[jira] [Commented] (HBASE-21500) "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version
[ https://issues.apache.org/jira/browse/HBASE-21500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798732#comment-17798732 ] Hudson commented on HBASE-21500: Results for branch branch-3 [build #106 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/106/]: (/) *{color:green}+1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/106/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/106/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-3/106/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version > - > > Key: HBASE-21500 > URL: https://issues.apache.org/jira/browse/HBASE-21500 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-1, 2.1.0, 2.0.0, 2.0.1, 2.1.1 >Reporter: Bhupendra Kumar Jain >Assignee: Nihal Jain >Priority: Minor > Fix For: 2.6.0, 3.0.0-beta-1 > > Attachments: HBASE-21500.master.001.patch > > > Noticed that Jetty aliases parameter in HttpServer.java > "*org.mortbay.jetty.servlet.Default.aliases*" is as per old jetty version and > need to change as per jetty 9.x new version after the HBASE-12894 > Refer > https://github.com/apache/hbase/blob/405bf5e6383a09f435baadbac6c389e9f6c43ac6/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L647 > It should be *"org.eclipse.jetty.servlet.Default.aliases"* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-21500) "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version
[ https://issues.apache.org/jira/browse/HBASE-21500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798726#comment-17798726 ] Hudson commented on HBASE-21500: Results for branch master [build #967 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/967/]: (/) *{color:green}+1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/967/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/967/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/master/967/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version > - > > Key: HBASE-21500 > URL: https://issues.apache.org/jira/browse/HBASE-21500 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-1, 2.1.0, 2.0.0, 2.0.1, 2.1.1 >Reporter: Bhupendra Kumar Jain >Assignee: Nihal Jain >Priority: Minor > Fix For: 2.6.0, 3.0.0-beta-1 > > Attachments: HBASE-21500.master.001.patch > > > Noticed that Jetty aliases parameter in HttpServer.java > "*org.mortbay.jetty.servlet.Default.aliases*" is as per old jetty version and > need to change as per jetty 9.x new version after the HBASE-12894 > Refer > https://github.com/apache/hbase/blob/405bf5e6383a09f435baadbac6c389e9f6c43ac6/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L647 > It should be *"org.eclipse.jetty.servlet.Default.aliases"* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-21500) "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version
[ https://issues.apache.org/jira/browse/HBASE-21500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798462#comment-17798462 ] Hudson commented on HBASE-21500: Results for branch branch-2 [build #946 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/946/]: (x) *{color:red}-1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/946/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/946/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (x) {color:red}-1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/946/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (x) {color:red}-1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/946/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version > - > > Key: HBASE-21500 > URL: https://issues.apache.org/jira/browse/HBASE-21500 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-1, 2.1.0, 2.0.0, 2.0.1, 2.1.1 >Reporter: Bhupendra Kumar Jain >Assignee: Nihal Jain >Priority: Minor > Fix For: 2.6.0, 3.0.0-beta-1 > > Attachments: HBASE-21500.master.001.patch > > > Noticed that Jetty aliases parameter in HttpServer.java > "*org.mortbay.jetty.servlet.Default.aliases*" is as per old jetty version and > need to change as per jetty 9.x new version after the HBASE-12894 > Refer > https://github.com/apache/hbase/blob/405bf5e6383a09f435baadbac6c389e9f6c43ac6/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L647 > It should be *"org.eclipse.jetty.servlet.Default.aliases"* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-21500) "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version
[ https://issues.apache.org/jira/browse/HBASE-21500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798446#comment-17798446 ] Hudson commented on HBASE-21500: Results for branch branch-2.6 [build #14 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.6/14/]: (/) *{color:green}+1 overall{color}* details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.6/14/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.6/14/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.6/14/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.6/14/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version > - > > Key: HBASE-21500 > URL: https://issues.apache.org/jira/browse/HBASE-21500 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-1, 2.1.0, 2.0.0, 2.0.1, 2.1.1 >Reporter: Bhupendra Kumar Jain >Assignee: Nihal Jain >Priority: Minor > Fix For: 2.6.0, 3.0.0-beta-1 > > Attachments: HBASE-21500.master.001.patch > > > Noticed that Jetty aliases parameter in HttpServer.java > "*org.mortbay.jetty.servlet.Default.aliases*" is as per old jetty version and > need to change as per jetty 9.x new version after the HBASE-12894 > Refer > https://github.com/apache/hbase/blob/405bf5e6383a09f435baadbac6c389e9f6c43ac6/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L647 > It should be *"org.eclipse.jetty.servlet.Default.aliases"* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-21500) "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version
