summaryrefslogtreecommitdiff
path: root/hadoop-common-project
diff options
context:
space:
mode:
authorDaniel Templeton <templedf@apache.org>2018-06-01 14:42:39 -0700
committerDaniel Templeton <templedf@apache.org>2018-06-01 14:45:01 -0700
commitf13e01fdfe0e6c2bce5f9615074c7c90fa65d91c (patch)
tree42d57dfe5d5683daacb379a32874a955b1da4c63 /hadoop-common-project
parentc6becec3920313335fd72856216b30a9615b0c30 (diff)
HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2
(Contributed by Haibo Yan via Daniel Templeton) Change-Id: I28edde8125dd20d8d270f0e609d1c04d8173c8b7 (cherry picked from commit cba319499822a2475c60c43ea71f8e78237e139f) (cherry picked from commit 09fd1348e855302f6f238917a98997d935c373c8)
Diffstat (limited to 'hadoop-common-project')
-rw-r--r--hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java7
1 files changed, 5 insertions, 2 deletions
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
index b6c2f1994d..e83f7f8bcb 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
@@ -1358,8 +1358,11 @@ public final class HttpServer2 implements FilterContainer {
if (servletContext.getAttribute(ADMINS_ACL) != null &&
!userHasAdministratorAccess(servletContext, remoteUser)) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
- + remoteUser + " is unauthorized to access this page.");
+ response.sendError(HttpServletResponse.SC_FORBIDDEN,
+ "Unauthenticated users are not " +
+ "authorized to access this page.");
+ LOG.warn("User " + remoteUser + " is unauthorized to access the page "
+ + request.getRequestURI() + ".");
return false;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 10:18:40 +0000