Author: daryn Date: Tue Apr 15 15:25:17 2014 New Revision: 1587608 URL: http://svn.apache.org/r1587608 Log: HADOOP-10498. Add support for proxy server. (daryn)
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1587608&r1=1587607&r2=1587608&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Tue Apr 15 15:25:17 2014 @@ -333,6 +333,8 @@ Release 2.5.0 - UNRELEASED NEW FEATURES + HADOOP-10498. Add support for proxy server. (daryn) + IMPROVEMENTS HADOOP-10451. Remove unused field and imports from SaslRpcServer. Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java?rev=1587608&r1=1587607&r2=1587608&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java Tue Apr 15 15:25:17 2014 @@ -19,10 +19,12 @@ package org.apache.hadoop.security.authorize; import java.net.InetAddress; +import java.net.InetSocketAddress; import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; import java.util.Map.Entry; @@ -41,12 +43,16 @@ public class ProxyUsers { public static final String CONF_GROUPS = ".groups"; public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser."; public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\."; + public static final String CONF_HADOOP_PROXYSERVERS = "hadoop.proxyservers"; + private static boolean init = false; // list of groups and hosts per proxyuser private static Map<String, Collection<String>> proxyGroups = new HashMap<String, Collection<String>>(); private static Map<String, Collection<String>> proxyHosts = new HashMap<String, Collection<String>>(); + private static Collection<String> proxyServers = + new HashSet<String>(); /** * reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts" @@ -62,9 +68,10 @@ public class ProxyUsers { */ public static synchronized void refreshSuperUserGroupsConfiguration(Configuration conf) { - // remove alle existing stuff + // remove all existing stuff proxyGroups.clear(); proxyHosts.clear(); + proxyServers.clear(); // get all the new keys for groups String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS; @@ -85,9 +92,23 @@ public class ProxyUsers { StringUtils.getTrimmedStringCollection(entry.getValue())); } + // trusted proxy servers such as http proxies + for (String host : conf.getTrimmedStrings(CONF_HADOOP_PROXYSERVERS)) { + InetSocketAddress addr = new InetSocketAddress(host, 0); + if (!addr.isUnresolved()) { + proxyServers.add(addr.getAddress().getHostAddress()); + } + } init = true; } + public static synchronized boolean isProxyServer(String remoteAddr) { + if(!init) { + refreshSuperUserGroupsConfiguration(); + } + return proxyServers.contains(remoteAddr); + } + /** * Returns configuration key for effective user groups allowed for a superuser * Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java?rev=1587608&r1=1587607&r2=1587608&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java Tue Apr 15 15:25:17 2014 @@ -258,6 +258,16 @@ public class TestProxyUsers { assertEquals (1,hosts.size()); } + @Test + public void testProxyServer() { + Configuration conf = new Configuration(); + assertFalse(ProxyUsers.isProxyServer("1.1.1.1")); + conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "2.2.2.2, 3.3.3.3"); + ProxyUsers.refreshSuperUserGroupsConfiguration(conf); + assertFalse(ProxyUsers.isProxyServer("1.1.1.1")); + assertTrue(ProxyUsers.isProxyServer("2.2.2.2")); + assertTrue(ProxyUsers.isProxyServer("3.3.3.3")); + } private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) { try {