Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-12691

Add CSRF Filter for REST APIs to Hadoop Common

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      CSRF prevention for REST APIs can be provided through a common servlet filter. This filter would check for the existence of an expected (configurable) HTTP header - such as X-XSRF-Header.

      The fact that CSRF attacks are entirely browser based means that the above approach can ensure that requests are coming from either: applications served by the same origin as the REST API or that there is explicit policy configuration that allows the setting of a header on XmlHttpRequest from another origin.

      1. CSRFProtectionforRESTAPIs.pdf
        111 kB
        Larry McCay
      2. HADOOP-12691-001.patch
        14 kB
        Larry McCay
      3. HADOOP-12691-002.patch
        14 kB
        Larry McCay
      4. HADOOP-12691-003.patch
        15 kB
        Larry McCay

        Issue Links

          Activity

          Hide
          lmccay Larry McCay added a comment -

          I will write up a quick design document for this filter and attach.
          I intend to add it to the org/apache/hadoop/security/http/ package along side CrossOriginFilter.java.

          Show
          lmccay Larry McCay added a comment - I will write up a quick design document for this filter and attach. I intend to add it to the org/apache/hadoop/security/http/ package along side CrossOriginFilter.java.
          Hide
          lmccay Larry McCay added a comment -

          Uploaded one-pager description of the problem and proposed filter based solution.

          Show
          lmccay Larry McCay added a comment - Uploaded one-pager description of the problem and proposed filter based solution.
          Hide
          lmccay Larry McCay added a comment -

          attaching initial patch.

          Show
          lmccay Larry McCay added a comment - attaching initial patch.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
          +1 mvninstall 7m 30s trunk passed
          +1 compile 7m 43s trunk passed with JDK v1.8.0_66
          +1 compile 8m 40s trunk passed with JDK v1.7.0_91
          +1 checkstyle 0m 15s trunk passed
          +1 mvnsite 1m 1s trunk passed
          +1 mvneclipse 0m 14s trunk passed
          +1 findbugs 1m 45s trunk passed
          +1 javadoc 0m 53s trunk passed with JDK v1.8.0_66
          +1 javadoc 1m 4s trunk passed with JDK v1.7.0_91
          +1 mvninstall 1m 40s the patch passed
          +1 compile 7m 51s the patch passed with JDK v1.8.0_66
          +1 javac 7m 51s the patch passed
          +1 compile 8m 41s the patch passed with JDK v1.7.0_91
          -1 javac 22m 7s root-jdk1.7.0_91 with JDK v1.7.0_91 generated 4 new issues (was 724, now 724).
          +1 javac 8m 41s the patch passed
          -1 checkstyle 0m 15s Patch generated 9 new checkstyle issues in hadoop-common-project/hadoop-common (total was 0, now 9).
          +1 mvnsite 1m 1s the patch passed
          +1 mvneclipse 0m 14s the patch passed
          -1 whitespace 0m 0s The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix.
          +1 findbugs 1m 57s the patch passed
          +1 javadoc 0m 50s the patch passed with JDK v1.8.0_66
          +1 javadoc 1m 3s the patch passed with JDK v1.7.0_91
          +1 unit 6m 45s hadoop-common in the patch passed with JDK v1.8.0_66.
          +1 unit 6m 56s hadoop-common in the patch passed with JDK v1.7.0_91.
          +1 asflicense 0m 24s Patch does not generate ASF License warnings.
          67m 57s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12781976/HADOOP-12691-001.patch
          JIRA Issue HADOOP-12691
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux 6fa8eda55800 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / fbb5868
          Default Java 1.7.0_91
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91
          findbugs v3.0.0
          javac root-jdk1.7.0_91: https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/artifact/patchprocess/diff-compile-javac-root-jdk1.7.0_91.txt
          checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt
          whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/artifact/patchprocess/whitespace-eol.txt
          JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Max memory used 76MB
          Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/console

