You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by GitBox <gi...@apache.org> on 2022/05/11 07:44:23 UTC
[GitHub] [hadoop] jacktheone opened a new pull request, #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
jacktheone opened a new pull request, #4300:
URL: https://github.com/apache/hadoop/pull/4300
### Description of PR
According to RFC-2616 HTTP Headers are case-insensitive. There are proxies / load balancers (e.g.: newer versions of HA-proxy) which deliberately make some of the HTTP headers lower-case results in an authentication / authorization failure inside the Hadoop codebase.
This patch is responsible for resolving the authentication issue.
### How was this patch tested?
Tested on our test cluster where we could reproduce the original issue.
I also ran the corresponding old and new unit tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] jojochuang commented on a diff in pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
Posted by GitBox <gi...@apache.org>.
jojochuang commented on code in PR #4300:
URL: https://github.com/apache/hadoop/pull/4300#discussion_r870878212
##########
hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java:
##########
@@ -248,4 +255,86 @@ public void testWrapExceptionWithMessage() {
Assert.assertTrue(ex.equals(ex2));
}
+ @Test(timeout = 60000)
+ public void testNegotiate() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)).
+ thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField("www-authenticate"))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testReadToken() throws NoSuchMethodException, IOException, IllegalAccessException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+ FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
+
+ Base64 base64 = new Base64();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE + " " +
+ Arrays.toString(base64.encode("foobar".getBytes())));
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("readToken",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ try {
+ method.invoke(kerberosAuthenticator, conn);
+ } catch (Exception e) {
+ Assert.fail("readToken() method should not have thrown any exception" + e);
+ }
Review Comment:
```suggestion
method.invoke(kerberosAuthenticator, conn);
```
If exception is not expected, just let it throw and fail.
##########
hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java:
##########
@@ -248,4 +255,86 @@ public void testWrapExceptionWithMessage() {
Assert.assertTrue(ex.equals(ex2));
}
+ @Test(timeout = 60000)
+ public void testNegotiate() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)).
+ thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField("www-authenticate"))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testReadToken() throws NoSuchMethodException, IOException, IllegalAccessException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+ FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
+
+ Base64 base64 = new Base64();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE + " " +
+ Arrays.toString(base64.encode("foobar".getBytes())));
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("readToken",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ try {
+ method.invoke(kerberosAuthenticator, conn);
+ } catch (Exception e) {
+ Assert.fail("readToken() method should not have thrown any exception" + e);
+ }
+ }
+
+ @Test(timeout = 60000)
+ public void testReadTokenLowerCase() throws NoSuchMethodException, IOException,
+ IllegalAccessException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+ FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
+
+ Base64 base64 = new Base64();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+ Mockito.when(conn.getHeaderField("www-authenticate"))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE +
+ Arrays.toString(base64.encode("foobar".getBytes())));
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("readToken",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ try {
+ method.invoke(kerberosAuthenticator, conn);
+ } catch (Exception e) {
+ Assert.fail("readToken() method should not have thrown any exception" + e);
+ }
Review Comment:
here, too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on PR #4300:
URL: https://github.com/apache/hadoop/pull/4300#issuecomment-1123592387
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 0m 46s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | | No case conflicting files found. |
| +0 :ok: | codespell | 0m 0s | | codespell was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain any @author tags. |
| +1 :green_heart: | test4tests | 0m 0s | | The patch appears to include 3 new or modified test files. |
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 15m 42s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 27m 44s | | trunk passed |
| +1 :green_heart: | compile | 24m 32s | | trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | compile | 22m 41s | | trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | checkstyle | 1m 24s | | trunk passed |
| +1 :green_heart: | mvnsite | 1m 25s | | trunk passed |
| +1 :green_heart: | javadoc | 1m 26s | | trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 1m 15s | | trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | spotbugs | 1m 51s | | trunk passed |
