[
https://issues.apache.org/jira/browse/HADOOP-15681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-15681:
------------------------------------
Component/s: security
> AuthenticationFilter should generate valid date format for Set-Cookie header
> regardless of default Locale
> ---------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-15681
> URL: https://issues.apache.org/jira/browse/HADOOP-15681
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.2.0
> Reporter: Cao Manh Dat
> Priority: Major
> Attachments: HADOOP-15681.patch
>
>
> Hi guys,
> When I try to set up Hadoop Kerberos authentication for Solr (HTTP2), I met
> this exception:
> {code}
> java.lang.IllegalArgumentException: null
> at org.eclipse.jetty.http2.hpack.Huffman.octetsNeeded(Huffman.java:435)
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.http2.hpack.Huffman.octetsNeeded(Huffman.java:409)
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.hpack.HpackEncoder.encodeValue(HpackEncoder.java:368)
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:302)
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:179)
> ~[http2-hpack-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1163)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:184)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:224)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:685)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:657)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:107)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:235)
> ~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:134)
> ~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:790)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:846)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:240)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:216)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:298)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:49)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:163)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.Response.closeOutput(Response.java:1038)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ErrorHandler.generateAcceptableResponse(ErrorHandler.java:178)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ErrorHandler.doError(ErrorHandler.java:142)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ErrorHandler.handle(ErrorHandler.java:78)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.Response.sendError(Response.java:655)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:158)
> ~[javax.servlet-api-3.1.0.jar:3.1.0]
> at
> javax.servlet.http.HttpServletResponseWrapper.sendError(HttpServletResponseWrapper.java:158)
> ~[javax.servlet-api-3.1.0.jar:3.1.0]
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:580)
> ~[hadoop-auth-2.7.4.jar:?]
> at
> org.apache.solr.security.DelegationTokenKerberosFilter.doFilter(DelegationTokenKerberosFilter.java:134)
> ~[java/:?]
> at
> org.apache.solr.security.KerberosPlugin.doAuthenticate(KerberosPlugin.java:270)
> ~[java/:?]
> at
> org.apache.solr.servlet.SolrDispatchFilter.authenticateRequest(SolrDispatchFilter.java:452)
> ~[java/:?]
> at
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:347)
> ~[java/:?]
> at
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:324)
> ~[java/:?]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
> ~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.apache.solr.client.solrj.embedded.JettySolrRunner$DebugFilter.doFilter(JettySolrRunner.java:140)
> ~[java/:?]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
> ~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
> ~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
> ~[jetty-servlet-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:674)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.Server.handle(Server.java:531)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:293)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:178)
> ~[http2-common-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:148)
> ~[http2-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:440)
> ~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.HttpConnection.onCompleted(HttpConnection.java:385)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.HttpChannelOverHttp.upgrade(HttpChannelOverHttp.java:481)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.HttpChannelOverHttp.headerComplete(HttpChannelOverHttp.java:372)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.http.HttpParser.handleHeaderContentMessage(HttpParser.java:594)
> ~[jetty-http-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.http.HttpParser.parseFields(HttpParser.java:1219)
> ~[jetty-http-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1508)
> ~[jetty-http-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.HttpConnection.parseRequestBuffer(HttpConnection.java:360)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:250)
> ~[jetty-server-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
> ~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
> ~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
> ~[jetty-io-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132)
> ~[jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
> [jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
> [jetty-util-9.4.11.v20180605.jar:9.4.11.v20180605]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
> {code}
> This error comes from Jetty Hpack when it tries to compress this header
> {code}
> Set-Cookie: hadoop.auth=; Path=/; Domain=127.0.0.1; Expires=Déar,
> 01-Ean-1970 00:00:00 GMT; HttpOnly
> {code}
> Déar mean Thursday in Ireland and Jetty Hpack can't encode Unicode character.
> That header is generated by
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.createAuthCookie()
> I posted this problem to the Jetty community and Greg said that
> (https://github.com/eclipse/jetty.project/issues/2815)
> {quote}
> I'm pretty sure that unicode characters are not legal for HTTP field values,
> as RFC7230 says:
> Historically, HTTP has allowed field content with text in the
> ISO-8859-1 charset [ISO-8859-1], supporting other charsets only
> through use of [RFC2047] encoding. In practice, most HTTP header
> field values use only a subset of the US-ASCII charset [USASCII].
> Newly defined header fields SHOULD limit their field values to
> US-ASCII octets. A recipient SHOULD treat other octets in field
> content (obs-text) as opaque data.
> So I don't think that header is legal... but it should not fail in hpack,
> whose RFC says it should treat fields as opaque octets!
> {quote}
> Therefore I think preventing Unicode character generated from
> {{AuthenticationFilter}} should be a good idea.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