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files. +1 mvninstall 7m 30s trunk passed +1 compile 7m 43s trunk passed with JDK v1.8.0_66 +1 compile 8m 40s trunk passed with JDK v1.7.0_91 +1 checkstyle 0m 15s trunk passed +1 mvnsite 1m 1s trunk passed +1 mvneclipse 0m 14s trunk passed +1 findbugs 1m 45s trunk passed +1 javadoc 0m 53s trunk passed with JDK v1.8.0_66 +1 javadoc 1m 4s trunk passed with JDK v1.7.0_91 +1 mvninstall 1m 40s the patch passed +1 compile 7m 51s the patch passed with JDK v1.8.0_66 +1 javac 7m 51s the patch passed +1 compile 8m 41s the patch passed with JDK v1.7.0_91 -1 javac 22m 7s root-jdk1.7.0_91 with JDK v1.7.0_91 generated 4 new issues (was 724, now 724). +1 javac 8m 41s the patch passed -1 checkstyle 0m 15s Patch generated 9 new checkstyle issues in hadoop-common-project/hadoop-common (total was 0, now 9). +1 mvnsite 1m 1s the patch passed +1 mvneclipse 0m 14s the patch passed -1 whitespace 0m 0s The patch has 1 line(s) that end in whitespace. Use git apply --whitespace=fix. +1 findbugs 1m 57s the patch passed +1 javadoc 0m 50s the patch passed with JDK v1.8.0_66 +1 javadoc 1m 3s the patch passed with JDK v1.7.0_91 +1 unit 6m 45s hadoop-common in the patch passed with JDK v1.8.0_66. +1 unit 6m 56s hadoop-common in the patch passed with JDK v1.7.0_91. +1 asflicense 0m 24s Patch does not generate ASF License warnings. 67m 57s Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12781976/HADOOP-12691-001.patch JIRA Issue HADOOP-12691 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 6fa8eda55800 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / fbb5868 Default Java 1.7.0_91 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91 findbugs v3.0.0 javac root-jdk1.7.0_91: https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/artifact/patchprocess/diff-compile-javac-root-jdk1.7.0_91.txt checkstyle https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/artifact/patchprocess/diff-checkstyle-hadoop-common-project_hadoop-common.txt whitespace https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/artifact/patchprocess/whitespace-eol.txt JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Max memory used 76MB Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8397/console This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          second patch attempt attached.

          Show
          lmccay Larry McCay added a comment - second patch attempt attached.
          Hide
          hadoopqa Hadoop QA added a comment -
          +1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
          +1 mvninstall 7m 32s trunk passed
          +1 compile 7m 34s trunk passed with JDK v1.8.0_66
          +1 compile 8m 27s trunk passed with JDK v1.7.0_91
          +1 checkstyle 0m 14s trunk passed
          +1 mvnsite 1m 0s trunk passed
          +1 mvneclipse 0m 14s trunk passed
          +1 findbugs 1m 44s trunk passed
          +1 javadoc 0m 50s trunk passed with JDK v1.8.0_66
          +1 javadoc 1m 2s trunk passed with JDK v1.7.0_91
          +1 mvninstall 1m 42s the patch passed
          +1 compile 7m 27s the patch passed with JDK v1.8.0_66
          +1 javac 7m 27s the patch passed
          +1 compile 8m 27s the patch passed with JDK v1.7.0_91
          +1 javac 8m 27s the patch passed
          +1 checkstyle 0m 15s the patch passed
          +1 mvnsite 1m 1s the patch passed
          +1 mvneclipse 0m 13s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 findbugs 1m 54s the patch passed
          +1 javadoc 0m 51s the patch passed with JDK v1.8.0_66
          +1 javadoc 1m 1s the patch passed with JDK v1.7.0_91
          +1 unit 6m 46s hadoop-common in the patch passed with JDK v1.8.0_66.
          +1 unit 7m 25s hadoop-common in the patch passed with JDK v1.7.0_91.
          +1 asflicense 0m 27s Patch does not generate ASF License warnings.
          67m 23s



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12781994/HADOOP-12691-002.patch
          JIRA Issue HADOOP-12691
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux 80cc4b3706f8 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / c0537bc
          Default Java 1.7.0_91
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91
          findbugs v3.0.0
          JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8400/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Max memory used 76MB
          Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8400/console

