandler(); } protected void setupKerberosRequirements() throws Exception { @@ -415,4 +449,10 @@ protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) return signedJWT; } + + class TestJWTRedirectAuthenticationHandler extends JWTRedirectAuthenticationHandler { + public String testConstructLoginURL(HttpServletRequest req) { + return constructLoginURL(req); + } + }; } diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 4d0f8dc805..2f2ce6bd9f 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -891,6 +891,9 @@ Release 2.8.0 - UNRELEASED HADOOP-10775. Shell operations to fail with meaningful errors on windows if winutils.exe not found. (stevel) + HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original Query + String (Larry McCay via cnauroth) + OPTIMIZATIONS HADOOP-11785. Reduce the number of listStatus operation in distcp