hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-16314) Make sure all end point URL is covered by the same AuthenticationFilter
Date Tue, 28 May 2019 19:27:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-16314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850061#comment-16850061
] 

Hadoop QA commented on HADOOP-16314:
------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m 18s{color} | {color:blue}
Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  0s{color} |
{color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green}  0m  0s{color}
| {color:green} The patch appears to include 10 new or modified test files. {color} |
|| || || || {color:brown} trunk Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue}  7m 41s{color} | {color:blue}
Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 17m 28s{color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 18m 35s{color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  2m 10s{color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  6m 19s{color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 19m 24s{color}
| {color:green} branch has no errors when building and testing our client artifacts. {color}
|
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  9m 46s{color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  4m 51s{color} |
{color:green} trunk passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue}  0m 24s{color} | {color:blue}
Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  4m 58s{color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 16m 12s{color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 16m 12s{color} | {color:green}
the patch passed {color} |
| {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange}  2m 11s{color}
| {color:orange} root: The patch generated 26 new + 140 unchanged - 3 fixed = 166 total (was
143) {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  6m 33s{color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m  0s{color}
| {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 10m 22s{color}
| {color:green} patch has no errors when building and testing our client artifacts. {color}
|
| {color:red}-1{color} | {color:red} findbugs {color} | {color:red}  1m 52s{color} | {color:red}
hadoop-common-project/hadoop-common generated 3 new + 0 unchanged - 0 fixed = 3 total (was
0) {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  4m 46s{color} |
{color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  9m 26s{color} | {color:green}
hadoop-common in the patch passed. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 79m 21s{color} | {color:red}
hadoop-hdfs in the patch failed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  3m 54s{color} | {color:green}
hadoop-yarn-common in the patch passed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  2m 51s{color} | {color:green}
hadoop-yarn-server-common in the patch passed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  1m 10s{color} | {color:green}
hadoop-yarn-server-web-proxy in the patch passed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  3m 35s{color} | {color:green}
hadoop-yarn-server-applicationhistoryservice in the patch passed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  1m 31s{color} | {color:green}
hadoop-yarn-server-timelineservice in the patch passed. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 79m 24s{color} | {color:red}
hadoop-yarn-server-resourcemanager in the patch failed. {color} |
| {color:red}-1{color} | {color:red} asflicense {color} | {color:red}  0m 44s{color} | {color:red}
The patch generated 17 ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black}319m 54s{color} | {color:black}
{color} |
\\
\\
|| Reason || Tests ||
| FindBugs | module:hadoop-common-project/hadoop-common |
|  |  Unread field:HttpServer2.java:[line 333] |
|  |  Unread field:HttpServer2.java:[line 204] |
|  |  Unread field:HttpServer2.java:[line 328] |
| Failed junit tests | hadoop.hdfs.web.TestWebHdfsTimeouts |
|   | hadoop.hdfs.server.namenode.TestNamenodeCapacityReport |
|   | hadoop.hdfs.server.namenode.ha.TestHASafeMode |
|   | hadoop.yarn.server.resourcemanager.rmapp.TestRMAppTransitions |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:bdbca0e |
| JIRA Issue | HADOOP-16314 |
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12970030/HADOOP-16314-002.patch
|
| Optional Tests |  dupname  asflicense  compile  javac  javadoc  mvninstall  mvnsite  unit
 shadedclient  findbugs  checkstyle  |
| uname | Linux 66ceb27459d7 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/patchprocess/precommit/personality/provided.sh |
| git revision | trunk / 9f0d341 |
| maven | version: Apache Maven 3.3.9 |
| Default Java | 1.8.0_212 |
| findbugs | v3.1.0-RC1 |
| checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/16270/artifact/out/diff-checkstyle-root.txt
|
| findbugs | https://builds.apache.org/job/PreCommit-HADOOP-Build/16270/artifact/out/new-findbugs-hadoop-common-project_hadoop-common.html
|
| unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/16270/artifact/out/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt
|
| unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/16270/artifact/out/patch-unit-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-resourcemanager.txt
|
|  Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/16270/testReport/ |
| asflicense | https://builds.apache.org/job/PreCommit-HADOOP-Build/16270/artifact/out/patch-asflicense-problems.txt
|
| Max. process+thread count | 5399 (vs. ulimit of 10000) |
| modules | C: hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager
U: . |
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/16270/console |
| Powered by | Apache Yetus 0.8.0   http://yetus.apache.org |


This message was automatically generated.



> Make sure all end point URL is covered by the same AuthenticationFilter
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-16314
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16314
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Eric Yang
>            Assignee: Prabhu Joseph
>            Priority: Major
>         Attachments: HADOOP-16314-001.patch, HADOOP-16314-002.patch, HADOOP-16314-003.patch,
Hadoop Web Security.xlsx, scan.txt
>
>
> In the enclosed spreadsheet, it shows the list of web applications deployed by Hadoop,
and filters applied to each entry point.
> Hadoop web protocol impersonation has been inconsistent.  Most of entry point do not
support ?doAs parameter.  This creates problem for secure gateway like Knox to proxy Hadoop
web interface on behave of the end user.  When the receiving end does not check for ?doAs
flag, web interface would be accessed using proxy user credential.  This can lead to all
kind of security holes using path traversal to exploit Hadoop. 
> In HADOOP-16287, ProxyUserAuthenticationFilter is proposed as solution to solve the web
impersonation problem.  This task is to track changes required in Hadoop code base to apply
authentication filter globally for each of the web service port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message