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - +1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files. +1 mvninstall 7m 32s trunk passed +1 compile 7m 34s trunk passed with JDK v1.8.0_66 +1 compile 8m 27s trunk passed with JDK v1.7.0_91 +1 checkstyle 0m 14s trunk passed +1 mvnsite 1m 0s trunk passed +1 mvneclipse 0m 14s trunk passed +1 findbugs 1m 44s trunk passed +1 javadoc 0m 50s trunk passed with JDK v1.8.0_66 +1 javadoc 1m 2s trunk passed with JDK v1.7.0_91 +1 mvninstall 1m 42s the patch passed +1 compile 7m 27s the patch passed with JDK v1.8.0_66 +1 javac 7m 27s the patch passed +1 compile 8m 27s the patch passed with JDK v1.7.0_91 +1 javac 8m 27s the patch passed +1 checkstyle 0m 15s the patch passed +1 mvnsite 1m 1s the patch passed +1 mvneclipse 0m 13s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 1m 54s the patch passed +1 javadoc 0m 51s the patch passed with JDK v1.8.0_66 +1 javadoc 1m 1s the patch passed with JDK v1.7.0_91 +1 unit 6m 46s hadoop-common in the patch passed with JDK v1.8.0_66. +1 unit 7m 25s hadoop-common in the patch passed with JDK v1.7.0_91. +1 asflicense 0m 27s Patch does not generate ASF License warnings. 67m 23s Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12781994/HADOOP-12691-002.patch JIRA Issue HADOOP-12691 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 80cc4b3706f8 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / c0537bc Default Java 1.7.0_91 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91 findbugs v3.0.0 JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8400/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Max memory used 76MB Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8400/console This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          Can I get a review on this patch please?
          Chris Nauroth - would you happen to have a few cycles?

          Show
          lmccay Larry McCay added a comment - Can I get a review on this patch please? Chris Nauroth - would you happen to have a few cycles?
          Hide
          cnauroth Chris Nauroth added a comment -

          Hi Larry McCay. This looks great, and thank you for the design document. I have just a few minor comments.

          1. Should we add TRACE to METHODS_TO_IGNORE_DEFAULT?
          2. Could you add some documentation to HttpAuthentication.md? I don't think it needs a lot of documentation, but a mention of what it does and how to configure it would be great.
          3. The design document contains this statement:

            Failure results in a 403 forbidden or 400 bad_request HTTP status response.

            In the code though, I only saw it sending SC_BAD_REQUEST. Is there supposed to be another case for sending SC_FORBIDDEN? (I think it's fine how it is. I only mention this because I noticed a discrepancy between the doc and the code.)

          4. Can you please remove this?
              /* (non-Javadoc)
               * @see javax.servlet.Filter#destroy()
               */
            

            We prefer not to put those in the Hadoop codebase.

          5. Several tests have the comment "X-XSRF HAS been sent", but they are really tests that don't send the header: testMissingCustomHeaderConfig_badRequest, testMissingHeaderNoMethodsToIgnoreConfig_badRequest, testMissingHeaderIgnoreGETMethodConfig_goodRequest and testMissingHeaderIgnoreMultiMethodConfig_goodRequest.
          6. Is testMissingCustomHeaderConfig_badRequest supposed to configure a custom header?
          7. The filter class's dependency on FilterConfig is for 2 method calls to getInitParameter. It would be less total code if we mocked those 2 calls and removed the full definition of the extra FilterConfigTest class. Do you think that change makes sense?
          Show
          cnauroth Chris Nauroth added a comment - Hi Larry McCay . This looks great, and thank you for the design document. I have just a few minor comments. Should we add TRACE to METHODS_TO_IGNORE_DEFAULT ? Could you add some documentation to HttpAuthentication.md? I don't think it needs a lot of documentation, but a mention of what it does and how to configure it would be great. The design document contains this statement: Failure results in a 403 forbidden or 400 bad_request HTTP status response. In the code though, I only saw it sending SC_BAD_REQUEST . Is there supposed to be another case for sending SC_FORBIDDEN ? (I think it's fine how it is. I only mention this because I noticed a discrepancy between the doc and the code.) Can you please remove this? /* (non-Javadoc) * @see javax.servlet.Filter#destroy() */ We prefer not to put those in the Hadoop codebase. Several tests have the comment "X-XSRF HAS been sent", but they are really tests that don't send the header: testMissingCustomHeaderConfig_badRequest , testMissingHeaderNoMethodsToIgnoreConfig_badRequest , testMissingHeaderIgnoreGETMethodConfig_goodRequest and testMissingHeaderIgnoreMultiMethodConfig_goodRequest . Is testMissingCustomHeaderConfig_badRequest supposed to configure a custom header? The filter class's dependency on FilterConfig is for 2 method calls to getInitParameter . It would be less total code if we mocked those 2 calls and removed the full definition of the extra FilterConfigTest class. Do you think that change makes sense?
          Hide
          lmccay Larry McCay added a comment -

          Chris Nauroth - thanks for the review!

