YARN-2512. Allowed pattern matching for origins in CrossOriginFilter. Contributed by Jonathan Eagles.

(cherry picked from commit a092cdf32d)
2014-09-07 17:49:06 -07:00 · 2014-09-07 17:49:06 -07:00 · f2a5a5d4aa
parent b87d1d7d0a
commit f2a5a5d4aa
3 changed files with 42 additions and 2 deletions
--- a/hadoop-yarn-project/CHANGES.txt
+++ b/hadoop-yarn-project/CHANGES.txt
@ -161,6 +161,9 @@ Release 2.6.0 - UNRELEASED
    YARN-2508. Cross Origin configuration parameters prefix are not honored
    (Mit Desai via jeagles)

+    YARN-2512. Allowed pattern matching for origins in CrossOriginFilter.
+    (Jonathan Eagles via zjshen)
+
  OPTIMIZATIONS

  BUG FIXES
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java
@ -24,6 +24,8 @@ import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;

 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@ -204,7 +206,23 @@ public class CrossOriginFilter implements Filter {

  @VisibleForTesting
  boolean isOriginAllowed(String origin) {
-    return allowAllOrigins || allowedOrigins.contains(origin);
+    if (allowAllOrigins) {
+      return true;
+    }
+
+    for (String allowedOrigin : allowedOrigins) {
+      if (allowedOrigin.contains("*")) {
+        String regex = allowedOrigin.replace(".", "\\.").replace("*", ".*");
+        Pattern p = Pattern.compile(regex);
+        Matcher m = p.matcher(origin);
+        if (m.matches()) {
+          return true;
+        }
+      } else if (allowedOrigin.equals(origin)) {
+        return true;
+      }
+    }
+    return false;
  }

  private boolean areHeadersAllowed(String accessControlRequestHeaders) {
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java
@ -77,7 +77,26 @@ public class TestCrossOriginFilter {
    // Object under test
    CrossOriginFilter filter = new CrossOriginFilter();
    filter.init(filterConfig);
-    Assert.assertTrue(filter.isOriginAllowed("example.org"));
+    Assert.assertTrue(filter.isOriginAllowed("example.com"));
+  }
+
+  @Test
+  public void testPatternMatchingOrigins() throws ServletException, IOException {
+
+    // Setup the configuration settings of the server
+    Map<String, String> conf = new HashMap<String, String>();
+    conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*.example.com");
+    FilterConfig filterConfig = new FilterConfigTest(conf);
+
+    // Object under test
+    CrossOriginFilter filter = new CrossOriginFilter();
+    filter.init(filterConfig);
+
+    // match multiple sub-domains
+    Assert.assertFalse(filter.isOriginAllowed("example.com"));
+    Assert.assertFalse(filter.isOriginAllowed("foo:example.com"));
+    Assert.assertTrue(filter.isOriginAllowed("foo.example.com"));
+    Assert.assertTrue(filter.isOriginAllowed("foo.bar.example.com"));
  }

  @Test