Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12481

JWTRedirectAuthenticationHandler doesn't Retain Original Query String

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      An originally requested URL that contains a query string gets translated into an originalURL query parameter without the original query string.
      This can cause the redirect back to the requested resource to be invalid.

      1. HADOOP-12481-002.patch
        4 kB
        Larry McCay
      2. HADOOP-12481-001.patch
        4 kB
        Larry McCay

        Issue Links

          Activity

          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #504 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/504/)
          HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc)

          • hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          • hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          • hadoop-common-project/hadoop-common/CHANGES.txt
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #504 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/504/ ) HADOOP-12481 . JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc) hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java hadoop-common-project/hadoop-common/CHANGES.txt
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Hdfs-trunk #2441 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2441/)
          HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          • hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #2441 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2441/ ) HADOOP-12481 . JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk #2489 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2489/)
          HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          • hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #2489 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2489/ ) HADOOP-12481 . JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk #1277 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1277/)
          HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          • hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #1277 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1277/ ) HADOOP-12481 . JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-trunk-Commit #8649 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8649/)
          HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc)

          • hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #8649 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8649/ ) HADOOP-12481 . JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #554 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/554/)
          HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc)

          • hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          • hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          • hadoop-common-project/hadoop-common/CHANGES.txt
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #554 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/554/ ) HADOOP-12481 . JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java hadoop-common-project/hadoop-common/CHANGES.txt
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #540 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/540/)
          HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc)

          • hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #540 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/540/ ) HADOOP-12481 . JWTRedirectAuthenticationHandler doesn't Retain Original (cnauroth: rev a121fa1d39b2eb129bcc0e786d0d24c9ec0cdefc) hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
          Hide
          lmccay Larry McCay added a comment -

          Thanks, Chris Nauroth!

          Show
          lmccay Larry McCay added a comment - Thanks, Chris Nauroth !
          Hide
          cnauroth Chris Nauroth added a comment -

          +1 for the patch. I have committed this to trunk and branch-2. Larry McCay, thank you for the contribution.

          Show
          cnauroth Chris Nauroth added a comment - +1 for the patch. I have committed this to trunk and branch-2. Larry McCay , thank you for the contribution.
          Hide
          hadoopqa Hadoop QA added a comment -



          +1 overall



          Vote Subsystem Runtime Comment
          0 pre-patch 22m 25s Pre-patch trunk compilation is healthy.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 tests included 0m 0s The patch appears to include 1 new or modified test files.
          +1 javac 10m 23s There were no new javac warning messages.
          +1 javadoc 16m 1s There were no new javadoc warning messages.
          +1 release audit 0m 29s The applied patch does not increase the total number of release audit warnings.
          +1 checkstyle 0m 28s There were no new checkstyle issues.
          +1 whitespace 0m 0s The patch has no lines that end in whitespace.
          +1 install 1m 53s mvn install still works.
          +1 eclipse:eclipse 0m 42s The patch built with eclipse:eclipse.
          +1 findbugs 0m 54s The patch does not introduce any new Findbugs (version 3.0.0) warnings.
          +1 common tests 5m 46s Tests passed in hadoop-auth.
              59m 5s  



          Subsystem Report/Notes
          Patch URL http://issues.apache.org/jira/secure/attachment/12766829/HADOOP-12481-002.patch
          Optional Tests javadoc javac unit findbugs checkstyle
          git revision trunk / 7a98d94
          hadoop-auth test log https://builds.apache.org/job/PreCommit-HADOOP-Build/7825/artifact/patchprocess/testrun_hadoop-auth.txt
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/7825/testReport/
          Java 1.7.0_55
          uname Linux asf907.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/7825/console

