HADOOP-10710. hadoop.auth cookie is not properly constructed according to RFC2109. (Juan Yu via tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1606925 13f79535-47bb-0310-9956-ffa450edef68
2014-06-30 20:42:40 +00:00 · 2014-06-30 20:42:40 +00:00 · 959f5ae65c
parent 905b8c0895
commit 959f5ae65c
4 changed files with 37 additions and 21 deletions
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
@ -425,14 +425,20 @@ public Principal getUserPrincipal() {
   *                cookie. It has no effect if its value < 0.
   *
   * XXX the following code duplicate some logic in Jetty / Servlet API,
-   * because of the fact that Hadoop is stuck at servlet 3.0 and jetty 6
+   * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
   * right now.
   */
  public static void createAuthCookie(HttpServletResponse resp, String token,
                                      String domain, String path, long expires,
                                      boolean isSecure) {
-    StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE).append
+    StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE)
-            ("=").append(token);
+                           .append("=");
    if (token != null && token.length() > 0) {
      sb.append("\"")
          .append(token)
          .append("\"");
    }
    sb.append("; Version=1");
    if (path != null) {
      sb.append("; Path=").append(path);
--- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
@ -531,21 +531,17 @@ public Object answer(InvocationOnMock invocation) throws Throwable {
  private static void parseCookieMap(String cookieHeader, HashMap<String,
          String> cookieMap) {
-    for (String pair : cookieHeader.split(";")) {
+    List<HttpCookie> cookies = HttpCookie.parse(cookieHeader);
-      String p = pair.trim();
+    for (HttpCookie cookie : cookies) {
-      int idx = p.indexOf('=');
+      if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) {
-      final String k, v;
+        cookieMap.put(cookie.getName(), cookie.getValue());
-      if (idx == -1) {
+        if (cookie.getPath() != null) {
-        k = p;
+          cookieMap.put("Path", cookie.getPath());
-        v = null;
+        }
-      } else if (idx == p.length()) {
+        if (cookie.getDomain() != null) {
-        k = p.substring(0, idx - 1);
+          cookieMap.put("Domain", cookie.getDomain());
-        v = null;
+        }
      } else {
        k = p.substring(0, idx);
        v = p.substring(idx + 1);
      }
      cookieMap.put(k, v);
    }
  }
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -307,6 +307,9 @@ Release 2.5.0 - UNRELEASED
    HADOOP-10715. Remove public GraphiteSink#setWriter (Babak Behzad via raviprak)
    HADOOP-10710. hadoop.auth cookie is not properly constructed according to 
    RFC2109. (Juan Yu via tucu)
 Release 2.4.1 - 2014-06-23 
  INCOMPATIBLE CHANGES
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpCookieFlag.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpCookieFlag.java
@ -36,6 +36,8 @@
 import java.net.URI;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.net.HttpCookie;
 import java.util.List;
 public class TestHttpCookieFlag {
  private static final String BASEDIR = System.getProperty("test.build.dir",
@ -116,8 +118,12 @@ public void testHttpCookie() throws IOException {
            .getConnectorAddress(0)));
    HttpURLConnection conn = (HttpURLConnection) new URL(base,
            "/echo").openConnection();
-    Assert.assertEquals(AuthenticatedURL.AUTH_COOKIE + "=token; " +
+
-            "HttpOnly", conn.getHeaderField("Set-Cookie"));
+    String header = conn.getHeaderField("Set-Cookie");
    List<HttpCookie> cookies = HttpCookie.parse(header);
    Assert.assertTrue(!cookies.isEmpty());
    Assert.assertTrue(header.contains("; HttpOnly"));
    Assert.assertTrue("token".equals(cookies.get(0).getValue()));
  }
  @Test
@ -127,8 +133,13 @@ public void testHttpsCookie() throws IOException, GeneralSecurityException {
    HttpsURLConnection conn = (HttpsURLConnection) new URL(base,
            "/echo").openConnection();
    conn.setSSLSocketFactory(clientSslFactory.createSSLSocketFactory());
-    Assert.assertEquals(AuthenticatedURL.AUTH_COOKIE + "=token; " +
+
-            "Secure; HttpOnly", conn.getHeaderField("Set-Cookie"));
+    String header = conn.getHeaderField("Set-Cookie");
    List<HttpCookie> cookies = HttpCookie.parse(header);
    Assert.assertTrue(!cookies.isEmpty());
    Assert.assertTrue(header.contains("; HttpOnly"));
    Assert.assertTrue(cookies.get(0).getSecure());
    Assert.assertTrue("token".equals(cookies.get(0).getValue()));
  }
  @AfterClass