Repository: hadoop Updated Branches: refs/heads/trunk 41fc7f80b -> 252c2b4d5
Revert "HADOOP-13707. If kerberos is enabled while HTTP SPNEGO is not configured, some links cannot be accessed. Contributed by Yuanbo Liu" Change-Id: I946a466a43d56c73bb0135384e73cb8513595461 (cherry picked from commit 80ee5248b2dda1cb8d122d4f362f2f8cf02b9467) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/252c2b4d Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/252c2b4d Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/252c2b4d Branch: refs/heads/trunk Commit: 252c2b4d52e0dd8984d6f2a8f292f40e1c347fab Parents: 41fc7f8 Author: Wangda Tan <[email protected]> Authored: Wed Mar 14 10:47:35 2018 -0700 Committer: Wangda Tan <[email protected]> Committed: Wed Mar 14 13:36:53 2018 -0700 ---------------------------------------------------------------------- .../org/apache/hadoop/conf/ConfServlet.java | 8 +---- .../hadoop/http/AdminAuthorizedServlet.java | 11 ++----- .../org/apache/hadoop/http/HttpServer2.java | 32 ++------------------ .../org/apache/hadoop/jmx/JMXJsonServlet.java | 8 +---- .../java/org/apache/hadoop/log/LogLevel.java | 11 ++----- .../org/apache/hadoop/http/TestHttpServer.java | 17 +---------- 6 files changed, 12 insertions(+), 75 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/252c2b4d/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java index 2128de7..cce744e 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java @@ -20,7 +20,6 @@ package org.apache.hadoop.conf; import java.io.IOException; import java.io.Writer; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -59,12 +58,7 @@ public class ConfServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - // If user is a static user and auth Type is null, that means - // there is a non-security environment and no need authorization, - // otherwise, do the authorization. - final ServletContext servletContext = getServletContext(); - if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && - !HttpServer2.isInstrumentationAccessAllowed(servletContext, + if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), request, response)) { return; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/252c2b4d/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java index 456e89f..a4b05a1 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java @@ -19,7 +19,6 @@ package org.apache.hadoop.http; import java.io.IOException; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -36,13 +35,9 @@ public class AdminAuthorizedServlet extends DefaultServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - // If user is a static user and auth Type is null, that means - // there is a non-security environment and no need authorization, - // otherwise, do the authorization. - final ServletContext servletContext = getServletContext(); - if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) || - HttpServer2.hasAdministratorAccess(servletContext, request, + throws ServletException, IOException { + // Do the authorization + if (HttpServer2.hasAdministratorAccess(getServletContext(), request, response)) { // Authorization is done. Just call super. super.doGet(request, response); http://git-wip-us.apache.org/repos/asf/hadoop/blob/252c2b4d/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index 8adb114..47ca841 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -17,9 +17,6 @@ */ package org.apache.hadoop.http; -import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER; -import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER; - import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; @@ -1359,24 +1356,6 @@ public final class HttpServer2 implements FilterContainer { } /** - * check whether user is static and unauthenticated, if the - * answer is TRUE, that means http sever is in non-security - * environment. - * @param servletContext the servlet context. - * @param request the servlet request. - * @return TRUE/FALSE based on the logic described above. - */ - public static boolean isStaticUserAndNoneAuthType( - ServletContext servletContext, HttpServletRequest request) { - Configuration conf = - (Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE); - final String authType = request.getAuthType(); - final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER, - DEFAULT_HADOOP_HTTP_STATIC_USER); - return authType == null && staticUser.equals(request.getRemoteUser()); - } - - /** * Checks the user has privileges to access to instrumentation servlets. * <p/> * If <code>hadoop.security.instrumentation.requires.admin</code> is set to FALSE @@ -1473,14 +1452,9 @@ public final class HttpServer2 implements FilterContainer { @Override public void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - // If user is a static user and auth Type is null, that means - // there is a non-security environment and no need authorization, - // otherwise, do the authorization. - final ServletContext servletContext = getServletContext(); - if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && - !HttpServer2.isInstrumentationAccessAllowed(servletContext, - request, response)) { + throws ServletException, IOException { + if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), + request, response)) { return; } response.setContentType("text/plain; charset=UTF-8"); http://git-wip-us.apache.org/repos/asf/hadoop/blob/252c2b4d/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java index 33af448..093d0af 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java @@ -38,7 +38,6 @@ import javax.management.RuntimeMBeanException; import javax.management.openmbean.CompositeData; import javax.management.openmbean.CompositeType; import javax.management.openmbean.TabularData; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -170,12 +169,7 @@ public class JMXJsonServlet extends HttpServlet { @Override public void doGet(HttpServletRequest request, HttpServletResponse response) { try { - // If user is a static user and auth Type is null, that means - // there is a non-security environment and no need authorization, - // otherwise, do the authorization. - final ServletContext servletContext = getServletContext(); - if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && - !isInstrumentationAccessAllowed(request, response)) { + if (!isInstrumentationAccessAllowed(request, response)) { return; } JsonGenerator jg = null; http://git-wip-us.apache.org/repos/asf/hadoop/blob/252c2b4d/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java index 8802f83..79eae12 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java @@ -27,7 +27,6 @@ import java.util.regex.Pattern; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSocketFactory; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -324,13 +323,9 @@ public class LogLevel { public void doGet(HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException { - // If user is a static user and auth Type is null, that means - // there is a non-security environment and no need authorization, - // otherwise, do the authorization. - final ServletContext servletContext = getServletContext(); - if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && - !HttpServer2.hasAdministratorAccess(servletContext, - request, response)) { + // Do the authorization + if (!HttpServer2.hasAdministratorAccess(getServletContext(), request, + response)) { return; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/252c2b4d/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java index 7350d09..ba4be27 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java @@ -69,9 +69,6 @@ import java.util.concurrent.CountDownLatch; import java.util.concurrent.Executor; import java.util.concurrent.Executors; -import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER; -import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER; - public class TestHttpServer extends HttpServerFunctionalTest { static final Logger LOG = LoggerFactory.getLogger(TestHttpServer.class); private static HttpServer2 server; @@ -485,7 +482,7 @@ public class TestHttpServer extends HttpServerFunctionalTest { String serverURL = "http://"; + NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/"; for (String servlet : new String[] { "conf", "logs", "stacks", - "logLevel", "jmx" }) { + "logLevel" }) { for (String user : new String[] { "userA", "userB", "userC", "userD" }) { assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL + servlet, user)); @@ -493,18 +490,6 @@ public class TestHttpServer extends HttpServerFunctionalTest { assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode( serverURL + servlet, "userE")); } - - // hadoop.security.authorization is set as true while - // hadoop.http.authentication.type's value is `simple`(default value) - // in this case, static user has administrator access - final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER, - DEFAULT_HADOOP_HTTP_STATIC_USER); - for (String servlet : new String[] {"conf", "logs", "stacks", - "logLevel", "jmx"}) { - assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode( - serverURL + servlet, staticUser)); - } - myServer.stop(); } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
