[
https://issues.apache.org/jira/browse/HDFS-9711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15144096#comment-15144096
]
Chris Nauroth commented on HDFS-9711:
-------------------------------------
Hi [~lmccay]. I hear you! I was unsure about v004 myself, so seeing these
comments is helpful.
bq. I am curious about the following line in the javadoc for the interface
though:
I was trying to communicate that typical users of the filter (meaning people
who run a servlet container) won't need to get involved with the
{{HttpInteraction}} interface at all. It's true that the {{doFilter}} method
uses it, but that's an internal implementation detail hidden from anyone who
just configures the filter inside a servlet container.
bq. Removing the anonymous extension may help make it more readable.
Yes, I see your point. At this point, I think we have 2 options:
# Abandon patch v004 as a failed experiment. Go back to v003, but make the
response message constant accessible for reuse.
# Promote the anonymous inner classes to more clearly documented named classes.
Let me know your thoughts, and then I'll post another revision. I have a
slight preference for keeping the {{HttpInteraction}}, but I could be swayed.
> Integrate CSRF prevention filter in WebHDFS.
> --------------------------------------------
>
> Key: HDFS-9711
> URL: https://issues.apache.org/jira/browse/HDFS-9711
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: datanode, namenode, webhdfs
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: HDFS-9711.001.patch, HDFS-9711.002.patch,
> HDFS-9711.003.patch, HDFS-9711.004.patch
>
>
> HADOOP-12691 introduced a filter in Hadoop Common to help REST APIs guard
> against cross-site request forgery attacks. This issue tracks integration of
> that filter in WebHDFS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
