YARN-2512. Allowed pattern matching for origins in CrossOriginFilter. Contributed by Jonathan Eagles.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/a092cdf3 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/a092cdf3 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/a092cdf3 Branch: refs/heads/HDFS-6584 Commit: a092cdf32de4d752456286a9f4dda533d8a62bca Parents: a23144f Author: Zhijie Shen <zjs...@apache.org> Authored: Sun Sep 7 17:49:06 2014 -0700 Committer: Zhijie Shen <zjs...@apache.org> Committed: Sun Sep 7 17:49:06 2014 -0700 ---------------------------------------------------------------------- hadoop-yarn-project/CHANGES.txt | 3 +++ .../timeline/webapp/CrossOriginFilter.java | 20 ++++++++++++++++++- .../timeline/webapp/TestCrossOriginFilter.java | 21 +++++++++++++++++++- 3 files changed, 42 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/a092cdf3/hadoop-yarn-project/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/CHANGES.txt b/hadoop-yarn-project/CHANGES.txt index beafc22..ed31479 100644 --- a/hadoop-yarn-project/CHANGES.txt +++ b/hadoop-yarn-project/CHANGES.txt @@ -184,6 +184,9 @@ Release 2.6.0 - UNRELEASED YARN-2508. Cross Origin configuration parameters prefix are not honored (Mit Desai via jeagles) + YARN-2512. Allowed pattern matching for origins in CrossOriginFilter. + (Jonathan Eagles via zjshen) + OPTIMIZATIONS BUG FIXES http://git-wip-us.apache.org/repos/asf/hadoop/blob/a092cdf3/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java index d71175f..5a0703d 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/webapp/CrossOriginFilter.java @@ -24,6 +24,8 @@ import java.net.URLEncoder; import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -204,7 +206,23 @@ public class CrossOriginFilter implements Filter { @VisibleForTesting boolean isOriginAllowed(String origin) { - return allowAllOrigins || allowedOrigins.contains(origin); + if (allowAllOrigins) { + return true; + } + + for (String allowedOrigin : allowedOrigins) { + if (allowedOrigin.contains("*")) { + String regex = allowedOrigin.replace(".", "\\.").replace("*", ".*"); + Pattern p = Pattern.compile(regex); + Matcher m = p.matcher(origin); + if (m.matches()) { + return true; + } + } else if (allowedOrigin.equals(origin)) { + return true; + } + } + return false; } private boolean areHeadersAllowed(String accessControlRequestHeaders) { http://git-wip-us.apache.org/repos/asf/hadoop/blob/a092cdf3/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java index f666c21..ccc9bbf 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestCrossOriginFilter.java @@ -77,7 +77,26 @@ public class TestCrossOriginFilter { // Object under test CrossOriginFilter filter = new CrossOriginFilter(); filter.init(filterConfig); - Assert.assertTrue(filter.isOriginAllowed("example.org")); + Assert.assertTrue(filter.isOriginAllowed("example.com")); + } + + @Test + public void testPatternMatchingOrigins() throws ServletException, IOException { + + // Setup the configuration settings of the server + Map<String, String> conf = new HashMap<String, String>(); + conf.put(CrossOriginFilter.ALLOWED_ORIGINS, "*.example.com"); + FilterConfig filterConfig = new FilterConfigTest(conf); + + // Object under test + CrossOriginFilter filter = new CrossOriginFilter(); + filter.init(filterConfig); + + // match multiple sub-domains + Assert.assertFalse(filter.isOriginAllowed("example.com")); + Assert.assertFalse(filter.isOriginAllowed("foo:example.com")); + Assert.assertTrue(filter.isOriginAllowed("foo.example.com")); + Assert.assertTrue(filter.isOriginAllowed("foo.bar.example.com")); } @Test