This is an automated email from the ASF dual-hosted git repository.
lzljs3620320 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/paimon.git
The following commit(s) were added to refs/heads/master by this push:
new ccc2d0f86e [rest] remove additional signed headers (#5261)
ccc2d0f86e is described below
commit ccc2d0f86e60ae04dd306dac056bc85c3dbc98c2
Author: Jiajia Li <[email protected]>
AuthorDate: Wed Mar 12 12:53:41 2025 +0800
[rest] remove additional signed headers (#5261)
---
.../main/java/org/apache/paimon/rest/HttpClient.java | 19 +++++++------------
.../org/apache/paimon/rest/auth/DLFAuthProvider.java | 9 ++-------
.../org/apache/paimon/rest/auth/DLFAuthSignature.java | 17 ++---------------
.../apache/paimon/rest/auth/RESTAuthParameter.java | 12 +-----------
.../java/org/apache/paimon/rest/HttpClientTest.java | 1 -
.../org/apache/paimon/rest/MockRESTCatalogTest.java | 8 ++++----
.../org/apache/paimon/rest/RESTCatalogServer.java | 6 +-----
.../org/apache/paimon/rest/auth/AuthSessionTest.java | 5 ++---
.../apache/paimon/rest/auth/DLFAuthSignatureTest.java | 10 +++-------
9 files changed, 22 insertions(+), 65 deletions(-)
diff --git a/paimon-core/src/main/java/org/apache/paimon/rest/HttpClient.java
b/paimon-core/src/main/java/org/apache/paimon/rest/HttpClient.java
index a693cd2f48..05cf386be9 100644
--- a/paimon-core/src/main/java/org/apache/paimon/rest/HttpClient.java
+++ b/paimon-core/src/main/java/org/apache/paimon/rest/HttpClient.java
@@ -35,7 +35,6 @@ import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
-import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Arrays;
@@ -83,7 +82,7 @@ public class HttpClient implements RESTClient {
@Override
public <T extends RESTResponse> T get(
String path, Class<T> responseType, RESTAuthFunction
restAuthFunction) {
- Map<String, String> authHeaders = getHeaders(uri, path, "GET", "",
restAuthFunction);
+ Map<String, String> authHeaders = getHeaders(path, "GET", "",
restAuthFunction);
Request request =
new Request.Builder()
.url(getRequestUrl(uri, path, null))
@@ -100,7 +99,7 @@ public class HttpClient implements RESTClient {
Class<T> responseType,
RESTAuthFunction restAuthFunction) {
Map<String, String> authHeaders =
- getHeaders(uri, path, queryParams, "GET", "",
restAuthFunction);
+ getHeaders(path, queryParams, "GET", "", restAuthFunction);
Request request =
new Request.Builder()
.url(getRequestUrl(uri, path, queryParams))
@@ -124,8 +123,7 @@ public class HttpClient implements RESTClient {
RESTAuthFunction restAuthFunction) {
try {
String bodyStr = OBJECT_MAPPER.writeValueAsString(body);
- Map<String, String> authHeaders =
- getHeaders(uri, path, "POST", bodyStr, restAuthFunction);
+ Map<String, String> authHeaders = getHeaders(path, "POST",
bodyStr, restAuthFunction);
RequestBody requestBody = buildRequestBody(bodyStr);
Request request =
new Request.Builder()
@@ -141,7 +139,7 @@ public class HttpClient implements RESTClient {
@Override
public <T extends RESTResponse> T delete(String path, RESTAuthFunction
restAuthFunction) {
- Map<String, String> authHeaders = getHeaders(uri, path, "DELETE", "",
restAuthFunction);
+ Map<String, String> authHeaders = getHeaders(path, "DELETE", "",
restAuthFunction);
Request request =
new Request.Builder()
.url(getRequestUrl(uri, path, null))
@@ -156,8 +154,7 @@ public class HttpClient implements RESTClient {
String path, RESTRequest body, RESTAuthFunction restAuthFunction) {