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 pre-patch 22m 25s Pre-patch trunk compilation is healthy. +1 @author 0m 0s The patch does not contain any @author tags. +1 tests included 0m 0s The patch appears to include 1 new or modified test files. +1 javac 10m 23s There were no new javac warning messages. +1 javadoc 16m 1s There were no new javadoc warning messages. +1 release audit 0m 29s The applied patch does not increase the total number of release audit warnings. +1 checkstyle 0m 28s There were no new checkstyle issues. +1 whitespace 0m 0s The patch has no lines that end in whitespace. +1 install 1m 53s mvn install still works. +1 eclipse:eclipse 0m 42s The patch built with eclipse:eclipse. +1 findbugs 0m 54s The patch does not introduce any new Findbugs (version 3.0.0) warnings. +1 common tests 5m 46s Tests passed in hadoop-auth.     59m 5s   Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12766829/HADOOP-12481-002.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / 7a98d94 hadoop-auth test log https://builds.apache.org/job/PreCommit-HADOOP-Build/7825/artifact/patchprocess/testrun_hadoop-auth.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/7825/testReport/ Java 1.7.0_55 uname Linux asf907.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/7825/console This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          Attaching patch with whitespace removed.
          The audit related failure is unrelated to this patch.

          Show
          lmccay Larry McCay added a comment - Attaching patch with whitespace removed. The audit related failure is unrelated to this patch.
          Hide
          hadoopqa Hadoop QA added a comment -



          -1 overall



          Vote Subsystem Runtime Comment
          0 pre-patch 17m 1s Pre-patch trunk compilation is healthy.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 tests included 0m 0s The patch appears to include 1 new or modified test files.
          +1 javac 7m 57s There were no new javac warning messages.
          +1 javadoc 10m 14s There were no new javadoc warning messages.
          -1 release audit 0m 20s The applied patch generated 1 release audit warnings.
          +1 checkstyle 0m 22s There were no new checkstyle issues.
          -1 whitespace 0m 0s The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix.
          +1 install 1m 31s mvn install still works.
          +1 eclipse:eclipse 0m 34s The patch built with eclipse:eclipse.
          +1 findbugs 0m 47s The patch does not introduce any new Findbugs (version 3.0.0) warnings.
          +1 common tests 5m 24s Tests passed in hadoop-auth.
              44m 14s  



          Subsystem Report/Notes
          Patch URL http://issues.apache.org/jira/secure/attachment/12766818/HADOOP-12481-001.patch
          Optional Tests javadoc javac unit findbugs checkstyle
          git revision trunk / c7c36cb
          Release Audit https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/artifact/patchprocess/patchReleaseAuditProblems.txt
          whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/artifact/patchprocess/whitespace.txt
          hadoop-auth test log https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/artifact/patchprocess/testrun_hadoop-auth.txt
          Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/testReport/
          Java 1.7.0_55
          uname Linux asf900.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/console

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 pre-patch 17m 1s Pre-patch trunk compilation is healthy. +1 @author 0m 0s The patch does not contain any @author tags. +1 tests included 0m 0s The patch appears to include 1 new or modified test files. +1 javac 7m 57s There were no new javac warning messages. +1 javadoc 10m 14s There were no new javadoc warning messages. -1 release audit 0m 20s The applied patch generated 1 release audit warnings. +1 checkstyle 0m 22s There were no new checkstyle issues. -1 whitespace 0m 0s The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix. +1 install 1m 31s mvn install still works. +1 eclipse:eclipse 0m 34s The patch built with eclipse:eclipse. +1 findbugs 0m 47s The patch does not introduce any new Findbugs (version 3.0.0) warnings. +1 common tests 5m 24s Tests passed in hadoop-auth.     44m 14s   Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12766818/HADOOP-12481-001.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / c7c36cb Release Audit https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/artifact/patchprocess/patchReleaseAuditProblems.txt whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/artifact/patchprocess/whitespace.txt hadoop-auth test log https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/artifact/patchprocess/testrun_hadoop-auth.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/testReport/ Java 1.7.0_55 uname Linux asf900.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/7824/console This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          Initial patch

          Show
          lmccay Larry McCay added a comment - Initial patch

            People

            • Assignee:
              lmccay Larry McCay
              Reporter:
              lmccay Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development