You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ta...@apache.org on 2022/10/27 05:40:48 UTC

[hadoop] branch branch-3.3 updated: HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)

This is an automated email from the ASF dual-hosted git repository.

tasanuma pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-3.3 by this push:
     new 53143409a8b HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)
53143409a8b is described below

commit 53143409a8b74f85995b9e24cff4d1f33d1d3c82
Author: Takanobu Asanuma <ta...@apache.org>
AuthorDate: Thu Oct 27 14:39:01 2022 +0900

    HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)
    
    Reviewed-by: Ashutosh Gupta <as...@amazon.com>
    Reviewed-by: Tao Li <to...@apache.org>
    (cherry picked from commit 545a556883ab8f126f72efeeeed29265974feaf8)
---
 .../server/common/HostRestrictingAuthorizationFilter.java   |  5 ++---
 .../common/TestHostRestrictingAuthorizationFilter.java      | 13 ++++---------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
index e9f1cf09e86..0eb999039cb 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
@@ -231,9 +231,8 @@ public class HostRestrictingAuthorizationFilter implements Filter {
     final String query = interaction.getQueryString();
     final String uri = interaction.getRequestURI();
     if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) {
-      LOG.trace("Rejecting interaction; wrong URI: {}", uri);
-      interaction.sendError(HttpServletResponse.SC_NOT_FOUND,
-          "The request URI must start with " + WebHdfsFileSystem.PATH_PREFIX);
+      LOG.trace("Proceeding with interaction since the request doesn't access WebHDFS API");
+      interaction.proceed();
       return;
     }
     final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length());
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
index 34bc616e540..503c4170c46 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
@@ -244,14 +244,13 @@ public class TestHostRestrictingAuthorizationFilter {
   }
 
   /**
-   * Test acceptable behavior to malformed requests
-   * Case: the request URI does not start with "/webhdfs/v1"
+   * A request that don't access WebHDFS API should pass through.
    */
   @Test
-  public void testInvalidURI() throws Exception {
+  public void testNotWebhdfsAPIRequest() throws Exception {
     HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
     Mockito.when(request.getMethod()).thenReturn("GET");
-    Mockito.when(request.getRequestURI()).thenReturn("/InvalidURI");
+    Mockito.when(request.getRequestURI()).thenReturn("/conf");
     HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
 
     Filter filter = new HostRestrictingAuthorizationFilter();
@@ -260,11 +259,7 @@ public class TestHostRestrictingAuthorizationFilter {
     FilterConfig fc = new DummyFilterConfig(configs);
 
     filter.init(fc);
-    filter.doFilter(request, response,
-        (servletRequest, servletResponse) -> {});
-    Mockito.verify(response, Mockito.times(1))
-        .sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND),
-                   Mockito.anyString());
+    filter.doFilter(request, response, (servletRequest, servletResponse) -> {});
     filter.destroy();
   }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org