diff options
author | Daniel Templeton <templedf@apache.org> | 2018-06-01 14:42:39 -0700 |
---|---|---|
committer | Daniel Templeton <templedf@apache.org> | 2018-06-01 14:45:01 -0700 |
commit | f13e01fdfe0e6c2bce5f9615074c7c90fa65d91c (patch) | |
tree | 42d57dfe5d5683daacb379a32874a955b1da4c63 /hadoop-common-project | |
parent | c6becec3920313335fd72856216b30a9615b0c30 (diff) |
HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2
(Contributed by Haibo Yan via Daniel Templeton)
Change-Id: I28edde8125dd20d8d270f0e609d1c04d8173c8b7
(cherry picked from commit cba319499822a2475c60c43ea71f8e78237e139f)
(cherry picked from commit 09fd1348e855302f6f238917a98997d935c373c8)
Diffstat (limited to 'hadoop-common-project')
-rw-r--r-- | hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index b6c2f1994d..e83f7f8bcb 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -1358,8 +1358,11 @@ public final class HttpServer2 implements FilterContainer { if (servletContext.getAttribute(ADMINS_ACL) != null && !userHasAdministratorAccess(servletContext, remoteUser)) { - response.sendError(HttpServletResponse.SC_FORBIDDEN, "User " - + remoteUser + " is unauthorized to access this page."); + response.sendError(HttpServletResponse.SC_FORBIDDEN, + "Unauthenticated users are not " + + "authorized to access this page."); + LOG.warn("User " + remoteUser + " is unauthorized to access the page " + + request.getRequestURI() + "."); return false; } |