You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Gregory Chanan (JIRA)" <ji...@apache.org> on 2013/12/28 02:16:50 UTC

[jira] [Updated] (HADOOP-10193) hadoop-auth's PseudoAuthenticationHandler can consume getInputStream

     [ https://issues.apache.org/jira/browse/HADOOP-10193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gregory Chanan updated HADOOP-10193:
------------------------------------

    Attachment: HADOOP-10193.patch

Here's a patch that parses the query string instead of calling getParameter.  I used org.apache.http.client.utils.URLEncodedUtils to parse the query string.

> hadoop-auth's PseudoAuthenticationHandler can consume getInputStream
> --------------------------------------------------------------------
>
>                 Key: HADOOP-10193
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10193
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Gregory Chanan
>            Assignee: Gregory Chanan
>            Priority: Minor
>             Fix For: 3.0.0
>
>         Attachments: HADOOP-10193.patch
>
>
> I'm trying to use the AuthenticationFilter in front of Apache Solr.  The issue I'm running into is that the PseudoAuthenticationHandler calls ServletRequest.getParameter which affects future calls to ServletRequest.getInputStream.  I.e. from the javadoc:
> {code}
> If the parameter data was sent in the request body, such as occurs with an HTTP POST request, then reading the body directly via getInputStream() or getReader() can interfere with the execution of this method. 
> {code}
> Solr calls getInputStream after the filter and errors result.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)