[
https://issues.apache.org/jira/browse/HADOOP-10918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur updated HADOOP-10918:
----------------------------------------
Attachment: HADOOP-10918.patch
Patch that adds a method to the JMX servlet to allow subclassing and overriding
the authorization check. It also changes the "UNAUTHORIZED" response to
"FORBIDDEN" in HttpServer2 as UNAUTHORIZED on its own should indicate also the
expected authentication mechanism.
It also wires a subclassed JMX servlet for KMS.
I've tested on local deployment that JMX works fine from KMS with the change
(cannot do testcase for that).
> JMXJsonServlet fails when used within Tomcat
> --------------------------------------------
>
> Key: HADOOP-10918
> URL: https://issues.apache.org/jira/browse/HADOOP-10918
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-10918.patch
>
>
> {{JMXJsonServlet.doGet()}} has the following check:
> {code}
> if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
> request, response)) {
> {code}
> Loading the class {{HttpServer2}} triggers loading Jetty specific classes:
> {code}
> SEVERE: Servlet.service() for servlet jmx-servlet threw exception
> java.lang.ClassNotFoundException: org.mortbay.jetty.servlet.Context
> at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)
> at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)
> at org.apache.hadoop.jmx.JMXJsonServlet.doGet(JMXJsonServlet.java:157)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.hadoop.crypto.key.kms.server.KMSMDCFilter.doFilter(KMSMDCFilter.java:84)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:438)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.doFilter(DelegationTokenAuthenticationFilter.java:255)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:408)
> at
> org.apache.hadoop.crypto.key.kms.server.KMSAuthenticationFilter.doFilter(KMSAuthenticationFilter.java:128)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:695)
> Jul 31, 2014 2:46:24 PM org.apache.catalina.core.StandardWrapperValve invoke
> {code}
> Because of this the JMX servlet fails to work in KMS
--
This message was sent by Atlassian JIRA
(v6.2#6252)
