HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2
(Contributed by Haibo Yan via Daniel Templeton)
Change-Id: I28edde8125dd20d8d270f0e609d1c04d8173c8b7
(cherry picked from commit cba3194998
)
This commit is contained in:
parent
58b5b3aa75
commit
09fd1348e8
|
@ -1415,8 +1415,11 @@ public final class HttpServer2 implements FilterContainer {
|
|||
|
||||
if (servletContext.getAttribute(ADMINS_ACL) != null &&
|
||||
!userHasAdministratorAccess(servletContext, remoteUser)) {
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
|
||||
+ remoteUser + " is unauthorized to access this page.");
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||
"Unauthenticated users are not " +
|
||||
"authorized to access this page.");
|
||||
LOG.warn("User " + remoteUser + " is unauthorized to access the page "
|
||||
+ request.getRequestURI() + ".");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue