You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by rk...@apache.org on 2012/12/07 19:54:17 UTC
svn commit: r1418435 - in /oozie/trunk: ./
login/src/main/java/org/apache/oozie/authentication/
login/src/main/java/org/apache/oozie/servlet/login/
login/src/test/java/org/apache/oozie/authentication/
login/src/test/java/org/apache/oozie/servlet/login/
Author: rkanter
Date: Fri Dec 7 18:54:16 2012
New Revision: 1418435
URL: http://svn.apache.org/viewvc?rev=1418435&view=rev
Log:
OOZIE-1113 The cookies used in the AltKerberosAuthenticationHandler examples aren't read properly if quoted (rkanter)
Modified:
oozie/trunk/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java
oozie/trunk/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java
oozie/trunk/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java
oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java
oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java
oozie/trunk/release-log.txt
Modified: oozie/trunk/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/oozie/trunk/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java?rev=1418435&r1=1418434&r2=1418435&view=diff
==============================================================================
--- oozie/trunk/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java (original)
+++ oozie/trunk/login/src/main/java/org/apache/oozie/authentication/ExampleAltAuthenticationHandler.java Fri Dec 7 18:54:16 2012
@@ -18,6 +18,8 @@
package org.apache.oozie.authentication;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.Properties;
@@ -117,11 +119,20 @@ public class ExampleAltAuthenticationHan
*
* @param authCookie The "oozie.web.login.auth" cookie
* @return The username from the cookie or null if the cookie is null
+ * @throws UnsupportedEncodingException thrown if there's a problem decoding the cookie value
+ * @throws AuthenticationException thrown if the cookie value is only two quotes ""
*/
- protected String getAltAuthUserName(Cookie authCookie) {
+ protected String getAltAuthUserName(Cookie authCookie) throws UnsupportedEncodingException, AuthenticationException {
if (authCookie == null) {
return null;
}
- return authCookie.getValue();
+ String username = authCookie.getValue();
+ if (username.startsWith("\"") && username.endsWith("\"")) {
+ if (username.length() == 2) {
+ throw new AuthenticationException("Unable to parse authentication cookie");
+ }
+ username = username.substring(1, username.length() - 1);
+ }
+ return URLDecoder.decode(username, "UTF-8");
}
}
Modified: oozie/trunk/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java
URL: http://svn.apache.org/viewvc/oozie/trunk/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java?rev=1418435&r1=1418434&r2=1418435&view=diff
==============================================================================
--- oozie/trunk/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java (original)
+++ oozie/trunk/login/src/main/java/org/apache/oozie/servlet/login/LoginServlet.java Fri Dec 7 18:54:16 2012
@@ -18,6 +18,7 @@
package org.apache.oozie.servlet.login;
import java.io.*;
+import java.net.URLEncoder;
import java.text.MessageFormat;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
@@ -140,13 +141,14 @@ public class LoginServlet extends HttpSe
/**
* Write the "oozie.web.login.auth" cookie containing the username. A subclass can override this to include more information
* into the cookie; though this will likely break compatibility with the ExampleAltAuthenticationHandler, so it would have to
- * be extended as well.
+ * be extended as well. It is recommended that the cookie value be URL-encoded.
*
* @param resp The response
* @param username The username
+ * @throws UnsupportedEncodingException thrown when there is a problem encoding the username as the cookie value
*/
- protected void writeCookie(HttpServletResponse resp, String username) {
- Cookie cookie = new Cookie("oozie.web.login.auth", username);
+ protected void writeCookie(HttpServletResponse resp, String username) throws UnsupportedEncodingException {
+ Cookie cookie = new Cookie("oozie.web.login.auth", URLEncoder.encode(username, "UTF-8"));
cookie.setPath("/");
resp.addCookie(cookie);
}
Modified: oozie/trunk/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/oozie/trunk/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java?rev=1418435&r1=1418434&r2=1418435&view=diff
==============================================================================
--- oozie/trunk/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java (original)
+++ oozie/trunk/login/src/test/java/org/apache/oozie/authentication/TestExampleAltAuthenticationHandler.java Fri Dec 7 18:54:16 2012
@@ -23,6 +23,7 @@ import java.util.Properties;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.oozie.service.Services;
import org.apache.oozie.test.XTestCase;