| +1 :green_heart: | shadedclient | 22m 45s | | branch has no errors when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 28s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 0m 40s | | the patch passed |
| +1 :green_heart: | compile | 25m 21s | | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| -1 :x: | javac | 25m 21s | [/results-compile-javac-root-jdkPrivateBuild-11.0.15+10-Ubuntu-0ubuntu0.20.04.1.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/1/artifact/out/results-compile-javac-root-jdkPrivateBuild-11.0.15+10-Ubuntu-0ubuntu0.20.04.1.txt) | root-jdkPrivateBuild-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 generated 1 new + 1808 unchanged - 1 fixed = 1809 total (was 1809) |
| +1 :green_heart: | compile | 22m 26s | | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| -1 :x: | javac | 22m 26s | [/results-compile-javac-root-jdkPrivateBuild-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/1/artifact/out/results-compile-javac-root-jdkPrivateBuild-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07.txt) | root-jdkPrivateBuild-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 generated 1 new + 1684 unchanged - 1 fixed = 1685 total (was 1685) |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks issues. |
| -0 :warning: | checkstyle | 1m 9s | [/results-checkstyle-hadoop-common-project.txt](https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/1/artifact/out/results-checkstyle-hadoop-common-project.txt) | hadoop-common-project: The patch generated 12 new + 127 unchanged - 0 fixed = 139 total (was 127) |
| +1 :green_heart: | mvnsite | 1m 7s | | the patch passed |
| +1 :green_heart: | javadoc | 1m 12s | | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 1m 8s | | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | spotbugs | 2m 5s | | the patch passed |
| +1 :green_heart: | shadedclient | 23m 16s | | patch has no errors when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | unit | 3m 40s | | hadoop-auth in the patch passed. |
| +1 :green_heart: | unit | 0m 38s | | hadoop-auth-examples in the patch passed. |
| +1 :green_heart: | asflicense | 1m 3s | | The patch does not generate ASF License warnings. |
| | | 209m 50s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/1/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/4300 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell |
| uname | Linux 484bda9cadc9 4.15.0-169-generic #177-Ubuntu SMP Thu Feb 3 10:50:38 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / 7ec2ef8f21dfdfd0912c5887a5c7e3ea1a111ce8 |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/1/testReport/ |
| Max. process+thread count | 674 (vs. ulimit of 5500) |
| modules | C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-auth-examples U: hadoop-common-project |
| Console output | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/1/console |
| versions | git=2.25.1 maven=3.6.3 spotbugs=4.2.2 |
| Powered by | Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] 9uapaw closed pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
Posted by GitBox <gi...@apache.org>.
9uapaw closed pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
URL: https://github.com/apache/hadoop/pull/4300
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on PR #4300:
URL: https://github.com/apache/hadoop/pull/4300#issuecomment-1124934583
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 0m 54s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | | No case conflicting files found. |
| +0 :ok: | codespell | 0m 1s | | codespell was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain any @author tags. |
| +1 :green_heart: | test4tests | 0m 0s | | The patch appears to include 3 new or modified test files. |
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 16m 15s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 27m 40s | | trunk passed |
| +1 :green_heart: | compile | 26m 9s | | trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | compile | 22m 16s | | trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | checkstyle | 1m 25s | | trunk passed |
| +1 :green_heart: | mvnsite | 1m 23s | | trunk passed |
| +1 :green_heart: | javadoc | 1m 22s | | trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 1m 13s | | trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | spotbugs | 1m 53s | | trunk passed |
| +1 :green_heart: | shadedclient | 22m 34s | | branch has no errors when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 28s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 0m 40s | | the patch passed |
| +1 :green_heart: | compile | 26m 54s | | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javac | 26m 54s | | the patch passed |
| +1 :green_heart: | compile | 21m 34s | | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javac | 21m 34s | | the patch passed |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks issues. |
| +1 :green_heart: | checkstyle | 1m 12s | | the patch passed |
| +1 :green_heart: | mvnsite | 1m 15s | | the patch passed |
| +1 :green_heart: | javadoc | 1m 12s | | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 1m 17s | | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | spotbugs | 2m 3s | | the patch passed |