try {
String bodyStr = OBJECT_MAPPER.writeValueAsString(body);
- Map<String, String> authHeaders =
- getHeaders(uri, path, "DELETE", bodyStr, restAuthFunction);
+ Map<String, String> authHeaders = getHeaders(path, "DELETE",
bodyStr, restAuthFunction);
RequestBody requestBody = buildRequestBody(bodyStr);
Request request =
new Request.Builder()
@@ -222,24 +219,22 @@ public class HttpClient implements RESTClient {
}
private static Map<String, String> getHeaders(
- String uri,
String path,
String method,
String data,
Function<RESTAuthParameter, Map<String, String>> headerFunction) {
- return getHeaders(uri, path, Collections.emptyMap(), method, data,
headerFunction);
+ return getHeaders(path, Collections.emptyMap(), method, data,
headerFunction);
}
private static Map<String, String> getHeaders(
- String uri,
String path,
Map<String, String> queryParams,
String method,
String data,
Function<RESTAuthParameter, Map<String, String>> headerFunction) {
RESTAuthParameter restAuthParameter =
- new RESTAuthParameter(URI.create(uri).getHost(), path,
queryParams, method, data);
+ new RESTAuthParameter(path, queryParams, method, data);
return headerFunction.apply(restAuthParameter);
}
diff --git
a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProvider.java
b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProvider.java
index 7b70cb3545..8ab8c59ca9 100644
--- a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProvider.java
+++ b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthProvider.java
@@ -39,7 +39,6 @@ import static
org.apache.paimon.rest.RESTObjectMapper.OBJECT_MAPPER;
/** Auth provider for <b>Ali CLoud</b> DLF. */
public class DLFAuthProvider implements AuthProvider {
- public static final String DLF_HOST_HEADER_KEY = "Host";
public static final String DLF_AUTHORIZATION_HEADER_KEY = "Authorization";
public static final String DLF_CONTENT_MD5_HEADER_KEY = "Content-MD5";
public static final String DLF_CONTENT_TYPE_KEY = "Content-Type";
@@ -104,10 +103,7 @@ public class DLFAuthProvider implements AuthProvider {
String dateTime = now.format(AUTH_DATE_TIME_FORMATTER);
Map<String, String> signHeaders =
generateSignHeaders(
- restAuthParameter.host(),
- restAuthParameter.data(),
- dateTime,
- token.getSecurityToken());
+ restAuthParameter.data(), dateTime,
token.getSecurityToken());
String authorization =
DLFAuthSignature.getAuthorization(
restAuthParameter, token, region, signHeaders,
dateTime, date);
@@ -121,10 +117,9 @@ public class DLFAuthProvider implements AuthProvider {
}
public static Map<String, String> generateSignHeaders(
- String host, String data, String dateTime, String securityToken)
throws Exception {
+ String data, String dateTime, String securityToken) throws
Exception {
Map<String, String> signHeaders = new HashMap<>();
signHeaders.put(DLF_DATE_HEADER_KEY, dateTime);
- signHeaders.put(DLF_HOST_HEADER_KEY, host);
signHeaders.put(DLF_CONTENT_SHA56_HEADER_KEY, DLF_CONTENT_SHA56_VALUE);
signHeaders.put(DLF_AUTH_VERSION_HEADER_KEY, DLFAuthSignature.VERSION);
if (data != null && !data.isEmpty()) {
diff --git
a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthSignature.java
b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthSignature.java
index 556f4bcfee..144384934a 100644
---
a/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthSignature.java
+++
b/paimon-core/src/main/java/org/apache/paimon/rest/auth/DLFAuthSignature.java