@@ -97,4 +98,43 @@ public class TestExampleAltAuthenticatio
assertEquals("someUser", token.getName());
assertEquals("alt-kerberos", token.getType());
}
+
+ // Some browsers or server implementations will quote cookie values, so test that behavior by repeating testAuthenticateCookie()
+ // but with "\"someUser\"" instead of "someUser"
+ public void testAuthenticateCookieQuoted() throws Exception {
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+
+ // A User-Agent without "java" in it is considered to be a browser
+ Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser");
+
+ // We need the request to return the auth cookie
+ Cookie[] cookies = {new Cookie("some.other.cookie", "someValue"),
+ new Cookie("oozie.web.login.auth", "\"someUser\"")};
+ Mockito.when(request.getCookies()).thenReturn(cookies);
+
+ AuthenticationToken token = handler.authenticate(request, response);
+ assertEquals("someUser", token.getUserName());
+ assertEquals("someUser", token.getName());
+ assertEquals("alt-kerberos", token.getType());
+ }
+
+ public void testAuthenticateCookieQuotedInvalid() throws Exception {
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+
+ // A User-Agent without "java" in it is considered to be a browser
+ Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser");
+
+ // We need the request to return the auth cookie
+ Cookie[] cookies = {new Cookie("some.other.cookie", "someValue"),
+ new Cookie("oozie.web.login.auth", "\"\"")};
+ Mockito.when(request.getCookies()).thenReturn(cookies);
+
+ try {
+ handler.authenticate(request, response);
+ } catch(AuthenticationException ae) {
+ assertEquals("Unable to parse authentication cookie", ae.getMessage());
+ }
+ }
}
Modified: oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java
URL: http://svn.apache.org/viewvc/oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java?rev=1418435&r1=1418434&r2=1418435&view=diff
==============================================================================
--- oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java (original)
+++ oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLDAPLoginServlet.java Fri Dec 7 18:54:16 2012
@@ -152,7 +152,8 @@ public class TestLDAPLoginServlet extend
conn.setRequestMethod("POST");
assertEquals(HttpServletResponse.SC_FOUND, conn.getResponseCode());
String cookies = tls.getCookies(conn);
- assertTrue(cookies.contains("oozie.web.login.auth=uid=admin,ou=system"));
+ String username = tls.getUsernameFromCookies(cookies);
+ assertEquals("uid=admin,ou=system", username);
}
@Override
Modified: oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java
URL: http://svn.apache.org/viewvc/oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java?rev=1418435&r1=1418434&r2=1418435&view=diff
==============================================================================
--- oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java (original)
+++ oozie/trunk/login/src/test/java/org/apache/oozie/servlet/login/TestLoginServlet.java Fri Dec 7 18:54:16 2012
@@ -23,8 +23,10 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.net.URLDecoder;
import java.text.MessageFormat;
import java.util.List;
import java.util.Map;
@@ -167,7 +169,8 @@ public class TestLoginServlet extends Te
conn.setRequestMethod("POST");
assertEquals(HttpServletResponse.SC_FOUND, conn.getResponseCode());
String cookies = getCookies(conn);
- assertTrue(cookies.contains("oozie.web.login.auth=foo"));
+ String username = getUsernameFromCookies(cookies);
+ assertEquals("foo", username);
}
protected String getHTML(HttpURLConnection conn) throws Exception {
@@ -192,4 +195,18 @@ public class TestLoginServlet extends Te
}
return null;
}
+
+ protected String getUsernameFromCookies(String cookies) throws UnsupportedEncodingException {
+ String[] cookiesSplit = cookies.split(";");
+ for (String split : cookiesSplit) {
+ if (split.startsWith("oozie.web.login.auth=")) {
+ String value = split.substring("oozie.web.login.auth=".length());
+ if (value.startsWith("\"") && value.endsWith("\"")) {
+ value = value.substring(1, value.length() - 1);
+ }
+ return URLDecoder.decode(value, "UTF-8");
+ }
+ }
+ return null;
+ }
}
Modified: oozie/trunk/release-log.txt
URL: http://svn.apache.org/viewvc/oozie/trunk/release-log.txt?rev=1418435&r1=1418434&r2=1418435&view=diff
==============================================================================
--- oozie/trunk/release-log.txt (original)
+++ oozie/trunk/release-log.txt Fri Dec 7 18:54:16 2012
@@ -1,5 +1,6 @@
-- Oozie 3.4.0 release (trunk - unreleased)
+OOZIE-1113 The cookies used in the AltKerberosAuthenticationHandler examples aren't read properly if quoted (rkanter)
OOZIE-1101 Fix log messages that contain {0} or similar (rkanter)
OOZIE-1073 Optimize latest and future EL resolution in case of start-instance and end-instance (rohini via virag)
OOZIE-816 Add Support for Hadoop 1.1.1 (zhujinwei and harsh via harsh)