This is an automated email from the ASF dual-hosted git repository. ngangam pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push: new 7abeb1df463 HIVE-27554: added control to JDBCBrowser client URL (#4537) (Henri Biestro) 7abeb1df463 is described below commit 7abeb1df463cc389f668172e7cf3bb772799858a Author: Henrib <hbies...@gmail.com> AuthorDate: Mon Aug 14 16:48:46 2023 +0200 HIVE-27554: added control to JDBCBrowser client URL (#4537) (Henri Biestro) * HIVE-27554: added control to JDBCBrowser client URL * HIVE-27554: moved control in redirect strategy; - simplified check using uri properties (scheme, absolute); - cleaned up imports; Simplify code; * Update TestSSOControl.java * Update HiveJdbcSamlRedirectStrategy.java --- .../hive/jdbc/saml/HiveJdbcBrowserClient.java | 8 ++-- .../jdbc/saml/HiveJdbcSamlRedirectStrategy.java | 26 +++++++++++ .../apache/hive/jdbc/saml/IJdbcBrowserClient.java | 5 --- .../org/apache/hive/jdbc/saml/TestSSOControl.java | 51 ++++++++++++++++++++++ 4 files changed, 81 insertions(+), 9 deletions(-) diff --git a/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcBrowserClient.java b/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcBrowserClient.java index 146bc63a5ec..fd8ee895509 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcBrowserClient.java +++ b/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcBrowserClient.java @@ -203,7 +203,6 @@ public class HiveJdbcBrowserClient implements IJdbcBrowserClient { @VisibleForTesting protected void openBrowserWindow() throws HiveJdbcBrowserException { URI ssoUri = clientContext.getSsoUri(); - Preconditions.checkNotNull(ssoUri, "SSO Url is null"); try { if (Desktop.isDesktopSupported() && Desktop.getDesktop() .isSupported(Action.BROWSE)) { @@ -212,18 +211,19 @@ public class HiveJdbcBrowserClient implements IJdbcBrowserClient { LOG.info( "Desktop mode is not supported. Attempting to use OS " + "commands to open the default browser"); + String ssoUriStr = ssoUri.toString(); //Desktop is not supported, lets try to open the browser process OsType os = getOperatingSystem(); switch (os) { case WINDOWS: Runtime.getRuntime() - .exec("rundll32 url.dll,FileProtocolHandler " + ssoUri.toString()); + .exec("rundll32 url.dll,FileProtocolHandler " + ssoUriStr); break; case MAC: - Runtime.getRuntime().exec("open " + ssoUri.toString()); + Runtime.getRuntime().exec("open " + ssoUriStr); break; case LINUX: - Runtime.getRuntime().exec("xdg-open " + ssoUri.toString()); + Runtime.getRuntime().exec("xdg-open " + ssoUriStr); break; case UNKNOWN: throw new HiveJdbcBrowserException( diff --git a/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcSamlRedirectStrategy.java b/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcSamlRedirectStrategy.java index 40e057570e3..c5ce4eeea5e 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcSamlRedirectStrategy.java +++ b/jdbc/src/java/org/apache/hive/jdbc/saml/HiveJdbcSamlRedirectStrategy.java @@ -62,4 +62,30 @@ public class HiveJdbcSamlRedirectStrategy extends DefaultRedirectStrategy { } return super.isRedirected(request, response, context); } + + @Override + public URI getLocationURI(HttpRequest request, HttpResponse response, HttpContext context) throws ProtocolException { + // add our own check to super-call + return checkSsoUri(super.getLocationURI(request, response, context)); + } + + /** + * Checks that the URI used to redirect SSO is valid. + * @param uri the uri to validate + * @return the uri + * @throws ProtocolException if uri is null or not http(s) or not absolute + */ + static URI checkSsoUri(URI uri) throws ProtocolException { + if (uri == null) { + throw new ProtocolException("SSO Url is null"); + } + final String scheme = uri.getScheme(); + // require https or https and absolute + final boolean valid = ("http".equalsIgnoreCase(scheme) || "https".equalsIgnoreCase(scheme)) + && uri.isAbsolute(); + if (!valid) { + throw new ProtocolException("SSO Url "+uri.toString()+ "is invalid"); + } + return uri; + } } diff --git a/jdbc/src/java/org/apache/hive/jdbc/saml/IJdbcBrowserClient.java b/jdbc/src/java/org/apache/hive/jdbc/saml/IJdbcBrowserClient.java index a6125838300..c1d7b9f9ba1 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/saml/IJdbcBrowserClient.java +++ b/jdbc/src/java/org/apache/hive/jdbc/saml/IJdbcBrowserClient.java @@ -21,12 +21,7 @@ package org.apache.hive.jdbc.saml; import com.google.common.base.Preconditions; import com.google.errorprone.annotations.Immutable; import java.io.Closeable; -import java.io.UnsupportedEncodingException; import java.net.URI; -import java.net.URLDecoder; -import java.nio.charset.StandardCharsets; -import java.util.HashMap; -import java.util.Map; import org.apache.hive.service.auth.saml.HiveSamlUtils; /** diff --git a/jdbc/src/test/org/apache/hive/jdbc/saml/TestSSOControl.java b/jdbc/src/test/org/apache/hive/jdbc/saml/TestSSOControl.java new file mode 100644 index 00000000000..236491e5d97 --- /dev/null +++ b/jdbc/src/test/org/apache/hive/jdbc/saml/TestSSOControl.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hive.jdbc.saml; + +import java.net.URI; + +import org.junit.Test; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class TestSSOControl { + + static boolean checkValid(String uri) { + try { + HiveJdbcSamlRedirectStrategy.checkSsoUri(new URI(uri)); + return true; + } catch(Exception xany) { + return false; + } + } + + @Test + public void testValidURL() { + assertTrue(checkValid("https://companya.okta.com")); + assertTrue(checkValid("https://companyb.okta.com:8080")); + assertTrue(checkValid("https://companyc.okta.com/testpathvalue")); + } + + @Test + public void testInvalidURL() { + assertFalse(checkValid("-a Calculator")); + assertFalse(checkValid("This is random text")); + assertFalse(checkValid("file://randomfile")); + } +}