@@ -28,7 +28,6 @@ import javax.crypto.spec.SecretKeySpec;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Base64;
-import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
@@ -39,7 +38,6 @@ import static
org.apache.paimon.rest.auth.DLFAuthProvider.DLF_CONTENT_MD5_HEADER
import static
org.apache.paimon.rest.auth.DLFAuthProvider.DLF_CONTENT_SHA56_HEADER_KEY;
import static org.apache.paimon.rest.auth.DLFAuthProvider.DLF_CONTENT_TYPE_KEY;
import static org.apache.paimon.rest.auth.DLFAuthProvider.DLF_DATE_HEADER_KEY;
-import static org.apache.paimon.rest.auth.DLFAuthProvider.DLF_HOST_HEADER_KEY;
import static
org.apache.paimon.rest.auth.DLFAuthProvider.DLF_SECURITY_TOKEN_HEADER_KEY;
/** generate authorization for <b>Ali CLoud</b> DLF. */
@@ -51,7 +49,6 @@ public class DLFAuthSignature {
private static final String PRODUCT = "DlfNext";
private static final String HMAC_SHA256 = "HmacSHA256";
private static final String REQUEST_TYPE = "aliyun_v4_request";
- private static final String ADDITIONAL_HEADERS_KEY = "AdditionalHeaders";
private static final String SIGNATURE_KEY = "Signature";
private static final String NEW_LINE = "\n";
private static final List<String> SIGNED_HEADERS =
@@ -62,9 +59,6 @@ public class DLFAuthSignature {
DLF_DATE_HEADER_KEY.toLowerCase(),
DLF_AUTH_VERSION_HEADER_KEY.toLowerCase(),
DLF_SECURITY_TOKEN_HEADER_KEY.toLowerCase());
- // must be ordered by alphabetical
- private static final List<String> ADDITIONAL_HEADERS =
- Collections.singletonList(DLF_HOST_HEADER_KEY.toLowerCase());
public static String getAuthorization(
RESTAuthParameter restAuthParameter,
@@ -98,9 +92,6 @@ public class DLFAuthSignature {
region,
PRODUCT,
REQUEST_TYPE),
- String.format(
- "%s=%s",
- ADDITIONAL_HEADERS_KEY,
Joiner.on(",").join(ADDITIONAL_HEADERS)),
String.format("%s=%s", SIGNATURE_KEY, signature));
}
@@ -123,7 +114,7 @@ public class DLFAuthSignature {
}
public static String getCanonicalRequest(
- RESTAuthParameter restAuthParameter, Map<String, String> headers)
throws Exception {
+ RESTAuthParameter restAuthParameter, Map<String, String> headers) {
String canonicalRequest =
Joiner.on(NEW_LINE)
.join(restAuthParameter.method(),
restAuthParameter.resourcePath());
@@ -152,10 +143,6 @@ public class DLFAuthSignature {
canonicalRequest,
String.format("%s:%s", header.getKey(),
header.getValue()));
}
-
- // Additional Headers + "\n" +
- String additionalSignedHeaders =
Joiner.on(";").join(ADDITIONAL_HEADERS);
- canonicalRequest = Joiner.on(NEW_LINE).join(canonicalRequest,
additionalSignedHeaders);
String contentSha56 =
headers.getOrDefault(
DLF_CONTENT_SHA56_HEADER_KEY,
DLFAuthProvider.DLF_CONTENT_SHA56_VALUE);
@@ -168,7 +155,7 @@ public class DLFAuthSignature {
if (headers != null) {
for (Map.Entry<String, String> header : headers.entrySet()) {
String key = header.getKey().toLowerCase();
- if (SIGNED_HEADERS.contains(key) ||
ADDITIONAL_HEADERS.contains(key)) {
+ if (SIGNED_HEADERS.contains(key)) {
orderMap.put(key, StringUtils.trim(header.getValue()));
}
}
diff --git
a/paimon-core/src/main/java/org/apache/paimon/rest/auth/RESTAuthParameter.java
b/paimon-core/src/main/java/org/apache/paimon/rest/auth/RESTAuthParameter.java
index 8c3867b4cd..5ec2d34cee 100644
---
a/paimon-core/src/main/java/org/apache/paimon/rest/auth/RESTAuthParameter.java
+++
b/paimon-core/src/main/java/org/apache/paimon/rest/auth/RESTAuthParameter.java
