Home Esplora Aiuto
Registrati Accedi
apache
/
hadoop
mirror da https://github.com/apache/hadoop.git
2
0
Forka 1
File Problemi 0 Wiki
Sfoglia il codice sorgente

HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2
(Contributed by Haibo Yan via Daniel Templeton)

Change-Id: I28edde8125dd20d8d270f0e609d1c04d8173c8b7
(cherry picked from commit cba319499822a2475c60c43ea71f8e78237e139f)

Daniel Templeton 7 anni fa
parent
58b5b3aa75
commit
09fd1348e8
1 ha cambiato i file con 5 aggiunte e 2 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 5 2
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java

+ 5 - 2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
Vedi File 

@@ -1415,8 +1415,11 @@ public final class HttpServer2 implements FilterContainer {
 
 
     if (servletContext.getAttribute(ADMINS_ACL) != null &&
 
         !userHasAdministratorAccess(servletContext, remoteUser)) {
 
-      response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
 
-          + remoteUser + " is unauthorized to access this page.");
 
+      response.sendError(HttpServletResponse.SC_FORBIDDEN,
 
+          "Unauthenticated users are not " +
 
+              "authorized to access this page.");
 
+      LOG.warn("User " + remoteUser + " is unauthorized to access the page "
 
+          + request.getRequestURI() + ".");
 
       return false;
 
     }