[hive] branch master updated: HIVE-23704: Decode Base-64 String from HTTP Header (David Mollitor, reviewed by Ashutosh Chauhan)

Sun, 21 Jun 2020 09:30:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

dmollitor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/master by this push:
     new 4c18dbb  HIVE-23704: Decode Base-64 String from HTTP Header (David 
Mollitor, reviewed by Ashutosh Chauhan)
4c18dbb is described below

commit 4c18dbb3627149965fe4a96a70f5866bbfe49643
Author: belugabehr <12578579+belugab...@users.noreply.github.com>
AuthorDate: Sun Jun 21 12:29:45 2020 -0400

    HIVE-23704: Decode Base-64 String from HTTP Header (David Mollitor, 
reviewed by Ashutosh Chauhan)
---
 .../hive/service/cli/thrift/ThriftHttpServlet.java | 25 ++++++++++------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git 
a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java 
b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
index 2ccbb61..c20baea 100644
--- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
+++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
@@ -593,11 +593,10 @@ public class ThriftHttpServlet extends TServlet {
 
   private String[] getAuthHeaderTokens(HttpServletRequest request,
       String authType) throws HttpAuthenticationException {
-    String authHeaderBase64 = getAuthHeader(request, authType);
-    String authHeaderString = StringUtils.newStringUtf8(
-        Base64.decodeBase64(authHeaderBase64.getBytes()));
-    String[] creds = authHeaderString.split(":");
-    return creds;
+    String authHeaderBase64Str = getAuthHeader(request, authType);
+    String authHeaderString = 
StringUtils.newStringUtf8(Base64.decodeBase64(authHeaderBase64Str));
+
+    return authHeaderString.split(":");
   }
 
   /**
@@ -616,15 +615,13 @@ public class ThriftHttpServlet extends TServlet {
           "from the client is empty.");
     }
 
-    String authHeaderBase64String;
-    int beginIndex;
-    if (isKerberosAuthMode(authType)) {
-      beginIndex = (HttpAuthUtils.NEGOTIATE + " ").length();
-    }
-    else {
-      beginIndex = (HttpAuthUtils.BASIC + " ").length();
-    }
-    authHeaderBase64String = authHeader.substring(beginIndex);
+    LOG.debug("HTTP Auth Header [{}]", authHeader);
+
+    String[] parts = authHeader.split(" ");
+
+    // Assume the Base-64 string is always the last thing in the header
+    String authHeaderBase64String = parts[parts.length - 1];
+
     // Authorization header must have a payload
     if (authHeaderBase64String.isEmpty()) {
       throw new HttpAuthenticationException("Authorization header received " +

Reply via email to