saihemanth-cloudera commented on code in PR #4537:
URL: https://github.com/apache/hive/pull/4537#discussion_r1289017500


##########
jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcSamlRedirectStrategy.java:
##########
@@ -62,4 +62,41 @@ public boolean isRedirected(
     }
     return super.isRedirected(request, response, context);
   }
+
+  @Override
+  public URI getLocationURI(HttpRequest request, HttpResponse response, 
HttpContext context) throws ProtocolException {
+    // add our own check to super-call
+    return checkSsoUri(super.getLocationURI(request, response, context));
+  }
+
+  /**
+   * Checks that the URI used to redirect SSO is valid.
+   * @param uri the uri to validate
+   * @return the uri
+   * @throws ProtocolException if uri is null or not http(s) or not absolute
+   */
+  static URI checkSsoUri(URI uri) throws ProtocolException {
+    if (uri == null) {
+      throw new ProtocolException("SSO Url is null");
+    }
+    boolean valid = false;
+    // a pseudo loop to break from sequence
+    do {
+      String scheme = uri.getScheme();
+      // require https or https
+      if (!("http".equalsIgnoreCase(scheme) || 
"https".equalsIgnoreCase(scheme))) {
+        break;
+      }
+      // require absolute
+      if (!uri.isAbsolute()) {
+        break;
+      }
+      // went through all validation points
+      valid = true;
+    } while(false);

Review Comment:
   Do we really need a do/while() loop here? I don't think it is required.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org

Reply via email to