          I will take care of each of your comments and provide a new patch.
          #3 - discrepancy is just left over from before I decided which to send.

          Thanks again.

          Show
          lmccay Larry McCay added a comment - Chris Nauroth - thanks for the review! I will take care of each of your comments and provide a new patch. #3 - discrepancy is just left over from before I decided which to send. Thanks again.
          Hide
          lmccay Larry McCay added a comment -

          Attaching new patch 003.

          Show
          lmccay Larry McCay added a comment - Attaching new patch 003.
          Hide
          lmccay Larry McCay added a comment -

          Addressed all comments except the documentation. Follow up patches for YARN and HDFS will drive the configuration docs.

          Show
          lmccay Larry McCay added a comment - Addressed all comments except the documentation. Follow up patches for YARN and HDFS will drive the configuration docs.
          Hide
          hadoopqa Hadoop QA added a comment -
          -1 overall



          Vote Subsystem Runtime Comment
          0 reexec 0m 0s Docker mode activated.
          +1 @author 0m 0s The patch does not contain any @author tags.
          +1 test4tests 0m 0s The patch appears to include 1 new or modified test files.
          +1 mvninstall 7m 47s trunk passed
          +1 compile 8m 8s trunk passed with JDK v1.8.0_66
          +1 compile 8m 43s trunk passed with JDK v1.7.0_91
          +1 checkstyle 0m 15s trunk passed
          +1 mvnsite 1m 2s trunk passed
          +1 mvneclipse 0m 14s trunk passed
          +1 findbugs 1m 47s trunk passed
          +1 javadoc 0m 55s trunk passed with JDK v1.8.0_66
          +1 javadoc 1m 3s trunk passed with JDK v1.7.0_91
          +1 mvninstall 1m 43s the patch passed
          +1 compile 7m 45s the patch passed with JDK v1.8.0_66
          +1 javac 7m 45s the patch passed
          +1 compile 8m 37s the patch passed with JDK v1.7.0_91
          -1 javac 22m 2s root-jdk1.7.0_91 with JDK v1.7.0_91 generated 4 new issues (was 724, now 724).
          +1 javac 8m 37s the patch passed
          +1 checkstyle 0m 16s the patch passed
          +1 mvnsite 1m 0s the patch passed
          +1 mvneclipse 0m 13s the patch passed
          +1 whitespace 0m 0s Patch has no whitespace issues.
          +1 findbugs 1m 56s the patch passed
          +1 javadoc 0m 52s the patch passed with JDK v1.8.0_66
          +1 javadoc 1m 4s the patch passed with JDK v1.7.0_91
          -1 unit 6m 23s hadoop-common in the patch failed with JDK v1.8.0_66.
          +1 unit 7m 11s hadoop-common in the patch passed with JDK v1.7.0_91.
          +1 asflicense 0m 23s Patch does not generate ASF License warnings.
          68m 40s



          Reason Tests
          JDK v1.8.0_66 Failed junit tests hadoop.metrics2.impl.TestGangliaMetrics



          Subsystem Report/Notes
          Docker Image:yetus/hadoop:0ca8df7
          JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12782195/HADOOP-12691-003.patch
          JIRA Issue HADOOP-12691
          Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
          uname Linux 04b87f3676f7 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
          Build tool maven
          Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
          git revision trunk / 8315582
          Default Java 1.7.0_91
          Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91
          findbugs v3.0.0
          javac root-jdk1.7.0_91: https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/artifact/patchprocess/diff-compile-javac-root-jdk1.7.0_91.txt
          unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_66.txt
          unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_66.txt
          JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/testReport/
          modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
          Max memory used 76MB
          Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org
          Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/console

          This message was automatically generated.

          Show
          hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 0s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. +1 test4tests 0m 0s The patch appears to include 1 new or modified test files. +1 mvninstall 7m 47s trunk passed +1 compile 8m 8s trunk passed with JDK v1.8.0_66 +1 compile 8m 43s trunk passed with JDK v1.7.0_91 +1 checkstyle 0m 15s trunk passed +1 mvnsite 1m 2s trunk passed +1 mvneclipse 0m 14s trunk passed +1 findbugs 1m 47s trunk passed +1 javadoc 0m 55s trunk passed with JDK v1.8.0_66 +1 javadoc 1m 3s trunk passed with JDK v1.7.0_91 +1 mvninstall 1m 43s the patch passed +1 compile 7m 45s the patch passed with JDK v1.8.0_66 +1 javac 7m 45s the patch passed +1 compile 8m 37s the patch passed with JDK v1.7.0_91 -1 javac 22m 2s root-jdk1.7.0_91 with JDK v1.7.0_91 generated 4 new issues (was 724, now 724). +1 javac 8m 37s the patch passed +1 checkstyle 0m 16s the patch passed +1 mvnsite 1m 0s the patch passed +1 mvneclipse 0m 13s the patch passed +1 whitespace 0m 0s Patch has no whitespace issues. +1 findbugs 1m 56s the patch passed +1 javadoc 0m 52s the patch passed with JDK v1.8.0_66 +1 javadoc 1m 4s the patch passed with JDK v1.7.0_91 -1 unit 6m 23s hadoop-common in the patch failed with JDK v1.8.0_66. +1 unit 7m 11s hadoop-common in the patch passed with JDK v1.7.0_91. +1 asflicense 0m 23s Patch does not generate ASF License warnings. 68m 40s Reason Tests JDK v1.8.0_66 Failed junit tests hadoop.metrics2.impl.TestGangliaMetrics Subsystem Report/Notes Docker Image:yetus/hadoop:0ca8df7 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12782195/HADOOP-12691-003.patch JIRA Issue HADOOP-12691 Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 04b87f3676f7 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 8315582 Default Java 1.7.0_91 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_66 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_91 findbugs v3.0.0 javac root-jdk1.7.0_91: https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/artifact/patchprocess/diff-compile-javac-root-jdk1.7.0_91.txt unit https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_66.txt unit test logs https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common-jdk1.8.0_66.txt JDK v1.7.0_91 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Max memory used 76MB Powered by Apache Yetus 0.2.0-SNAPSHOT http://yetus.apache.org Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/8407/console This message was automatically generated.
          Hide
          lmccay Larry McCay added a comment -

          Those failures are unrelated to this patch - as far as I can tell.

          Show
          lmccay Larry McCay added a comment - Those failures are unrelated to this patch - as far as I can tell.
          Hide
          cnauroth Chris Nauroth added a comment -

          +1 for patch v003. I agree with deferring documentation until subsequent JIRAs, where individual components will start using the filter. I have committed this to trunk and branch-2. Larry McCay, thank you for contributing this patch.

          Show
          cnauroth Chris Nauroth added a comment - +1 for patch v003. I agree with deferring documentation until subsequent JIRAs, where individual components will start using the filter. I have committed this to trunk and branch-2. Larry McCay , thank you for contributing this patch.
          Hide
          lmccay Larry McCay added a comment -

          Thank you, Chris Nauroth!

          Show
          lmccay Larry McCay added a comment - Thank you, Chris Nauroth !
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-trunk-Commit #9113 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9113/)
          HADOOP-12691. Add CSRF Filter for REST APIs to Hadoop Common. (cnauroth: rev 06f4ac0ccdc623283106f258644148d5e003f75c)

          • hadoop-common-project/hadoop-common/CHANGES.txt
          • hadoop-common/src/test/java/org/apache/hadoop/security/http/TestRestCsrfPreventionFilter.java
          • hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #9113 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9113/ ) HADOOP-12691 . Add CSRF Filter for REST APIs to Hadoop Common. (cnauroth: rev 06f4ac0ccdc623283106f258644148d5e003f75c) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common/src/test/java/org/apache/hadoop/security/http/TestRestCsrfPreventionFilter.java hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java
          Hide
          sekikn Kengo Seki added a comment -

          Chris Nauroth, I'm afraid you seemed to put the new classes in the wrong position.

