From 2924de58ce8cdb59dc0f492458db5209e972abd7 Mon Sep 17 00:00:00 2001 From: Alejandro Abdelnur Date: Thu, 11 Sep 2014 13:53:31 -0700 Subject: [PATCH] HADOOP-11083. After refactoring of HTTP proxyuser to common, doAs param is case sensitive. (tucu) --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../DelegationTokenAuthenticationFilter.java | 3 ++- .../delegation/web/TestWebDelegationToken.java | 17 +++++++++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 8d03b01f262..f228d7e3af6 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -457,6 +457,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11085. Excessive logging by org.apache.hadoop.util.Progress when value is NaN (Mit Desai via jlowe) + HADOOP-11083. After refactoring of HTTP proxyuser to common, doAs param is + case sensitive. (tucu) + Release 2.5.1 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java index 37474e9ae16..64a562254b7 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java @@ -188,7 +188,8 @@ public class DelegationTokenAuthenticationFilter UTF8_CHARSET); if (list != null) { for (NameValuePair nv : list) { - if (DelegationTokenAuthenticatedURL.DO_AS.equals(nv.getName())) { + if (DelegationTokenAuthenticatedURL.DO_AS. + equalsIgnoreCase(nv.getName())) { return nv.getValue(); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java index 118abff2a56..189a334ce25 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java @@ -795,6 +795,23 @@ public class TestWebDelegationToken { jetty.start(); final URL url = new URL(getJettyURL() + "/foo/bar"); + // proxyuser using raw HTTP, verifying doAs is case insensitive + String strUrl = String.format("%s?user.name=%s&doas=%s", + url.toExternalForm(), FOO_USER, OK_USER); + HttpURLConnection conn = + (HttpURLConnection) new URL(strUrl).openConnection(); + Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + List ret = IOUtils.readLines(conn.getInputStream()); + Assert.assertEquals(1, ret.size()); + Assert.assertEquals(OK_USER, ret.get(0)); + strUrl = String.format("%s?user.name=%s&DOAS=%s", url.toExternalForm(), + FOO_USER, OK_USER); + conn = (HttpURLConnection) new URL(strUrl).openConnection(); + Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + ret = IOUtils.readLines(conn.getInputStream()); + Assert.assertEquals(1, ret.size()); + Assert.assertEquals(OK_USER, ret.get(0)); + UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER); ugi.doAs(new PrivilegedExceptionAction() { @Override