@@ -26,19 +26,13 @@ import static org.apache.paimon.rest.RESTUtil.encodeString;
/** RestAuthParameter for building rest auth header. */
public class RESTAuthParameter {
- private final String host;
private final String resourcePath;
private final Map<String, String> parameters;
private final String method;
private final String data;
public RESTAuthParameter(
- String host,
- String resourcePath,
- Map<String, String> parameters,
- String method,
- String data) {
- this.host = host;
+ String resourcePath, Map<String, String> parameters, String
method, String data) {
this.resourcePath = resourcePath;
this.parameters = new HashMap<>();
for (Map.Entry<String, String> entry : parameters.entrySet()) {
@@ -48,10 +42,6 @@ public class RESTAuthParameter {
this.data = data;
}
- public String host() {
- return host;
- }
-
public String resourcePath() {
return resourcePath;
}
diff --git
a/paimon-core/src/test/java/org/apache/paimon/rest/HttpClientTest.java
b/paimon-core/src/test/java/org/apache/paimon/rest/HttpClientTest.java
index 9440b9f52d..71bb3cd22b 100644
--- a/paimon-core/src/test/java/org/apache/paimon/rest/HttpClientTest.java
+++ b/paimon-core/src/test/java/org/apache/paimon/rest/HttpClientTest.java
@@ -183,7 +183,6 @@ public class HttpClientTest {
String queryKey = "pageToken";
RESTAuthParameter restAuthParameter =
new RESTAuthParameter(
- "http://a.b.c:8080";,
"/api/v1/tables/my_table$schemas",
ImmutableMap.of(queryKey, "dt=20230101"),
"GET",
diff --git
a/paimon-core/src/test/java/org/apache/paimon/rest/MockRESTCatalogTest.java
b/paimon-core/src/test/java/org/apache/paimon/rest/MockRESTCatalogTest.java
index eade813969..ca23860488 100644
--- a/paimon-core/src/test/java/org/apache/paimon/rest/MockRESTCatalogTest.java
+++ b/paimon-core/src/test/java/org/apache/paimon/rest/MockRESTCatalogTest.java
@@ -51,9 +51,9 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
class MockRESTCatalogTest extends RESTCatalogTestBase {
private RESTCatalogServer restCatalogServer;
- private String initToken = "init_token";
- private String serverDefineHeaderName = "test-header";
- private String serverDefineHeaderValue = "test-value";
+ private final String initToken = "init_token";
+ private final String serverDefineHeaderName = "test-header";
+ private final String serverDefineHeaderValue = "test-value";
private String dataPath;
private AuthProvider authProvider;
@@ -152,7 +152,7 @@ class MockRESTCatalogTest extends RESTCatalogTestBase {
parameters.put("k1", "v1");
parameters.put("k2", "v2");
RESTAuthParameter restAuthParameter =
- new RESTAuthParameter("host", "/path", parameters, "method",
"data");
+ new RESTAuthParameter("/path", parameters, "method", "data");
Map<String, String> headers = restCatalog.headers(restAuthParameter);
assertEquals(
headers.get(BearTokenAuthProvider.AUTHORIZATION_HEADER_KEY),
"Bearer init_token");
diff --git
a/paimon-core/src/test/java/org/apache/paimon/rest/RESTCatalogServer.java
b/paimon-core/src/test/java/org/apache/paimon/rest/RESTCatalogServer.java
index eb622aaa04..767ad9518c 100644
--- a/paimon-core/src/test/java/org/apache/paimon/rest/RESTCatalogServer.java
+++ b/paimon-core/src/test/java/org/apache/paimon/rest/RESTCatalogServer.java
@@ -237,11 +237,7 @@ public class RESTCatalogServer {
String data = request.getBody().readUtf8();
RESTAuthParameter restAuthParameter =
new RESTAuthParameter(
- request.getHeader("Host"),
- resourcePath,
- parameters,
- request.getMethod(),
