[
https://issues.apache.org/jira/browse/HDDS-14149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044877#comment-18044877
]
Navin Kumar edited comment on HDDS-14149 at 12/13/25 4:51 PM:
--------------------------------------------------------------
Hi [~weichiu] I am able to repro the issue in cdp env .
Only difference i noticed how jetty handles trimming internally for upstream
and cdp env resulting different message
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
{code}
Also as [~adoroszlai]mentioned the issue is caused by passing the
authorization header "Bearer" without token.
I would like to work on this issue and share the patch.
was (Author: nakumar):
Hi [~weichiu] I am able to repro the issue in cdp env .
Only difference i noticed how jetty handles trimming internally for upstream
and cdp env rsulting diffrent message
{code:java}
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
{code}
Also as [~adoroszlai]mentioned the issue is caused by passing the
authorization header "Bearer" without token.
I would like to work on this issue and share the patch.
> Prometheus servlet token parsing throws StringIndexOutOfBoundsException
> -----------------------------------------------------------------------
>
> Key: HDDS-14149
> URL: https://issues.apache.org/jira/browse/HDDS-14149
> Project: Apache Ozone
> Issue Type: Bug
> Components: server-framework
> Reporter: Wei-Chiu Chuang
> Priority: Minor
> Labels: GoodForNewContributors, good-first-issue
>
> Trying to debug a Prometheus endpoint authorization issue and found this log
> message in the OM log:
> {noformat}
> 2025-12-09 20:22:11,390 WARN
> [qtp1790831319-402]-org.eclipse.jetty.server.HttpChannel: /prom
> java.lang.StringIndexOutOfBoundsException: begin 7, end 6, length 6
> at java.base/java.lang.String.checkBoundsBeginEnd(String.java:4606)
> at java.base/java.lang.String.substring(String.java:2709)
> at java.base/java.lang.String.substring(String.java:2682)
> at
> org.apache.hadoop.hdds.server.http.PrometheusServlet.doGet(PrometheusServlet.java:53)
> {noformat}
> A typical Prometheus sends the following HTTP request to the endpoint:
> {noformat}
> User-Agent: Prometheus/2.45.3
> Accept:
> application/openmetrics-text;version=1.0.0,application/openmetrics-text;version=0.0.1;q=0.75,text/plain;version=0.0.4;q=0.5,*/*;q=0.1
> Accept-Encoding: gzip
> Authorization: Bearer <token>
> X-Prometheus-Scrape-Timeout-Seconds: 10
> {noformat}
> Apart from these log messages I don't have much clue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
