HIVE-23704: Decode Base-64 String from HTTP Header (David Mollitor, r…

…eviewed by Ashutosh Chauhan)
apache · Jun 21, 2020 · 4c18dbb · 4c18dbb
1 parent b846bbe
commit 4c18dbb
Showing 1 changed file with 11 additions and 14 deletions.
diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpServlet.java
@@ -593,11 +593,10 @@ private String getPassword(HttpServletRequest request, String authType)
 
   private String[] getAuthHeaderTokens(HttpServletRequest request,
       String authType) throws HttpAuthenticationException {
-    String authHeaderBase64 = getAuthHeader(request, authType);
-    String authHeaderString = StringUtils.newStringUtf8(
-        Base64.decodeBase64(authHeaderBase64.getBytes()));
-    String[] creds = authHeaderString.split(":");
-    return creds;
+    String authHeaderBase64Str = getAuthHeader(request, authType);
+    String authHeaderString = StringUtils.newStringUtf8(Base64.decodeBase64(authHeaderBase64Str));
+
+    return authHeaderString.split(":");
   }
 
   /**
@@ -616,15 +615,13 @@ private String getAuthHeader(HttpServletRequest request, String authType)
           "from the client is empty.");
     }
 
-    String authHeaderBase64String;
-    int beginIndex;
-    if (isKerberosAuthMode(authType)) {
-      beginIndex = (HttpAuthUtils.NEGOTIATE + " ").length();
-    }
-    else {
-      beginIndex = (HttpAuthUtils.BASIC + " ").length();
-    }
-    authHeaderBase64String = authHeader.substring(beginIndex);
+    LOG.debug("HTTP Auth Header [{}]", authHeader);
+
+    String[] parts = authHeader.split(" ");
+
+    // Assume the Base-64 string is always the last thing in the header
+    String authHeaderBase64String = parts[parts.length - 1];
+
     // Authorization header must have a payload
     if (authHeaderBase64String.isEmpty()) {
       throw new HttpAuthenticationException("Authorization header received " +