[ https://issues.apache.org/jira/browse/HBASE-21500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17798284#comment-17798284 ] Nihal Jain commented on HBASE-21500: Thanks for the review [~zhangduo]. Also let me know if we can push for branch-2.5 a nd branch-2.4. Skipped for now, as seems no one is using this feature of disabling symlinks. > "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version > - > > Key: HBASE-21500 > URL: https://issues.apache.org/jira/browse/HBASE-21500 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-1, 2.1.0, 2.0.0, 2.0.1, 2.1.1 >Reporter: Bhupendra Kumar Jain >Assignee: Nihal Jain >Priority: Minor > Fix For: 2.6.0, 3.0.0-beta-2 > > Attachments: HBASE-21500.master.001.patch > > > Noticed that Jetty aliases parameter in HttpServer.java > "*org.mortbay.jetty.servlet.Default.aliases*" is as per old jetty version and > need to change as per jetty 9.x new version after the HBASE-12894 > Refer > https://github.com/apache/hbase/blob/405bf5e6383a09f435baadbac6c389e9f6c43ac6/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L647 > It should be *"org.eclipse.jetty.servlet.Default.aliases"* -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (HBASE-21500) "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version
[ https://issues.apache.org/jira/browse/HBASE-21500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17797501#comment-17797501 ] Nihal Jain commented on HBASE-21500: Copy pasted RCA from github PR: Changing the property name to {{org.eclipse.jetty.servlet.Default.aliases}} does not solve the problem. Upon investigating found that in [Jetty#ContextHandler|https://github.com/jetty/jetty.project/blob/d49f298c7f5361161cd71264aabd50dbfc8e4c59/jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java], {{SymlinkAllowedResourceAliasChecker}} is added by default, irrespective of whether {{hbase.jetty.logs.serve.aliases}} is set to {{true}} or {{{}false{}}}, allowing aliases for {{/logs}} always. Hence issue is revealed only if the value is set to {{{}false{}}}. See [serving-aliased-files|https://github.com/jetty/jetty.project/blob/jetty-9.4.53.v20231009/jetty-documentation/src/main/asciidoc/configuring/security/serving-aliased-files.adoc] for how this feature works. Based on the docs, I have created a patch with fix. To test the fix following steps were followed: # Disallowed flow * Build code with {{assembly:single}} * Untar the tarball * Configure {{hbase.jetty.logs.serve.aliases}} to {{false}} and start hbase in local mode hbase.jetty.logs.serve.aliases false * Goto logs directory and run following: ** {{touch /tmp/test.txt test.txt}} ** {{ln -s /tmp/test.txt test.txt}} * Goto {{http://localhost:16010/logs/test.txt}} and a 404 error should be thrown. See [!https://private-user-images.githubusercontent.com/3429351/291016234-12ad9b92-3808-40b0-a9b3-d135ce156623.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTEiLCJleHAiOjE3MDI3NjMxNzMsIm5iZiI6MTcwMjc2Mjg3MywicGF0aCI6Ii8zNDI5MzUxLzI5MTAxNjIzNC0xMmFkOWI5Mi0zODA4LTQwYjAtYTliMy1kMTM1Y2UxNTY2MjMucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQUlXTkpZQVg0Q1NWRUg1M0ElMkYyMDIzMTIxNiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyMzEyMTZUMjE0MTEzWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ODgzODY2NjljNGNiYzk4YTVjMjY2ODMzN2EyMmI3ZTQ0ZDdmMGI1YWRiMGQ3NDQ5MzMxNDcxOWUxYzI3MjBmNCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.biyQngECGTa9eHMuY46JhVF6dP3cd_lfSK7v-stgjdo|width=556!|https://private-user-images.githubusercontent.com/3429351/291016234-12ad9b92-3808-40b0-a9b3-d135ce156623.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTEiLCJleHAiOjE3MDI3NjMxNzMsIm5iZiI6MTcwMjc2Mjg3MywicGF0aCI6Ii8zNDI5MzUxLzI5MTAxNjIzNC0xMmFkOWI5Mi0zODA4LTQwYjAtYTliMy1kMTM1Y2UxNTY2MjMucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQUlXTkpZQVg0Q1NWRUg1M0ElMkYyMDIzMTIxNiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyMzEyMTZUMjE0MTEzWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ODgzODY2NjljNGNiYzk4YTVjMjY2ODMzN2EyMmI3ZTQ0ZDdmMGI1YWRiMGQ3NDQ5MzMxNDcxOWUxYzI3MjBmNCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.biyQngECGTa9eHMuY46JhVF6dP3cd_lfSK7v-stgjdo] # Allowed flow, which is current default behavior and works even without the patch * Repeat above steps {{hbase.jetty.logs.serve.aliases}} to {{true}} or just remove it. * We should be able to access symlinked file test.txt > "hbase.jetty.logs.serve.aliases" is broken with jetty 9.x version > - > > Key: HBASE-21500 > URL: https://issues.apache.org/jira/browse/HBASE-21500 > Project: HBase > Issue Type: Bug >Affects Versions: 3.0.0-alpha-1, 2.1.0, 2.0.0, 2.0.1, 2.1.1 >Reporter: Bhupendra Kumar Jain >Assignee: Nihal Jain >Priority: Minor > Fix For: 3.0.0-beta-2 > > Attachments: HBASE-21500.master.001.patch > > > Noticed that Jetty aliases parameter in HttpServer.java > "*org.mortbay.jetty.servlet.Default.aliases*" is as per old jetty version and > need to change as per jetty 9.x new version after the HBASE-12894 > Refer > https://github.com/apache/hbase/blob/405bf5e6383a09f435baadbac6c389e9f6c43ac6/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java#L647 > It should be *"org.eclipse.jetty.servlet.Default.aliases"* -- This message was sent by Atlassian Jira (v8.20.10#820010)