diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index e34c1fb6b59..ac1dcb7193d 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -186,6 +186,9 @@ Release 2.5.0 - UNRELEASED YARN-2117. Fixed the issue that secret file reader is potentially not closed in TimelineAuthenticationFilterInitializer. (Chen He via zjshen) + YARN-2121. Fixed NPE handling in Timeline Server's TimelineAuthenticator. + (Zhijie Shen via vinodkv) + Release 2.4.1 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java index f4f1507a4f2..25333c7551b 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java @@ -35,13 +35,15 @@ import org.apache.hadoop.security.authentication.client.Authenticator; import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.yarn.api.records.timeline.TimelineDelegationTokenResponse; +import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts; import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier; import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenOperation; -import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts; import org.apache.hadoop.yarn.webapp.YarnJacksonJaxbJsonProvider; import org.codehaus.jackson.JsonNode; import org.codehaus.jackson.map.ObjectMapper; +import com.google.common.annotations.VisibleForTesting; + /** * A KerberosAuthenticator subclass that fallback to * {@link TimelineAuthenticationConsts}. @@ -77,9 +79,15 @@ public class TimelineAuthenticator extends KerberosAuthenticator { } } - private boolean hasDelegationToken(URL url) { - return url.getQuery().contains( - TimelineAuthenticationConsts.DELEGATION_PARAM + "="); + @Private + @VisibleForTesting + boolean hasDelegationToken(URL url) { + if (url.getQuery() == null) { + return false; + } else { + return url.getQuery().contains( + TimelineAuthenticationConsts.DELEGATION_PARAM + "="); + } } @Override diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java new file mode 100644 index 00000000000..19aaa88533f --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java @@ -0,0 +1,40 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.yarn.client.api.impl; + +import java.net.URL; + +import org.junit.Assert; +import org.junit.Test; + +public class TestTimelineAuthenticator { + + @Test + public void testHasDelegationTokens() throws Exception { + TimelineAuthenticator authenticator = new TimelineAuthenticator(); + Assert.assertFalse(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource"))); + Assert.assertFalse(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource?other=xxxx"))); + Assert.assertTrue(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource?delegation=yyyy"))); + Assert.assertTrue(authenticator.hasDelegationToken(new URL( + "http://localhost:8/resource?other=xxxx&delegation=yyyy"))); + } +}