Kevin Risden created HIVE-22841: ----------------------------------- Summary: CookieSigner should not throw IllegalArgumentException on invalid cookie signature Key: HIVE-22841 URL: https://issues.apache.org/jira/browse/HIVE-22841 Project: Hive Issue Type: Bug Components: HiveServer2 Reporter: Kevin Risden Assignee: Kevin Risden
Currently CookieSigner throws an IllegalArgumentException if the cookie signature is invalid. {code:java} if (!MessageDigest.isEqual(originalSignature.getBytes(), currentSignature.getBytes())) { throw new IllegalArgumentException("Invalid sign, original = " + originalSignature + " current = " + currentSignature); } {code} CookieSigner is only used in the ThriftHttpServlet#getClientNameFromCookie and doesn't handle the IllegalArgumentException. It is only checking if the value from the cookie is null or not. https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java#L295 {code:java} currValue = signer.verifyAndExtract(currValue); // Retrieve the user name, do the final validation step. if (currValue != null) { {code} This should be fixed to either: a) Have CookieSigner not return an IllegalArgumentException b) Improve ThriftHttpServlet to handle CookieSigner throwing an IllegalArgumentException -- This message was sent by Atlassian Jira (v8.3.4#803005)