| +1 :green_heart: | shadedclient | 20m 36s | | patch has no errors when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | unit | 3m 24s | | hadoop-auth in the patch passed. |
| +1 :green_heart: | unit | 0m 37s | | hadoop-auth-examples in the patch passed. |
| +1 :green_heart: | asflicense | 0m 58s | | The patch does not generate ASF License warnings. |
| | | 209m 7s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/3/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/4300 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell |
| uname | Linux 1985903a5634 4.15.0-169-generic #177-Ubuntu SMP Thu Feb 3 10:50:38 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / 1d827ad4de58e9bf8f7367e9cf0ecdb14888be05 |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/3/testReport/ |
| Max. process+thread count | 673 (vs. ulimit of 5500) |
| modules | C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-auth-examples U: hadoop-common-project |
| Console output | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/3/console |
| versions | git=2.25.1 maven=3.6.3 spotbugs=4.2.2 |
| Powered by | Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] hadoop-yetus commented on pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
Posted by GitBox <gi...@apache.org>.
hadoop-yetus commented on PR #4300:
URL: https://github.com/apache/hadoop/pull/4300#issuecomment-1123974365
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Logfile | Comment |
|:----:|----------:|--------:|:--------:|:-------:|
| +0 :ok: | reexec | 0m 41s | | Docker mode activated. |
|||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 1s | | No case conflicting files found. |
| +0 :ok: | codespell | 0m 0s | | codespell was not available. |
| +1 :green_heart: | @author | 0m 0s | | The patch does not contain any @author tags. |
| +1 :green_heart: | test4tests | 0m 0s | | The patch appears to include 3 new or modified test files. |
|||| _ trunk Compile Tests _ |
| +0 :ok: | mvndep | 15m 52s | | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 25m 33s | | trunk passed |
| +1 :green_heart: | compile | 23m 52s | | trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | compile | 20m 42s | | trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | checkstyle | 1m 18s | | trunk passed |
| +1 :green_heart: | mvnsite | 1m 25s | | trunk passed |
| +1 :green_heart: | javadoc | 1m 26s | | trunk passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 1m 15s | | trunk passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | spotbugs | 1m 48s | | trunk passed |
| +1 :green_heart: | shadedclient | 20m 10s | | branch has no errors when building and testing our client artifacts. |
|||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 26s | | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 0m 39s | | the patch passed |
| +1 :green_heart: | compile | 23m 40s | | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javac | 23m 40s | | the patch passed |
| +1 :green_heart: | compile | 20m 39s | | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | javac | 20m 39s | | the patch passed |
| +1 :green_heart: | blanks | 0m 0s | | The patch has no blanks issues. |
| +1 :green_heart: | checkstyle | 1m 12s | | the patch passed |
| +1 :green_heart: | mvnsite | 1m 21s | | the patch passed |
| +1 :green_heart: | javadoc | 1m 15s | | the patch passed with JDK Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 |
| +1 :green_heart: | javadoc | 1m 9s | | the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| +1 :green_heart: | spotbugs | 2m 4s | | the patch passed |
| +1 :green_heart: | shadedclient | 20m 44s | | patch has no errors when building and testing our client artifacts. |
|||| _ Other Tests _ |
| +1 :green_heart: | unit | 3m 28s | | hadoop-auth in the patch passed. |
| +1 :green_heart: | unit | 0m 37s | | hadoop-auth-examples in the patch passed. |
| +1 :green_heart: | asflicense | 0m 57s | | The patch does not generate ASF License warnings. |
| | | 196m 9s | | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/2/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/4300 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient spotbugs checkstyle codespell |
| uname | Linux bdf924e3f1a6 4.15.0-169-generic #177-Ubuntu SMP Thu Feb 3 10:50:38 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / 5eafbcb242c5b22c3b42abce2328853dad9c512c |
| Default Java | Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Multi-JDK versions | /usr/lib/jvm/java-11-openjdk-amd64:Private Build-11.0.15+10-Ubuntu-0ubuntu0.20.04.1 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07 |
| Test Results | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/2/testReport/ |
| Max. process+thread count | 548 (vs. ulimit of 5500) |
| modules | C: hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-auth-examples U: hadoop-common-project |
| Console output | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-4300/2/console |
| versions | git=2.25.1 maven=3.6.3 spotbugs=4.2.2 |
| Powered by | Apache Yetus 0.14.0-SNAPSHOT https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] jacktheone commented on a diff in pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
Posted by GitBox <gi...@apache.org>.
