YARN-2121. Fixed NPE handling in Timeline Server's TimelineAuthenticator. Contributed by Zhijie Shen.

svn merge --ignore-ancestry -c 1601000 ../../trunk/


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1601001 13f79535-47bb-0310-9956-ffa450edef68

hadoop-yarn-project/CHANGES.txt

@@ -186,6 +186,9 @@ Release 2.5.0 - UNRELEASED
     YARN-2117. Fixed the issue that secret file reader is potentially not
     closed in TimelineAuthenticationFilterInitializer. (Chen He via zjshen)
 
+    YARN-2121. Fixed NPE handling in Timeline Server's TimelineAuthenticator.
+    (Zhijie Shen via vinodkv)
+
 Release 2.4.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineAuthenticator.java

@@ -35,13 +35,15 @@ import org.apache.hadoop.security.authentication.client.Authenticator;
 import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.yarn.api.records.timeline.TimelineDelegationTokenResponse;
+import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts;
 import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;
 import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenOperation;
-import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts;
 import org.apache.hadoop.yarn.webapp.YarnJacksonJaxbJsonProvider;
 import org.codehaus.jackson.JsonNode;
 import org.codehaus.jackson.map.ObjectMapper;
 
+import com.google.common.annotations.VisibleForTesting;
+
 /**
  * A <code>KerberosAuthenticator</code> subclass that fallback to
  * {@link TimelineAuthenticationConsts}.
@@ -77,9 +79,15 @@ public class TimelineAuthenticator extends KerberosAuthenticator {
     }
   }
 
-  private boolean hasDelegationToken(URL url) {
+  @Private
-    return url.getQuery().contains(
+  @VisibleForTesting
-        TimelineAuthenticationConsts.DELEGATION_PARAM + "=");
+  boolean hasDelegationToken(URL url) {
+    if (url.getQuery() == null) {
+      return false;
+    } else {
+      return url.getQuery().contains(
+          TimelineAuthenticationConsts.DELEGATION_PARAM + "=");
+    }
   }
 
   @Override

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/test/java/org/apache/hadoop/yarn/client/api/impl/TestTimelineAuthenticator.java

@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.yarn.client.api.impl;
+
+import java.net.URL;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestTimelineAuthenticator {
+
+  @Test
+  public void testHasDelegationTokens() throws Exception {
+    TimelineAuthenticator authenticator = new TimelineAuthenticator();
+    Assert.assertFalse(authenticator.hasDelegationToken(new URL(
+        "http://localhost:8/resource")));
+    Assert.assertFalse(authenticator.hasDelegationToken(new URL(
+        "http://localhost:8/resource?other=xxxx")));
+    Assert.assertTrue(authenticator.hasDelegationToken(new URL(
+        "http://localhost:8/resource?delegation=yyyy")));
+    Assert.assertTrue(authenticator.hasDelegationToken(new URL(
+        "http://localhost:8/resource?other=xxxx&delegation=yyyy")));
+  }
+}