diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 8d03b01f262..f228d7e3af6 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -457,6 +457,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11085. Excessive logging by org.apache.hadoop.util.Progress when value is NaN (Mit Desai via jlowe) + HADOOP-11083. After refactoring of HTTP proxyuser to common, doAs param is + case sensitive. (tucu) + Release 2.5.1 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java index 37474e9ae16..64a562254b7 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java @@ -188,7 +188,8 @@ public class DelegationTokenAuthenticationFilter UTF8_CHARSET); if (list != null) { for (NameValuePair nv : list) { - if (DelegationTokenAuthenticatedURL.DO_AS.equals(nv.getName())) { + if (DelegationTokenAuthenticatedURL.DO_AS. + equalsIgnoreCase(nv.getName())) { return nv.getValue(); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java index 118abff2a56..189a334ce25 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java @@ -795,6 +795,23 @@ public class TestWebDelegationToken { jetty.start(); final URL url = new URL(getJettyURL() + "/foo/bar"); + // proxyuser using raw HTTP, verifying doAs is case insensitive + String strUrl = String.format("%s?user.name=%s&doas=%s", + url.toExternalForm(), FOO_USER, OK_USER); + HttpURLConnection conn = + (HttpURLConnection) new URL(strUrl).openConnection(); + Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + List ret = IOUtils.readLines(conn.getInputStream()); + Assert.assertEquals(1, ret.size()); + Assert.assertEquals(OK_USER, ret.get(0)); + strUrl = String.format("%s?user.name=%s&DOAS=%s", url.toExternalForm(), + FOO_USER, OK_USER); + conn = (HttpURLConnection) new URL(strUrl).openConnection(); + Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + ret = IOUtils.readLines(conn.getInputStream()); + Assert.assertEquals(1, ret.size()); + Assert.assertEquals(OK_USER, ret.get(0)); + UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER); ugi.doAs(new PrivilegedExceptionAction() { @Override