[
https://issues.apache.org/jira/browse/KNOX-879?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15868658#comment-15868658
]
Sandeep More commented on KNOX-879:
-----------------------------------
Thank you for reporting the bug [~ssainath] !
The problem here seems to be the special character " (double quotes) and not
the = (equals) symbol you suspect.
Infact in your second example you have = symbol two times, it worked because it
did not have " symbol.
The problem seems to be coming from our code which is expecting the url that is
passed by SSO as URI. URI spec specifically state that (see RFC 3986 -
https://tools.ietf.org/html/rfc3986#section-2.2)
Changing URI to URL will work since " (double quotes) is not part of the
reserved symbols for URL as per RFC 1738 https://www.ietf.org/rfc/rfc1738.txt
i.e. reserved = ";" | "/" | "?" | ":" | "@" | "&" | "="
I will upload the patch that fixes this issue so folks can review it.
> Error in knox query processing when original url contains a parameter with
> value containing "="
> -----------------------------------------------------------------------------------------------
>
> Key: KNOX-879
> URL: https://issues.apache.org/jira/browse/KNOX-879
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Reporter: Sharmadha Sainath
> Assignee: Sandeep More
> Fix For: 0.12.0
>
>
> Issue seen while working Atlas with Knox SSO.
> Atlas is set up to use Knox SSO form login for authentication.
> DSL Search query : hive_table where name="table_1" is encoded by Atlas as
> {code}
> http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table+where+name%3D%22table_1%22
> {code}
> When the above query is fired , it is redirected to knox gateway as :
> {code}
> https:/KnoxGatewayHost:8443/gateway/knoxsso/knoxauth/login.html?originalUrl=http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table+where+name%3D%22table_1%22
> {code}
> On providing correct credentials and trying to sign in , knox threw 500
> Internal server error with response :
> {code}
> Problem accessing /gateway/knoxsso/api/v1/websso.
> {code}
> Following exceptions are found in knox gateway logs :
> {code}
> 2017-02-10 11:19:36,649 INFO service.knoxsso
> (WebSSOResource.java:getCookieValue(317)) - Unable to find cookie with name:
> original-url
> 2017-02-10 11:19:36,653 ERROR service.knoxsso
> (WebSSOResource.java:addJWTHadoopCookie(294)) - Unable to add cookie to
> response. Illegal character in query at index 103:
> http://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:21000/api/atlas/v2/search/dsl?limit=25&query="table_1":
> [Ljava.lang.StackTraceElement;@479999f5
> {code}
> (Note : host name is masked with "x" chars matching with length of the actual
> Atlas host name so that "index 103" in gateway logs would make sense)
> Actual query was :
> hive_table where name="table_"
> which now became :
> "table_1"
> because of the equals character found twice in the query (near query once and
> near name once)
> {code}
> ?limit=25&query=hive_table where name="table_1"
> {code}
> The following query is processed well by Knox as there are no extra "equals"
> {code}
> http://AtlasHost:21000/api/atlas/v2/search/dsl?limit=25&query=hive_table
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
