Hadoop Common
  1. Hadoop Common
  2. HADOOP-8314

HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.0, 2.0.0-alpha, 3.0.0
    • Fix Version/s: 1.1.0, 2.0.0-alpha
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Incompatible change, Reviewed

      Description

      If the user is not authenticated (request.getRemoteUser() returns NULL) or there is not authentication filter configured (thus returning also NULL), hasAdminAccess should return false. Note that a filter could allow anonymous access, thus the first case.

      1. HADOOP-8314_branch-1.patch
        5 kB
        Alejandro Abdelnur
      2. HADOOP-8314.patch
        5 kB
        Alejandro Abdelnur
      3. HADOOP-8314.patch
        5 kB
        Alejandro Abdelnur

        Activity

        Hide
        Aaron T. Myers added a comment -

        Patch looks pretty good to me, Tucu. One small comment. This should either say either "users are not authorized" or "users are unauthorized" but not "users are not unauthorized".

        +      response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
        +                         "Unauthenticated users are not " +
        +                         "unauthorized to access this page.");
        

        Otherwise the patch looks good. +1 pending Jenkins.

        Show
        Aaron T. Myers added a comment - Patch looks pretty good to me, Tucu. One small comment. This should either say either "users are not authorized" or "users are unauthorized" but not "users are not unauthorized". + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, + "Unauthenticated users are not " + + "unauthorized to access this page." ); Otherwise the patch looks good. +1 pending Jenkins.
        Hide
        Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12524080/HADOOP-8314.patch
        against trunk revision .

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 1 new or modified test files.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 eclipse:eclipse. The patch built with eclipse:eclipse.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed unit tests in .

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//testReport/
        Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12524080/HADOOP-8314.patch against trunk revision . +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 1 new or modified test files. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 eclipse:eclipse. The patch built with eclipse:eclipse. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed unit tests in . +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//testReport/ Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/885//console This message is automatically generated.
        Hide
        Alejandro Abdelnur added a comment -

        attaching patch with ATM's suggestion

        Show
        Alejandro Abdelnur added a comment - attaching patch with ATM's suggestion
        Hide
        Alejandro Abdelnur added a comment -

        committed to trunk and branch-2

        Show
        Alejandro Abdelnur added a comment - committed to trunk and branch-2
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk-Commit #2202 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2202/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = SUCCESS
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk-Commit #2202 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2202/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #2128 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2128/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = SUCCESS
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #2128 (See https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2128/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk-Commit #2144 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2144/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = SUCCESS
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk-Commit #2144 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2144/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = SUCCESS tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Hdfs-trunk #1025 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1025/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = FAILURE
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Hdfs-trunk #1025 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/1025/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = FAILURE tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Mapreduce-trunk #1060 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1060/)
        HADOOP-8314. HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086)

        Result = FAILURE
        tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086
        Files :

        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java
        • /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Show
        Hudson added a comment - Integrated in Hadoop-Mapreduce-trunk #1060 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1060/ ) HADOOP-8314 . HttpServer#hasAdminAccess should return false if authorization is enabled but user is not authenticated. (tucu) (Revision 1330086) Result = FAILURE tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1330086 Files : /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
        Hide
        Alejandro Abdelnur added a comment -

        we need backport for branch-1

        Show
        Alejandro Abdelnur added a comment - we need backport for branch-1
        Hide
        Alejandro Abdelnur added a comment -

        patch for branch-1

        Show
        Alejandro Abdelnur added a comment - patch for branch-1
        Hide
        Aaron T. Myers added a comment -

        Hey Tucu, can you please comment what testing of the branch-1 patch you did? Also, this JIRA will need to be marked as an incompatible change in branch-1.

        Show
        Aaron T. Myers added a comment - Hey Tucu, can you please comment what testing of the branch-1 patch you did? Also, this JIRA will need to be marked as an incompatible change in branch-1.
        Hide
        Alejandro Abdelnur added a comment -

        I've run the TestHttpServer testcase that verifies the fix.

        Show
        Alejandro Abdelnur added a comment - I've run the TestHttpServer testcase that verifies the fix.
        Hide
        Alejandro Abdelnur added a comment -

        The incompatible change flag is for branch-1

        Show
        Alejandro Abdelnur added a comment - The incompatible change flag is for branch-1
        Hide
        Aaron T. Myers added a comment -

        +1 for the branch-1 patch.

        Show
        Aaron T. Myers added a comment - +1 for the branch-1 patch.
        Hide
        Alejandro Abdelnur added a comment -

        committed to branch-1

        Show
        Alejandro Abdelnur added a comment - committed to branch-1

          People

          • Assignee:
            Alejandro Abdelnur
            Reporter:
            Alejandro Abdelnur
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development