hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t...@apache.org
Subject svn commit: r1354640 - in /hadoop/common/branches/branch-1: CHANGES.txt src/core/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java src/test/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
Date Wed, 27 Jun 2012 17:35:50 GMT
Author: tucu
Date: Wed Jun 27 17:35:49 2012
New Revision: 1354640

URL: http://svn.apache.org/viewvc?rev=1354640&view=rev
Log:
HADOOP-8249. invalid hadoop-auth cookies should trigger authentication if info is avail before
returning HTTP 401 (tucu)

Modified:
    hadoop/common/branches/branch-1/CHANGES.txt
    hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
    hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java

Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1354640&r1=1354639&r2=1354640&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Wed Jun 27 17:35:49 2012
@@ -42,6 +42,9 @@ Release 1.2.0 - unreleased
     MAPREDUCE-2289. Permissions race can make getStagingDir fail on local filesystem 
     (ahmed via tucu)
 
+    HADOOP-8249. invalid hadoop-auth cookies should trigger authentication if info 
+    is avail before returning HTTP 401 (tucu)
+
 Release 1.1.0 - unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java?rev=1354640&r1=1354639&r2=1354640&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
(original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
Wed Jun 27 17:35:49 2012
@@ -331,7 +331,14 @@ public class AuthenticationFilter implem
     HttpServletResponse httpResponse = (HttpServletResponse) response;
     try {
       boolean newToken = false;
-      AuthenticationToken token = getToken(httpRequest);
+      AuthenticationToken token;
+      try {
+        token = getToken(httpRequest);
+      }
+      catch (AuthenticationException ex) {
+        LOG.warn("AuthenticationToken ignored: " + ex.getMessage());
+        token = null;
+      }
       if (token == null) {
         if (LOG.isDebugEnabled()) {
           LOG.debug("Request [{}] triggering authentication", getRequestURL(httpRequest));
@@ -371,6 +378,9 @@ public class AuthenticationFilter implem
         }
         filterChain.doFilter(httpRequest, httpResponse);
       }
+      else {
+        throw new AuthenticationException("Missing AuthenticationToken");
+      }
     } catch (AuthenticationException ex) {
       if (!httpResponse.isCommitted()) {
         Cookie cookie = createCookie("");

Modified: hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java?rev=1354640&r1=1354639&r2=1354640&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
(original)
+++ hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
Wed Jun 27 17:35:49 2012
@@ -349,7 +349,7 @@ public class TestAuthenticationFilter ex
     }
   }
 
-  private void _testDoFilterAuthentication(boolean withDomainPath) throws Exception {
+  private void _testDoFilterAuthentication(boolean withDomainPath, boolean invalidToken)
throws Exception {
     AuthenticationFilter filter = new AuthenticationFilter();
     try {
       FilterConfig config = Mockito.mock(FilterConfig.class);
@@ -380,6 +380,12 @@ public class TestAuthenticationFilter ex
       Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
       Mockito.when(request.getQueryString()).thenReturn("authenticated=true");
 
+      if (invalidToken) {
+        Mockito.when(request.getCookies()).thenReturn(
+          new Cookie[] { new Cookie(AuthenticatedURL.AUTH_COOKIE, "foo")}
+        );
+      }
+
       HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
 
       FilterChain chain = Mockito.mock(FilterChain.class);
@@ -437,11 +443,15 @@ public class TestAuthenticationFilter ex
   }
 
   public void testDoFilterAuthentication() throws Exception {
-    _testDoFilterAuthentication(false);
+    _testDoFilterAuthentication(false, false);
+  }
+
+  public void testDoFilterAuthenticationWithInvalidToken() throws Exception {
+    _testDoFilterAuthentication(false, true);
   }
 
   public void testDoFilterAuthenticationWithDomainPath() throws Exception {
-    _testDoFilterAuthentication(true);
+    _testDoFilterAuthentication(true, false);
   }
 
   public void testDoFilterAuthenticated() throws Exception {



Mime
View raw message