Hadoop Common
  1. Hadoop Common
  2. HADOOP-8314

HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.0, 2.0.0-alpha, 3.0.0
    • Fix Version/s: 1.1.0, 2.0.0-alpha
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change, Reviewed

      Description

      If the user is not authenticated (request.getRemoteUser() returns NULL) or there is not authentication filter configured (thus returning also NULL), hasAdminAccess should return false. Note that a filter could allow anonymous access, thus the first case.

      1. HADOOP-8314.patch
        5 kB
        Alejandro Abdelnur
      2. HADOOP-8314.patch
        5 kB
        Alejandro Abdelnur
      3. HADOOP-8314_branch-1.patch
        5 kB
        Alejandro Abdelnur

        Activity

        Alejandro Abdelnur created issue -
        Alejandro Abdelnur made changes -
        Field Original Value New Value
        Attachment HADOOP-8314.patch [ 12524080 ]
        Alejandro Abdelnur made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Hide
        Aaron T. Myers added a comment -

        Patch looks pretty good to me, Tucu. One small comment. This should either say either "users are not authorized" or "users are unauthorized" but not "users are not unauthorized".

        +      response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
        +                         "Unauthenticated users are not " +
        +                         "unauthorized to access this page.");
        

        Otherwise the patch looks good. +1 pending Jenkins.

        Show
        Aaron T. Myers added a comment - Patch looks pretty good to me, Tucu. One small comment. This should either say either "users are not authorized" or "users are unauthorized" but not "users are not unauthorized". + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, + "Unauthenticated users are not " + + "unauthorized to access this page." ); Otherwise the patch looks good. +1 pending Jenkins.
        Hide
        Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12524080/HADOOP-8314.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 1 new or modified test files.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in .

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12524080/HADOOP-8314.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 1 new or modified test files. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//console This message is automatically generated.
        Hide
        Alejandro Abdelnur added a comment -

        attaching patch with ATM's suggestion

        Show
        Alejandro Abdelnur added a comment - attaching patch with ATM's suggestion
        Alejandro Abdelnur made changes -
        Attachment HADOOP-8314.patch [ 12524104 ]
        Hide
        Alejandro Abdelnur added a comment -

        committed to trunk and branch-2

        Show
        Alejandro Abdelnur added a comment - committed to trunk and branch-2
        Alejandro Abdelnur made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Hadoop Flags Reviewed [ 10343 ]
        Resolution Fixed [ 1 ]
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk-Commit #2202 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2202/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = SUCCESS
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk-Commit #2202 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2202/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #2128 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2128/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = SUCCESS
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #2128 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2128/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk-Commit #2144 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2144/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = SUCCESS
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk-Commit #2144 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2144/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk #1025 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1025/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = FAILURE
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk #1025 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1025/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = FAILURE tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk #1060 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1060/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = FAILURE
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk #1060 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1060/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = FAILURE tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Alejandro Abdelnur made changes -
        Affects Version/s 1.1.0 [ 12316501 ]
        Hide
        Alejandro Abdelnur added a comment -

        we need backport for branch-1

        Show
        Alejandro Abdelnur added a comment - we need backport for branch-1
        Alejandro Abdelnur made changes -
        Resolution Fixed [ 1 ]
        Status Resolved [ 5 ] Reopened [ 4 ]
        Hide
        Alejandro Abdelnur added a comment -

        patch for branch-1

        Show
        Alejandro Abdelnur added a comment - patch for branch-1
        Alejandro Abdelnur made changes -
        Attachment HADOOP-8314_branch-1.patch [ 12524296 ]
        Hide
        Aaron T. Myers added a comment -

        Hey Tucu, can you please comment what testing of the branch-1 patch you did? Also, this JIRA will need to be marked as an incompatible change in branch-1.

        Show
        Aaron T. Myers added a comment - Hey Tucu, can you please comment what testing of the branch-1 patch you did? Also, this JIRA will need to be marked as an incompatible change in branch-1.
        Hide
        Alejandro Abdelnur added a comment -

        I've run the TestHttpServer testcase that verifies the fix.

        Show
        Alejandro Abdelnur added a comment - I've run the TestHttpServer testcase that verifies the fix.
        Hide
        Alejandro Abdelnur added a comment -

        The incompatible change flag is for branch-1

        Show
        Alejandro Abdelnur added a comment - The incompatible change flag is for branch-1
        Alejandro Abdelnur made changes -
        Hadoop Flags Reviewed [ 10343 ] Incompatible change,Reviewed [ 10342,10343 ]
        Hide
        Aaron T. Myers added a comment -

        +1 for the branch-1 patch.

        Show
        Aaron T. Myers added a comment - +1 for the branch-1 patch.
        Hide
        Alejandro Abdelnur added a comment -

        committed to branch-1

        Show
        Alejandro Abdelnur added a comment - committed to branch-1
        Alejandro Abdelnur made changes -
        Status Reopened [ 4 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Arun C Murthy made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Matt Foley made changes -
        Fix Version/s 1.1.0 [ 12316501 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Patch Available Patch Available
        38s 1 Alejandro Abdelnur 25/Apr/12 00:23
        Patch Available Patch Available Resolved Resolved
        3h 58m 1 Alejandro Abdelnur 25/Apr/12 04:21
        Resolved Resolved Reopened Reopened
        12h 24m 1 Alejandro Abdelnur 25/Apr/12 16:45
        Reopened Reopened Resolved Resolved
        1d 4h 57m 1 Alejandro Abdelnur 26/Apr/12 21:43
        Resolved Resolved Closed Closed
        26d 23h 32m 1 Arun C Murthy 23/May/12 21:15

          People

          • Assignee:
            Alejandro Abdelnur
            Reporter:
            Alejandro Abdelnur
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development