Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HDFS-16822. HostRestrictingAuthorizationFilter should pass through requests if they don't access WebHDFS API. (#5079)

Reviewed-by: Ashutosh Gupta <ashugpt@amazon.com>
Reviewed-by: Tao Li <tomscut@apache.org>
(cherry picked from commit 545a556883ab8f126f72efeeeed29265974feaf8)
Takanobu Asanuma 2 years ago
parent
bd276092b0
commit
53143409a8
2 changed files with 6 additions and 12 deletions
Split View Show Diff Stats
  1. 2 3
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
  2. 4 9
      hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java

+ 2 - 3
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
View File 

@@ -231,9 +231,8 @@ public class HostRestrictingAuthorizationFilter implements Filter {
 
     final String query = interaction.getQueryString();
 
     final String uri = interaction.getRequestURI();
 
     if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) {
 
-      LOG.trace("Rejecting interaction; wrong URI: {}", uri);
 
-      interaction.sendError(HttpServletResponse.SC_NOT_FOUND,
 
-          "The request URI must start with " + WebHdfsFileSystem.PATH_PREFIX);
 
+      LOG.trace("Proceeding with interaction since the request doesn't access WebHDFS API");
 
+      interaction.proceed();
 
       return;
 
     }
 
     final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length());

+ 4 - 9
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
View File 

@@ -244,14 +244,13 @@ public class TestHostRestrictingAuthorizationFilter {
 
   }
 
 
   /**
 
-   * Test acceptable behavior to malformed requests
 
-   * Case: the request URI does not start with "/webhdfs/v1"
 
+   * A request that don't access WebHDFS API should pass through.
 
    */
 
   @Test
 
-  public void testInvalidURI() throws Exception {
 
+  public void testNotWebhdfsAPIRequest() throws Exception {
 
     HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 
     Mockito.when(request.getMethod()).thenReturn("GET");
 
-    Mockito.when(request.getRequestURI()).thenReturn("/InvalidURI");
 
+    Mockito.when(request.getRequestURI()).thenReturn("/conf");
 
     HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
 
 
     Filter filter = new HostRestrictingAuthorizationFilter();
 
@@ -260,11 +259,7 @@ public class TestHostRestrictingAuthorizationFilter {
 
     FilterConfig fc = new DummyFilterConfig(configs);
 
 
     filter.init(fc);
 
-    filter.doFilter(request, response,
 
-        (servletRequest, servletResponse) -> {});
 
-    Mockito.verify(response, Mockito.times(1))
 
-        .sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND),
 
-                   Mockito.anyString());
 
+    filter.doFilter(request, response, (servletRequest, servletResponse) -> {});
 
     filter.destroy();
 
   }