Cao Manh Dat created HADOOP-15681:
-------------------------------------
Summary: AuthenticationFilter should not use unicode character in
header
Key: HADOOP-15681
URL: https://issues.apache.org/jira/browse/HADOOP-15681
Project: Hadoop Common
Issue Type: Improvement
Reporter: Cao Manh Dat
Hi guys,
When I try to set up Hadoop Kerberos authentication for Solr (HTTP2), I met
this exception:
{code}
java.lang.IllegalArgumentException: null
at org.eclipse.jetty.http2.hpack.Huffman.octetsNeeded(Huffman.java:435)
~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.http2.hpack.Huffman.octetsNeeded(Huffman.java:409)
~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.hpack.HpackEncoder.encodeValue(HpackEncoder.java:368)
~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:302)
~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:179)
~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1163)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:184)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:224)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:685)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:657)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:107)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:235)
~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:134)
~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:790)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:846)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:240)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:216)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:298)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:49)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:163)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.Response.closeOutput(Response.java:1038)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ErrorHandler.generateAcceptableResponse(ErrorHandler.java:178)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ErrorHandler.doError(ErrorHandler.java:142)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ErrorHandler.handle(ErrorHandler.java:78)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.Response.sendError(Response.java:655)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:158)
~[javax.servlet-api-3.1.0.jar:3.1.0]
at
javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:158)
~[javax.servlet-api-3.1.0.jar:3.1.0]
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:580)
~[hadoop-auth-2.7.4.jar:?]
at
org.apache.solr.security.DelegationTokenKerberosFilter.doFilter(DelegationTokenKerberosFilter.java:134)
~[java/:?]
at
org.apache.solr.security.KerberosPlugin.doAuthenticate(KerberosPlugin.java:270)
~[java/:?]
at
org.apache.solr.servlet.SolrDispatchFilter.authenticateRequest(SolrDispatchFilter.java:452)
~[java/:?]
at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:347)
~[java/:?]
at
org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:324)
~[java/:?]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.apache.solr.client.solrj.embedded.JettySolrRunner$DebugFilter.doFilter(JettySolrRunner.java:140)
~[java/:?]
at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:674)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.Server.handle(Server.java:531)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:293)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:178)
~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:148)
~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:440)
~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.HttpConnection.onCompleted(HttpConnection.java:385)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.HttpChannelOverHttp.upgrade(HttpChannelOverHttp.java:481)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.HttpChannelOverHttp.headerComplete(HttpChannelOverHttp.java:372)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.http.HttpParser.handleHeaderContentMessage(HttpParser.java:594)
~[jetty-http-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.http.HttpParser.parseFields(HttpParser.java:1219)
~[jetty-http-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1508)
~[jetty-http-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.HttpConnection.parseRequestBuffer(HttpConnection.java:360)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:250)
~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132)
~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
{code}
This error comes from Jetty Hpack when it tries to compress this header
{code}
Set-Cookie: hadoop.auth=; Path=/; Domain=127.0.0.1; Expires=Déar,
01-Ean-1970 00:00:00 GMT; HttpOnly
{code}
Déar mean Thursday in Ireland and Jetty Hpack can't encode Unicode character.
That header is generated by
org.apache.hadoop.security.authentication.server.AuthenticationFilter.createAuthCookie()
I posted this problem to the community and Greg said that
(https://github.com/eclipse/jetty.project/issues/2815)
{quote}
I'm pretty sure that unicode characters are not legal for HTTP field values, as
RFC7230 says:
Historically, HTTP has allowed field content with text in the
ISO-8859-1 charset [ISO-8859-1], supporting other charsets only
through use of [RFC2047] encoding. In practice, most HTTP header
field values use only a subset of the US-ASCII charset [USASCII].
Newly defined header fields SHOULD limit their field values to
US-ASCII octets. A recipient SHOULD treat other octets in field
content (obs-text) as opaque data.
So I don't think that header is legal... but it should not fail in hpack, whose
RFC says it should treat fields as opaque octets!
{quote}
Therefore I think preventing Unicode character generated from
{{AuthenticationFilter}} should be a good idea.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
