You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2018/02/21 19:50:03 UTC
[jira] [Comment Edited] (KNOX-1177) Retighten the rewrite rule on
oozieui to reduce false positives
[ https://issues.apache.org/jira/browse/KNOX-1177?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16371916#comment-16371916 ]
Kevin Minder edited comment on KNOX-1177 at 2/21/18 7:50 PM:
-------------------------------------------------------------
Tightened this up by binding specific rules to the service routes.
gateway-service-definitions/src/main/resources/services/oozieui/4.2.0/service.xml
{code:java}
<service role="OOZIEUI" name="oozieui" version="4.2.0">
<routes>
<route path="/oozie?**">
<rewrite apply="OOZIEUI/oozieui/inbound/request/root" to="request.url"/>
</route>
<route path="/oozie/**?**">
<rewrite apply="OOZIEUI/oozieui/inbound/request/path" to="request.url"/>
</route>
</routes>
</service>
{code}
gateway-service-definitions/src/main/resources/services/oozieui/4.2.0/rewrite.xml
{code:java}
<rules>
<rule dir="IN" name="OOZIEUI/oozieui/inbound/request/root">
<match pattern="http://*:*/**/oozie?{**}">
<rewrite template="{$serviceUrl[OOZIEUI]}?{**}"/>
</match>
</rule>
<rule dir="IN" name="OOZIEUI/oozieui/inbound/request/path">
<match pattern="*://*:*/**/oozie/{**}?{**}">
<rewrite template="{$serviceUrl[OOZIEUI]}/{**}?{**}"/>
</match>
</rule>
</rules>{code}
was (Author: kminder):
Tightened this up by binding specific rules to the service routes.
gateway-service-definitions/src/main/resources/services/oozieui/4.2.0/service.xml
{code:java}
<service role="OOZIEUI" name="oozieui" version="4.2.0">
<routes>
<route path="/oozie?**">
<rewrite apply="OOZIEUI/oozieui/inbound/request/root" to="request.url"/>
</route>
<route path="/oozie/**?**">
<rewrite apply="OOZIEUI/oozieui/inbound/request/path" to="request.url"/>
</route>
</routes>
</service>
{code}
gateway-service-definitions/src/main/resources/services/oozieui/4.2.0/rewrite.xml
{code:java}
<rules>
<rule dir="IN" name="OOZIEUI/oozieui/inbound/request/root">
<match pattern="http://*:*/**/oozie?{**}">
<rewrite template="{$serviceUrl[OOZIEUI]}?{**}"/>
</match>
</rule>
<rule dir="IN" name="OOZIEUI/oozieui/inbound/request/path">
<match pattern="*://*:*/**/oozie/{**}?{**}">
<rewrite template="{$serviceUrl[OOZIEUI]}/{**}?{**}"/>
</match>
</rule>
</rules>{code}
> Retighten the rewrite rule on oozieui to reduce false positives
> ---------------------------------------------------------------
>
> Key: KNOX-1177
> URL: https://issues.apache.org/jira/browse/KNOX-1177
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.14.0
> Reporter: Wei Han
> Assignee: Kevin Minder
> Priority: Trivial
> Fix For: 0.14.0
>
>
> This was previously fixed in KNOX-1106 and my change KNOX-1172 inadvertently regressed this as there was no test for this use case.
> Currently oozieui rule will match uri with any scheme, which sometimes could cause false positives. For example the following rule in oozieui will rewrite viewfs://ns-default/foo/bar/oozie/myfile.jar to [http://oozie:11000/oozie/myfile.jar]
> <rule dir="IN" name="OOZIEUI/oozie/inbound/root" pattern="*://*:*/**/oozie/">
> <rewrite template="{$serviceUrl[OOZIEUI]}/"/>
> </rule>
> The attached patch will tighten the rule to match only http and https schemes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)