[
https://issues.apache.org/jira/browse/HDFS-9711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HDFS-9711:
--------------------------------
Attachment: HDFS-9711.004.patch
I'm attaching patch v004. The only changes since v003 are in
{{RestCsrfPreventionFilter}} and {{RestCsrfPreventionFilterHandler}}.
This is a different approach. I introduced an {{HttpInteraction}} interface
that defines the bare minimum API required by the filter to execute the CSRF
prevention logic. {{doFilter}} implements this interface as a passthrough to
the servlet API. {{RestCsrfPreventionFilterHandler}} implements it in terms of
the Netty API. Since {{HttpInteraction}} is a minimal interface, it avoids the
problem of needing to implement all those servlet API methods that I talked
about in my last comment.
The benefit of this approach is that it improves encapsulation. The DataNode
code no longer needs to know what headers the filter wants to read or what kind
of error message it wants to send back. I expect it's less likely that changes
in the filter logic would trigger corresponding changes in the DataNode code.
The possible drawback is that the extra level of indirection perhaps makes the
code a little less readable. [~lmccay], what is your opinion?
> Integrate CSRF prevention filter in WebHDFS.
> --------------------------------------------
>
> Key: HDFS-9711
> URL: https://issues.apache.org/jira/browse/HDFS-9711
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: datanode, namenode, webhdfs
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HDFS-9711.001.patch, HDFS-9711.002.patch,
> HDFS-9711.003.patch, HDFS-9711.004.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard
> against cross-site request forgery attacks. This issue tracks integration of
> that filter in WebHDFS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
