Author: daryn
Date: Tue Apr 15 15:25:17 2014
New Revision: 1587608
URL: http://svn.apache.org/r1587608
Log:
HADOOP-10498. Add support for proxy server. (daryn)
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1587608&r1=1587607&r2=1587608&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Tue Apr
15 15:25:17 2014
@@ -333,6 +333,8 @@ Release 2.5.0 - UNRELEASED
NEW FEATURES
+ HADOOP-10498. Add support for proxy server. (daryn)
+
IMPROVEMENTS
HADOOP-10451. Remove unused field and imports from SaslRpcServer.
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java?rev=1587608&r1=1587607&r2=1587608&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
Tue Apr 15 15:25:17 2014
@@ -19,10 +19,12 @@
package org.apache.hadoop.security.authorize;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
import java.util.Map.Entry;
@@ -41,12 +43,16 @@ public class ProxyUsers {
public static final String CONF_GROUPS = ".groups";
public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
public static final String CONF_HADOOP_PROXYUSER_RE =
"hadoop\\.proxyuser\\.";
+ public static final String CONF_HADOOP_PROXYSERVERS = "hadoop.proxyservers";
+
private static boolean init = false;
// list of groups and hosts per proxyuser
private static Map<String, Collection<String>> proxyGroups =
new HashMap<String, Collection<String>>();
private static Map<String, Collection<String>> proxyHosts =
new HashMap<String, Collection<String>>();
+ private static Collection<String> proxyServers =
+ new HashSet<String>();
/**
* reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts"
@@ -62,9 +68,10 @@ public class ProxyUsers {
*/
public static synchronized void
refreshSuperUserGroupsConfiguration(Configuration conf) {
- // remove alle existing stuff
+ // remove all existing stuff
proxyGroups.clear();
proxyHosts.clear();
+ proxyServers.clear();
// get all the new keys for groups
String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS;
@@ -85,9 +92,23 @@ public class ProxyUsers {
StringUtils.getTrimmedStringCollection(entry.getValue()));
}
+ // trusted proxy servers such as http proxies
+ for (String host : conf.getTrimmedStrings(CONF_HADOOP_PROXYSERVERS)) {
+ InetSocketAddress addr = new InetSocketAddress(host, 0);
+ if (!addr.isUnresolved()) {
+ proxyServers.add(addr.getAddress().getHostAddress());
+ }
+ }
init = true;
}
+ public static synchronized boolean isProxyServer(String remoteAddr) {
+ if(!init) {
+ refreshSuperUserGroupsConfiguration();
+ }
+ return proxyServers.contains(remoteAddr);
+ }
+
/**
* Returns configuration key for effective user groups allowed for a
superuser
*
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java?rev=1587608&r1=1587607&r2=1587608&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
Tue Apr 15 15:25:17 2014
@@ -258,6 +258,16 @@ public class TestProxyUsers {
assertEquals (1,hosts.size());
}
+ @Test
+ public void testProxyServer() {
+ Configuration conf = new Configuration();
+ assertFalse(ProxyUsers.isProxyServer("1.1.1.1"));
+ conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "2.2.2.2, 3.3.3.3");
+ ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
+ assertFalse(ProxyUsers.isProxyServer("1.1.1.1"));
+ assertTrue(ProxyUsers.isProxyServer("2.2.2.2"));
+ assertTrue(ProxyUsers.isProxyServer("3.3.3.3"));
+ }
private void assertNotAuthorized(UserGroupInformation proxyUgi, String host)
{
try {
