Kevin Risden created HIVE-22841:
-----------------------------------
Summary: CookieSigner should not throw IllegalArgumentException on
invalid cookie signature
Key: HIVE-22841
URL: https://issues.apache.org/jira/browse/HIVE-22841
Project: Hive
Issue Type: Bug
Components: HiveServer2
Reporter: Kevin Risden
Assignee: Kevin Risden
Currently CookieSigner throws an IllegalArgumentException if the cookie
signature is invalid.
{code:java}
if (!MessageDigest.isEqual(originalSignature.getBytes(),
currentSignature.getBytes())) {
throw new IllegalArgumentException("Invalid sign, original = " +
originalSignature +
" current = " + currentSignature);
}
{code}
CookieSigner is only used in the ThriftHttpServlet#getClientNameFromCookie and
doesn't handle the IllegalArgumentException. It is only checking if the value
from the cookie is null or not.
https://github.com/apache/hive/blob/master/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java#L295
{code:java}
currValue = signer.verifyAndExtract(currValue);
// Retrieve the user name, do the final validation step.
if (currValue != null) {
{code}
This should be fixed to either:
a) Have CookieSigner not return an IllegalArgumentException
b) Improve ThriftHttpServlet to handle CookieSigner throwing an
IllegalArgumentException
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
