Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-879

Error in knox query processing when original url contains a parameter with value containing "="

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.12.0
    • Component/s: Server
    • Labels:
      None

      Description

      Issue seen while working Atlas with Knox SSO.
      Atlas is set up to use Knox SSO form login for authentication.

      DSL Search query : hive_table where name="table_1" is encoded by Atlas as

      http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table+where+name%3D%22table_1%22
      

      When the above query is fired , it is redirected to knox gateway as :

      https:/KnoxGatewayHost:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table+where+name%3D%22table_1%22
      
      

      On providing correct credentials and trying to sign in , knox threw 500 Internal server error with response :

      Problem accessing /gateway/knoxsso/api/v1/websso.
      

      Following exceptions are found in knox gateway logs :

      2017-02-10 11:19:36,649 INFO  service.knoxsso (WebSSOResource.java:getCookieValue(317)) - Unable to find cookie with name: original-url
      2017-02-10 11:19:36,653 ERROR service.knoxsso (WebSSOResource.java:addJWTHadoopCookie(294)) - Unable to add cookie to response. Illegal character in query at index 103: http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:21000/api/atlas/v2/search/dsl?limit=25&query="table_1": [Ljava.lang.StackTraceElement;@479999f5
      

      (Note : host name is masked with "x" chars matching with length of the actual Atlas host name so that "index 103" in gateway logs would make sense)

      Actual query was :
      hive_table where name="table_"
      which now became :
      "table_1"
      because of the equals character found twice in the query (near query once and near name once)

      ?limit=25&query=hive_table where name="table_1"  
      

      The following query is processed well by Knox as there are no extra "equals"

      http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table
      

        Attachments

        1. KNOX-879.001.patch
          4 kB
          Sandeep More

          Activity

            People

            • Assignee:
              smore Sandeep More
              Reporter:
              sharmadhas Sharmadha S
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: