Author: suresh
Date: Tue May 13 17:01:24 2014
New Revision: 1594285
URL: http://svn.apache.org/r1594285
Log:
Revert the commit r1594283
Removed:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyServers.java
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyServers.java
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1594285&r1=1594284&r2=1594285&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
Tue May 13 17:01:24 2014
@@ -48,9 +48,6 @@ Release 2.5.0 - UNRELEASED
HADOOP-10158. SPNEGO should work with multiple interfaces/SPNs.
(daryn via kihwal)
- HADOOP-10566. Refactor proxyservers out of ProxyUsers.
- (Benoy Antony via suresh)
-
OPTIMIZATIONS
BUG FIXES
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java?rev=1594285&r1=1594284&r2=1594285&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
Tue May 13 17:01:24 2014
@@ -19,9 +19,11 @@
package org.apache.hadoop.security.authorize;
import java.net.InetAddress;
+import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.util.Collection;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
import java.util.Map.Entry;
@@ -40,6 +42,7 @@ public class ProxyUsers {
private static final String CONF_GROUPS = ".groups";
private static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
private static final String CONF_HADOOP_PROXYUSER_RE =
"hadoop\\.proxyuser\\.";
+ public static final String CONF_HADOOP_PROXYSERVERS = "hadoop.proxyservers";
private static boolean init = false;
//list of users, groups and hosts per proxyuser
@@ -49,6 +52,8 @@ public class ProxyUsers {
new HashMap<String, Collection<String>>();
private static Map<String, Collection<String>> proxyHosts =
new HashMap<String, Collection<String>>();
+ private static Collection<String> proxyServers =
+ new HashSet<String>();
/**
* reread the conf and get new values for
"hadoop.proxyuser.*.groups/users/hosts"
@@ -68,6 +73,7 @@ public class ProxyUsers {
proxyGroups.clear();
proxyHosts.clear();
proxyUsers.clear();
+ proxyServers.clear();
// get all the new keys for users
String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_USERS;
@@ -92,8 +98,22 @@ public class ProxyUsers {
proxyHosts.put(entry.getKey(),
StringUtils.getTrimmedStringCollection(entry.getValue()));
}
+
+ // trusted proxy servers such as http proxies
+ for (String host : conf.getTrimmedStrings(CONF_HADOOP_PROXYSERVERS)) {
+ InetSocketAddress addr = new InetSocketAddress(host, 0);
+ if (!addr.isUnresolved()) {
+ proxyServers.add(addr.getAddress().getHostAddress());
+ }
+ }
init = true;
- ProxyServers.refresh(conf);
+ }
+
+ public static synchronized boolean isProxyServer(String remoteAddr) {
+ if(!init) {
+ refreshSuperUserGroupsConfiguration();
+ }
+ return proxyServers.contains(remoteAddr);
}
/**
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java?rev=1594285&r1=1594284&r2=1594285&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
Tue May 13 17:01:24 2014
@@ -238,6 +238,17 @@ public class TestProxyUsers {
assertEquals (1,hosts.size());
}
+ @Test
+ public void testProxyServer() {
+ Configuration conf = new Configuration();
+ assertFalse(ProxyUsers.isProxyServer("1.1.1.1"));
+ conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "2.2.2.2, 3.3.3.3");
+ ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
+ assertFalse(ProxyUsers.isProxyServer("1.1.1.1"));
+ assertTrue(ProxyUsers.isProxyServer("2.2.2.2"));
+ assertTrue(ProxyUsers.isProxyServer("3.3.3.3"));
+ }
+
private void assertNotAuthorized(UserGroupInformation proxyUgi, String host)
{
try {
ProxyUsers.authorize(proxyUgi, host);
