You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ta...@apache.org on 2022/10/27 05:40:48 UTC
[hadoop] branch branch-3.3 updated: HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)
This is an automated email from the ASF dual-hosted git repository.
tasanuma pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.3 by this push:
new 53143409a8b HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)
53143409a8b is described below
commit 53143409a8b74f85995b9e24cff4d1f33d1d3c82
Author: Takanobu Asanuma <ta...@apache.org>
AuthorDate: Thu Oct 27 14:39:01 2022 +0900
HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)
Reviewed-by: Ashutosh Gupta <as...@amazon.com>
Reviewed-by: Tao Li <to...@apache.org>
(cherry picked from commit 545a556883ab8f126f72efeeeed29265974feaf8)
---
.../server/common/HostRestrictingAuthorizationFilter.java | 5 ++---
.../common/TestHostRestrictingAuthorizationFilter.java | 13 ++++---------
2 files changed, 6 insertions(+), 12 deletions(-)
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
index e9f1cf09e86..0eb999039cb 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
@@ -231,9 +231,8 @@ public class HostRestrictingAuthorizationFilter implements Filter {
final String query = interaction.getQueryString();
final String uri = interaction.getRequestURI();
if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) {
- LOG.trace("Rejecting interaction; wrong URI: {}", uri);
- interaction.sendError(HttpServletResponse.SC_NOT_FOUND,
- "The request URI must start with " + WebHdfsFileSystem.PATH_PREFIX);
+ LOG.trace("Proceeding with interaction since the request doesn't access WebHDFS API");
+ interaction.proceed();
return;
}
final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length());
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
index 34bc616e540..503c4170c46 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
@@ -244,14 +244,13 @@ public class TestHostRestrictingAuthorizationFilter {
}
/**
- * Test acceptable behavior to malformed requests
- * Case: the request URI does not start with "/webhdfs/v1"
+ * A request that don't access WebHDFS API should pass through.
*/
@Test
- public void testInvalidURI() throws Exception {
+ public void testNotWebhdfsAPIRequest() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getMethod()).thenReturn("GET");
- Mockito.when(request.getRequestURI()).thenReturn("/InvalidURI");
+ Mockito.when(request.getRequestURI()).thenReturn("/conf");
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Filter filter = new HostRestrictingAuthorizationFilter();
@@ -260,11 +259,7 @@ public class TestHostRestrictingAuthorizationFilter {
FilterConfig fc = new DummyFilterConfig(configs);
filter.init(fc);
- filter.doFilter(request, response,
- (servletRequest, servletResponse) -> {});
- Mockito.verify(response, Mockito.times(1))
- .sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND),
- Mockito.anyString());
+ filter.doFilter(request, response, (servletRequest, servletResponse) -> {});
filter.destroy();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org