          Show
          sekikn Kengo Seki added a comment - Chris Nauroth , I'm afraid you seemed to put the new classes in the wrong position.
          Hide
          lmccay Larry McCay added a comment -

          Kengo Seki - can you elaborate, please?
          The location within hadoop-common/src/test/java/org/apache/hadoop/security/http/ was chosen to align with the CrossOriginFilter location as they are very similar in functionality and intent.

          Are you speaking of some other type of location?

          Show
          lmccay Larry McCay added a comment - Kengo Seki - can you elaborate, please? The location within hadoop-common/src/test/java/org/apache/hadoop/security/http/ was chosen to align with the CrossOriginFilter location as they are very similar in functionality and intent. Are you speaking of some other type of location?
          Hide
          sekikn Kengo Seki added a comment -

          Directory hadoop-common at the top level seems to be newly created by mistake.
          https://github.com/apache/hadoop/tree/trunk/hadoop-common

          Show
          sekikn Kengo Seki added a comment - Directory hadoop-common at the top level seems to be newly created by mistake. https://github.com/apache/hadoop/tree/trunk/hadoop-common
          Hide
          lmccay Larry McCay added a comment -

          Yikes - is that a result of my patch being rooted at the wrong place?

          Show
          lmccay Larry McCay added a comment - Yikes - is that a result of my patch being rooted at the wrong place?
          Hide
          sekikn Kengo Seki added a comment -

          No, your patch seems correct. I suspect it was applied with a wrong argument for "-p" option.

          Show
          sekikn Kengo Seki added a comment - No, your patch seems correct. I suspect it was applied with a wrong argument for "-p" option.
          Hide
          lmccay Larry McCay added a comment -

          Ahhh - that makes sense. Thanks.

          Show
          lmccay Larry McCay added a comment - Ahhh - that makes sense. Thanks.
          Hide
          cnauroth Chris Nauroth added a comment -

          Oops! I just fixed this with a git mv on both trunk and branch-2. Kengo Seki, thank you for spotting the mistake.

          I suspect it was applied with a wrong argument for "-p" option.

          Yeah, that's the most likely explanation. Since the patch contained only new files, there were no conflicts, and it just assumed I was creating a new directory.

          Show
          cnauroth Chris Nauroth added a comment - Oops! I just fixed this with a git mv on both trunk and branch-2. Kengo Seki , thank you for spotting the mistake. I suspect it was applied with a wrong argument for "-p" option. Yeah, that's the most likely explanation. Since the patch contained only new files, there were no conflicts, and it just assumed I was creating a new directory.
          Hide
          hudson Hudson added a comment -

          FAILURE: Integrated in Hadoop-trunk-Commit #9127 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9127/)
          HADOOP-12691. Move files to correct location. (cnauroth: rev da77f423d142c4dda8810d4668edde3c7d2999e8)

          • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java
          • hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestRestCsrfPreventionFilter.java
          • hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java
          • hadoop-common/src/test/java/org/apache/hadoop/security/http/TestRestCsrfPreventionFilter.java
          Show
          hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #9127 (See https://builds.apache.org/job/Hadoop-trunk-Commit/9127/ ) HADOOP-12691 . Move files to correct location. (cnauroth: rev da77f423d142c4dda8810d4668edde3c7d2999e8) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestRestCsrfPreventionFilter.java hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java hadoop-common/src/test/java/org/apache/hadoop/security/http/TestRestCsrfPreventionFilter.java
          Hide
          lmccay Larry McCay added a comment -

          Thanks again, Chris Nauroth!

          Show
          lmccay Larry McCay added a comment - Thanks again, Chris Nauroth !
          Hide
          cnauroth Chris Nauroth added a comment -

          I also cherry-picked to branch-2.8.

          Show
          cnauroth Chris Nauroth added a comment - I also cherry-picked to branch-2.8.
          Hide
          cnauroth Chris Nauroth added a comment -

          HDFS-9711 now tracks integration of the CSRF prevention filter in WebHDFS.

          Show
          cnauroth Chris Nauroth added a comment - HDFS-9711 now tracks integration of the CSRF prevention filter in WebHDFS.

            People

            • Assignee:
              lmccay Larry McCay
              Reporter:
              lmccay Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development