From 545a556883ab8f126f72efeeeed29265974feaf8 Mon Sep 17 00:00:00 2001 From: Takanobu Asanuma Date: Thu, 27 Oct 2022 14:39:01 +0900 Subject: [PATCH] HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079) Reviewed-by: Ashutosh Gupta Reviewed-by: Tao Li --- .../common/HostRestrictingAuthorizationFilter.java | 5 ++--- .../TestHostRestrictingAuthorizationFilter.java | 13 ++++--------- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java index 0308e55e4cf..afed1e9e6e7 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java @@ -226,9 +226,8 @@ public class HostRestrictingAuthorizationFilter implements Filter { final String query = interaction.getQueryString(); final String uri = interaction.getRequestURI(); if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) { - LOG.trace("Rejecting interaction; wrong URI: {}", uri); - interaction.sendError(HttpServletResponse.SC_NOT_FOUND, - "The request URI must start with " + WebHdfsFileSystem.PATH_PREFIX); + LOG.trace("Proceeding with interaction since the request doesn't access WebHDFS API"); + interaction.proceed(); return; } final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length()); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java index 34bc616e540..503c4170c46 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java @@ -244,14 +244,13 @@ public class TestHostRestrictingAuthorizationFilter { } /** - * Test acceptable behavior to malformed requests - * Case: the request URI does not start with "/webhdfs/v1" + * A request that don't access WebHDFS API should pass through. */ @Test - public void testInvalidURI() throws Exception { + public void testNotWebhdfsAPIRequest() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); Mockito.when(request.getMethod()).thenReturn("GET"); - Mockito.when(request.getRequestURI()).thenReturn("/InvalidURI"); + Mockito.when(request.getRequestURI()).thenReturn("/conf"); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Filter filter = new HostRestrictingAuthorizationFilter(); @@ -260,11 +259,7 @@ public class TestHostRestrictingAuthorizationFilter { FilterConfig fc = new DummyFilterConfig(configs); filter.init(fc); - filter.doFilter(request, response, - (servletRequest, servletResponse) -> {}); - Mockito.verify(response, Mockito.times(1)) - .sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND), - Mockito.anyString()); + filter.doFilter(request, response, (servletRequest, servletResponse) -> {}); filter.destroy(); }