[
https://issues.apache.org/jira/browse/HDDS-14149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044361#comment-18044361
]
Attila Doroszlai edited comment on HDDS-14149 at 12/11/25 7:16 AM:
-------------------------------------------------------------------
{code:title=https://github.com/apache/ozone/blob/667057285730c2c85ba6835b11177c9b477c0790/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/PrometheusServlet.java#L49-L53}
String authorizationHeader = req.getHeader("Authorization");
if (authorizationHeader == null
|| !authorizationHeader.startsWith(BEARER)
|| !securityToken.equals(
authorizationHeader.substring(BEARER.length() + 1))) {
{code}
Based on the code, exception can happen due to this header (i.e. "Bearer"
without token):
{code}
Authorization: Bearer
{code}
was (Author: adoroszlai):
{code:title=https://github.com/apache/ozone/blob/667057285730c2c85ba6835b11177c9b477c0790/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/PrometheusServlet.java#L49-L53}
String authorizationHeader = req.getHeader("Authorization");
if (authorizationHeader == null
|| !authorizationHeader.startsWith(BEARER)
|| !securityToken.equals(
authorizationHeader.substring(BEARER.length() + 1))) {
{code}
Based on the code, exception can happen due to this header:
{code}
Authorization: Bearer
{code}
> Prometheus servlet token parsing throws StringIndexOutOfBoundsException
> -----------------------------------------------------------------------
>
> Key: HDDS-14149
> URL: https://issues.apache.org/jira/browse/HDDS-14149
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Priority: Major
>
> Trying to debug a Prometheus endpoint authorization issue and found this log
> message in the OM log:
> {noformat}
> 2025-12-09 20:22:11,390 WARN
> [qtp1790831319-402]-org.eclipse.jetty.server.HttpChannel: /prom
> java.lang.StringIndexOutOfBoundsException: begin 7, end 6, length 6
> at java.base/java.lang.String.checkBoundsBeginEnd(String.java:4606)
> at java.base/java.lang.String.substring(String.java:2709)
> at java.base/java.lang.String.substring(String.java:2682)
> at
> org.apache.hadoop.hdds.server.http.PrometheusServlet.doGet(PrometheusServlet.java:53)
> {noformat}
> A typical Prometheus sends the following HTTP request to the endpoint:
> {noformat}
> User-Agent: Prometheus/2.45.3
> Accept:
> application/openmetrics-text;version=1.0.0,application/openmetrics-text;version=0.0.1;q=0.75,text/plain;version=0.0.4;q=0.5,*/*;q=0.1
> Accept-Encoding: gzip
> Authorization: Bearer <token>
> X-Prometheus-Scrape-Timeout-Seconds: 10
> {noformat}
> Apart from these log messages I don't have much clue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
