[jira] [Updated] (YARN-2844) WebAppProxyServlet cannot handle urls which contain encoded characters

Mon, 10 Nov 2014 23:52:23 -0800 

     [ 
https://issues.apache.org/jira/browse/YARN-2844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shixiong Zhu updated YARN-2844:
-------------------------------
    Attachment: YARN-2844.patch

> WebAppProxyServlet cannot handle urls which contain encoded characters
> ----------------------------------------------------------------------
>
>                 Key: YARN-2844
>                 URL: https://issues.apache.org/jira/browse/YARN-2844
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: webapp
>            Reporter: Shixiong Zhu
>            Priority: Minor
>         Attachments: YARN-2844.patch
>
>
> WebAppProxyServlet has a bug about the URL encode/decode. This was found when 
> running Spark on Yarn.
> When a user accesses 
> "http://example.com:8088/proxy/application_1415344371838_0006/executors/threadDump/?executorId=%3Cdriver%3E";,
>  WebAppProxyServlet will require 
> "http://example.com:36429/executors/threadDump/?executorId=%25253Cdriver%25253E";.
>  But Spark Web Server expects 
> "http://example.com:36429/executors/threadDump/?executorId=%3Cdriver%3E";.
> Here are problems I found in WebAppProxyServlet.
> 1. java.net.URI.toString returns an encoded url string. So the following code 
> in WebAppProxyServlet should use `true` instead of `false`.
> {code:java}
> org.apache.commons.httpclient.URI uri = 
>       new org.apache.commons.httpclient.URI(link.toString(), false);
> {code}
> 2. 
> [HttpServletRequest.getPathInfo()|https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getPathInfo()]
>  will returns a decoded string. Therefore, if the link is 
> http://example.com:8088/proxy/application_1415344371838_0006/John%2FHunter, 
> pathInfo will be "/application_1415344371838_0006/John/Hunter". Then the URI 
> created in WebAppProxyServlet will be something like ".../John/Hunter", but 
> the correct link should be ".../John%2FHunber". We can use 
> [HttpServletRequest.getRequestURI()|https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRequestURI()]
>  to get the raw path.
> {code:java}
> final String pathInfo = req.getPathInfo();
> {code}
> 3. Use  wrong URI constructor. [URI(String scheme, String authority, String 
> path, String query, String 
> fragment)|https://docs.oracle.com/javase/7/docs/api/java/net/URI.html#URI(java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String,%20java.lang.String)]
>  will encode the path and query which have already been encoded. Should use 
> [URI(String 
> str)|https://docs.oracle.com/javase/7/docs/api/java/net/URI.html#URI(java.lang.String)]
>  directly since the url has already been encoded.
> {code:java}
>       URI toFetch = new URI(trackingUri.getScheme(), 
>           trackingUri.getAuthority(),
>           StringHelper.ujoin(trackingUri.getPath(), rest), 
> req.getQueryString(),
>           null);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to