- data);
+ resourcePath, parameters,
request.getMethod(), data);
String authToken =
authProvider
.header(headers, restAuthParameter)
diff --git
a/paimon-core/src/test/java/org/apache/paimon/rest/auth/AuthSessionTest.java
b/paimon-core/src/test/java/org/apache/paimon/rest/auth/AuthSessionTest.java
index 663ee3dc99..54b88e74e4 100644
--- a/paimon-core/src/test/java/org/apache/paimon/rest/auth/AuthSessionTest.java
+++ b/paimon-core/src/test/java/org/apache/paimon/rest/auth/AuthSessionTest.java
@@ -241,7 +241,7 @@ public class AuthSessionTest {
parameters.put("k2", "v2");
String data = "data";
RESTAuthParameter restAuthParameter =
- new RESTAuthParameter(serverUrl, "/path", parameters,
"method", "data");
+ new RESTAuthParameter("/path", parameters, "method", "data");
Map<String, String> header = authProvider.header(new HashMap<>(),
restAuthParameter);
String authorization = header.get(DLF_AUTHORIZATION_HEADER_KEY);
String[] credentials = authorization.split(",")[0].split("
")[1].split("/");
@@ -249,14 +249,13 @@ public class AuthSessionTest {
String date = credentials[1];
String newAuthorization =
DLFAuthSignature.getAuthorization(
- new RESTAuthParameter(serverUrl, "/path", parameters,
"method", "data"),
+ new RESTAuthParameter("/path", parameters, "method",
"data"),
token,
"cn-hangzhou",
header,
dateTime,
date);
assertEquals(newAuthorization, authorization);
- assertEquals(restAuthParameter.host(),
header.get(DLFAuthProvider.DLF_HOST_HEADER_KEY));
assertEquals(
token.getSecurityToken(),
header.get(DLFAuthProvider.DLF_SECURITY_TOKEN_HEADER_KEY));
diff --git
a/paimon-core/src/test/java/org/apache/paimon/rest/auth/DLFAuthSignatureTest.java
b/paimon-core/src/test/java/org/apache/paimon/rest/auth/DLFAuthSignatureTest.java
index 3a0caf3a49..71ea068cdb 100644
---
a/paimon-core/src/test/java/org/apache/paimon/rest/auth/DLFAuthSignatureTest.java
+++
b/paimon-core/src/test/java/org/apache/paimon/rest/auth/DLFAuthSignatureTest.java
@@ -32,7 +32,6 @@ public class DLFAuthSignatureTest {
@Test
public void testGetAuthorization() throws Exception {
- String endpoint = "dlf.cn-hangzhou.aliyuncs.com";
String region = "cn-hangzhou";
String dateTime = "20231203T121212Z";
String date = "20231203";
@@ -43,19 +42,16 @@ public class DLFAuthSignatureTest {
RESTObjectMapper.OBJECT_MAPPER.writeValueAsString(
MockRESTMessage.createDatabaseRequest("database"));
RESTAuthParameter restAuthParameter =
- new RESTAuthParameter(endpoint, "/v1/paimon/databases",
parameters, "POST", data);
+ new RESTAuthParameter("/v1/paimon/databases", parameters,
"POST", data);
DLFToken token = new DLFToken("access-key-id", "access-key-secret",
"securityToken", null);
Map<String, String> signHeaders =
DLFAuthProvider.generateSignHeaders(
- restAuthParameter.host(),
- restAuthParameter.data(),
- dateTime,
- "securityToken");
+ restAuthParameter.data(), dateTime, "securityToken");
String authorization =
DLFAuthSignature.getAuthorization(
restAuthParameter, token, region, signHeaders,
dateTime, date);
Assertions.assertEquals(
- "DLF4-HMAC-SHA256
Credential=access-key-id/20231203/cn-hangzhou/DlfNext/aliyun_v4_request,AdditionalHeaders=host,Signature=5afbdad67b52f17c47e202da2222bff9f5cf2f86c3ed973bb919a8216d086fb7",
+ "DLF4-HMAC-SHA256
Credential=access-key-id/20231203/cn-hangzhou/DlfNext/aliyun_v4_request,Signature=c72caf1d40b55b1905d891ee3e3de48a2f8bebefa7e39e4f277acc93c269c5e3",
authorization);
}
}