jacktheone commented on code in PR #4300:
URL: https://github.com/apache/hadoop/pull/4300#discussion_r871128264
##########
hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java:
##########
@@ -248,4 +255,86 @@ public void testWrapExceptionWithMessage() {
Assert.assertTrue(ex.equals(ex2));
}
+ @Test(timeout = 60000)
+ public void testNegotiate() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)).
+ thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField("www-authenticate"))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testReadToken() throws NoSuchMethodException, IOException, IllegalAccessException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+ FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
+
+ Base64 base64 = new Base64();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE + " " +
+ Arrays.toString(base64.encode("foobar".getBytes())));
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("readToken",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ try {
+ method.invoke(kerberosAuthenticator, conn);
+ } catch (Exception e) {
+ Assert.fail("readToken() method should not have thrown any exception" + e);
+ }
Review Comment:
Done
##########
hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java:
##########
@@ -248,4 +255,86 @@ public void testWrapExceptionWithMessage() {
Assert.assertTrue(ex.equals(ex2));
}
+ @Test(timeout = 60000)
+ public void testNegotiate() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)).
+ thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTargetException,
+ IllegalAccessException, IOException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getHeaderField("www-authenticate"))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn));
+ }
+
+ @Test(timeout = 60000)
+ public void testReadToken() throws NoSuchMethodException, IOException, IllegalAccessException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+ FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
+
+ Base64 base64 = new Base64();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+ Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE + " " +
+ Arrays.toString(base64.encode("foobar".getBytes())));
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("readToken",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ try {
+ method.invoke(kerberosAuthenticator, conn);
+ } catch (Exception e) {
+ Assert.fail("readToken() method should not have thrown any exception" + e);
+ }
+ }
+
+ @Test(timeout = 60000)
+ public void testReadTokenLowerCase() throws NoSuchMethodException, IOException,
+ IllegalAccessException {
+ KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator();
+ FieldUtils.writeField(kerberosAuthenticator, "base64", new Base64(), true);
+
+ Base64 base64 = new Base64();
+
+ HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
+ Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED);
+ Mockito.when(conn.getHeaderField("www-authenticate"))
+ .thenReturn(KerberosAuthenticator.NEGOTIATE +
+ Arrays.toString(base64.encode("foobar".getBytes())));
+
+ Method method = KerberosAuthenticator.class.getDeclaredMethod("readToken",
+ HttpURLConnection.class);
+ method.setAccessible(true);
+
+ try {
+ method.invoke(kerberosAuthenticator, conn);
+ } catch (Exception e) {
+ Assert.fail("readToken() method should not have thrown any exception" + e);
+ }
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org
[GitHub] [hadoop] 9uapaw commented on pull request #4300: HADOOP-18120 Hadoop auth does not handle HTTP Headers in a case-insensitive way
Posted by GitBox <gi...@apache.org>.
9uapaw commented on PR #4300:
URL: https://github.com/apache/hadoop/pull/4300#issuecomment-1132649285
Looks good to me approved, thanks for the change @jacktheone. Committed to trunk.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org