Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-10710. hadoop.auth cookie is not properly constructed according to RFC2109. (Juan Yu via tucu) 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1606925 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2014-06-30 20:42:40 +00:00
parent 905b8c0895
commit 959f5ae65c
4 changed files with 37 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
View File

@ -425,14 +425,20 @@ public class AuthenticationFilter implements Filter {
* cookie. It has no effect if its value < 0. * cookie. It has no effect if its value < 0.
* *
* XXX the following code duplicate some logic in Jetty / Servlet API, * XXX the following code duplicate some logic in Jetty / Servlet API,
* because of the fact that Hadoop is stuck at servlet 3.0 and jetty 6 * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6
* right now. * right now.
*/ */
public static void createAuthCookie(HttpServletResponse resp, String token, public static void createAuthCookie(HttpServletResponse resp, String token,
String domain, String path, long expires, String domain, String path, long expires,
boolean isSecure) { boolean isSecure) {
StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE).append StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE)
("=").append(token); .append("=");
if (token != null && token.length() > 0) {
sb.append("\"")
.append(token)
.append("\"");
}
sb.append("; Version=1");
if (path != null) { if (path != null) {
sb.append("; Path=").append(path); sb.append("; Path=").append(path);

24
hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
View File

@ -531,21 +531,17 @@ public class TestAuthenticationFilter {
private static void parseCookieMap(String cookieHeader, HashMap<String, private static void parseCookieMap(String cookieHeader, HashMap<String,
String> cookieMap) { String> cookieMap) {
for (String pair : cookieHeader.split(";")) { List<HttpCookie> cookies = HttpCookie.parse(cookieHeader);
String p = pair.trim(); for (HttpCookie cookie : cookies) {
int idx = p.indexOf('='); if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) {
final String k, v; cookieMap.put(cookie.getName(), cookie.getValue());
if (idx == -1) { if (cookie.getPath() != null) {
k = p; cookieMap.put("Path", cookie.getPath());
v = null; }
} else if (idx == p.length()) { if (cookie.getDomain() != null) {
k = p.substring(0, idx - 1); cookieMap.put("Domain", cookie.getDomain());
v = null; }
} else {
k = p.substring(0, idx);
v = p.substring(idx + 1);
} }
cookieMap.put(k, v);
} }
} }

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -307,6 +307,9 @@ Release 2.5.0 - UNRELEASED
HADOOP-10715. Remove public GraphiteSink#setWriter (Babak Behzad via raviprak) HADOOP-10715. Remove public GraphiteSink#setWriter (Babak Behzad via raviprak)
HADOOP-10710. hadoop.auth cookie is not properly constructed according to
RFC2109. (Juan Yu via tucu)
Release 2.4.1 - 2014-06-23 Release 2.4.1 - 2014-06-23
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

19
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpCookieFlag.java
View File

@ -36,6 +36,8 @@ import java.net.MalformedURLException;
import java.net.URI; import java.net.URI;
import java.net.URL; import java.net.URL;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.net.HttpCookie;
import java.util.List;
public class TestHttpCookieFlag { public class TestHttpCookieFlag {
private static final String BASEDIR = System.getProperty("test.build.dir", private static final String BASEDIR = System.getProperty("test.build.dir",
@ -116,8 +118,12 @@ public class TestHttpCookieFlag {
.getConnectorAddress(0))); .getConnectorAddress(0)));
HttpURLConnection conn = (HttpURLConnection) new URL(base, HttpURLConnection conn = (HttpURLConnection) new URL(base,
"/echo").openConnection(); "/echo").openConnection();
Assert.assertEquals(AuthenticatedURL.AUTH_COOKIE + "=token; " +
"HttpOnly", conn.getHeaderField("Set-Cookie")); String header = conn.getHeaderField("Set-Cookie");
List<HttpCookie> cookies = HttpCookie.parse(header);
Assert.assertTrue(!cookies.isEmpty());
Assert.assertTrue(header.contains("; HttpOnly"));
Assert.assertTrue("token".equals(cookies.get(0).getValue()));
} }
@Test @Test
@ -127,8 +133,13 @@ public class TestHttpCookieFlag {
HttpsURLConnection conn = (HttpsURLConnection) new URL(base, HttpsURLConnection conn = (HttpsURLConnection) new URL(base,
"/echo").openConnection(); "/echo").openConnection();
conn.setSSLSocketFactory(clientSslFactory.createSSLSocketFactory()); conn.setSSLSocketFactory(clientSslFactory.createSSLSocketFactory());
Assert.assertEquals(AuthenticatedURL.AUTH_COOKIE + "=token; " +
"Secure; HttpOnly", conn.getHeaderField("Set-Cookie")); String header = conn.getHeaderField("Set-Cookie");
List<HttpCookie> cookies = HttpCookie.parse(header);
Assert.assertTrue(!cookies.isEmpty());
Assert.assertTrue(header.contains("; HttpOnly"));
Assert.assertTrue(cookies.get(0).getSecure());
Assert.assertTrue("token".equals(cookies.get(0).getValue()));
} }
@AfterClass @AfterClass