Author: tucu
Date: Mon Dec 26 19:37:25 2011
New Revision: 1224794
URL: http://svn.apache.org/viewvc?rev=1224794&view=rev
Log:
HDFS-2707. HttpFS should read the hadoop-auth secret from a file instead inline
from the configuration. (tucu)
Added:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/conf/httpfs-signature.secret
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/AuthFilter.java
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/resources/httpfs-default.xml
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/client/TestHttpFSFileSystem.java
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/server/TestHttpFSServer.java
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
Added:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/conf/httpfs-signature.secret
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/conf/httpfs-signature.secret?rev=1224794&view=auto
==============================================================================
---
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/conf/httpfs-signature.secret
(added)
+++
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/conf/httpfs-signature.secret
Mon Dec 26 19:37:25 2011
@@ -0,0 +1 @@
+hadoop httpfs secret
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/AuthFilter.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/AuthFilter.java?rev=1224794&r1=1224793&r2=1224794&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/AuthFilter.java
(original)
+++
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/AuthFilter.java
Mon Dec 26 19:37:25 2011
@@ -21,18 +21,23 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import javax.servlet.FilterConfig;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.Reader;
import java.util.Map;
import java.util.Properties;
/**
- * Subclass of Alfredo's <code>AuthenticationFilter</code> that obtains its
configuration
+ * Subclass of hadoop-auth <code>AuthenticationFilter</code> that obtains its
configuration
* from HttpFSServer's server configuration.
*/
public class AuthFilter extends AuthenticationFilter {
private static final String CONF_PREFIX = "httpfs.authentication.";
+ private static final String SIGNATURE_SECRET_FILE = SIGNATURE_SECRET +
".file";
+
/**
- * Returns the Alfredo configuration from HttpFSServer's configuration.
+ * Returns the hadoop-auth configuration from HttpFSServer's configuration.
* <p/>
* It returns all HttpFSServer's configuration properties prefixed with
* <code>httpfs.authentication</code>. The <code>httpfs.authentication</code>
@@ -41,7 +46,7 @@ public class AuthFilter extends Authenti
* @param configPrefix parameter not used.
* @param filterConfig parameter not used.
*
- * @return Alfredo configuration read from HttpFSServer's configuration.
+ * @return hadoop-auth configuration read from HttpFSServer's configuration.
*/
@Override
protected Properties getConfiguration(String configPrefix, FilterConfig
filterConfig) {
@@ -57,6 +62,25 @@ public class AuthFilter extends Authenti
props.setProperty(name, value);
}
}
+
+ String signatureSecretFile = props.getProperty(SIGNATURE_SECRET_FILE,
null);
+ if (signatureSecretFile == null) {
+ throw new RuntimeException("Undefined property: " +
SIGNATURE_SECRET_FILE);
+ }
+
+ try {
+ StringBuilder secret = new StringBuilder();
+ Reader reader = new FileReader(signatureSecretFile);
+ int c = reader.read();
+ while (c > -1) {
+ secret.append((char)c);
+ c = reader.read();
+ }
+ reader.close();
+ props.setProperty(AuthenticationFilter.SIGNATURE_SECRET,
secret.toString());
+ } catch (IOException ex) {
+ throw new RuntimeException("Could not read HttpFS signature secret file:
" + signatureSecretFile);
+ }
return props;
}
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/resources/httpfs-default.xml
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/resources/httpfs-default.xml?rev=1224794&r1=1224793&r2=1224794&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/resources/httpfs-default.xml
(original)
+++
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/resources/httpfs-default.xml
Mon Dec 26 19:37:25 2011
@@ -70,6 +70,19 @@
</property>
<property>
+ <name>httpfs.authentication.signature.secret.file</name>
+ <value>${httpfs.config.dir}/httpfs-signature.secret</value>
+ <description>
+ File containing the secret to sign HttpFS hadoop-auth cookies.
+
+ This file should be readable only by the system user running HttpFS
service.
+
+ If multiple HttpFS servers are used in a load-balancer/round-robin
fashion,
+ they should share the secret file.
+ </description>
+ </property>
+
+ <property>
<name>httpfs.authentication.type</name>
<value>simple</value>
<description>
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/client/TestHttpFSFileSystem.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/client/TestHttpFSFileSystem.java?rev=1224794&r1=1224793&r2=1224794&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/client/TestHttpFSFileSystem.java
(original)
+++
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/client/TestHttpFSFileSystem.java
Mon Dec 26 19:37:25 2011
@@ -45,9 +45,11 @@ import org.mortbay.jetty.webapp.WebAppCo
import java.io.File;
import java.io.FileOutputStream;
+import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.io.Writer;
import java.net.URL;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
@@ -63,6 +65,11 @@ public class TestHttpFSFileSystem extend
Assert.assertTrue(new File(homeDir, "temp").mkdir());
HttpFSServerWebApp.setHomeDirForCurrentThread(homeDir.getAbsolutePath());
+ File secretFile = new File(new File(homeDir, "conf"), "secret");
+ Writer w = new FileWriter(secretFile);
+ w.write("secret");
+ w.close();
+
String fsDefaultName = TestHdfsHelper.getHdfsConf().get("fs.default.name");
Configuration conf = new Configuration(false);
conf.set("httpfs.hadoop.conf:fs.default.name", fsDefaultName);
@@ -70,6 +77,7 @@ public class TestHttpFSFileSystem extend
.getHadoopProxyUserGroups());
conf.set("httpfs.proxyuser." +
HadoopUsersConfTestHelper.getHadoopProxyUser() + ".hosts",
HadoopUsersConfTestHelper
.getHadoopProxyUserHosts());
+ conf.set("httpfs.authentication.signature.secret.file",
secretFile.getAbsolutePath());
File hoopSite = new File(new File(homeDir, "conf"), "httpfs-site.xml");
OutputStream os = new FileOutputStream(hoopSite);
conf.writeXml(os);
Modified:
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/server/TestHttpFSServer.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/server/TestHttpFSServer.java?rev=1224794&r1=1224793&r2=1224794&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/server/TestHttpFSServer.java
(original)
+++
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/server/TestHttpFSServer.java
Mon Dec 26 19:37:25 2011
@@ -39,8 +39,10 @@ import org.mortbay.jetty.webapp.WebAppCo
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
+import java.io.FileWriter;
import java.io.InputStreamReader;
import java.io.OutputStream;
+import java.io.Writer;
import java.net.HttpURLConnection;
import java.net.URL;
import java.text.MessageFormat;
@@ -65,10 +67,16 @@ public class TestHttpFSServer extends HF
Assert.assertTrue(new File(homeDir, "temp").mkdir());
HttpFSServerWebApp.setHomeDirForCurrentThread(homeDir.getAbsolutePath());
+ File secretFile = new File(new File(homeDir, "conf"), "secret");
+ Writer w = new FileWriter(secretFile);
+ w.write("secret");
+ w.close();
+
String fsDefaultName = TestHdfsHelper.getHdfsConf().get("fs.default.name");
Configuration conf = new Configuration(false);
conf.set("httpfs.hadoop.conf:fs.default.name", fsDefaultName);
conf.set("httpfs.groups." +
CommonConfigurationKeys.HADOOP_SECURITY_GROUP_MAPPING,
DummyGroupMapping.class.getName());
+ conf.set("httpfs.authentication.signature.secret.file",
secretFile.getAbsolutePath());
File hoopSite = new File(new File(homeDir, "conf"), "httpfs-site.xml");
OutputStream os = new FileOutputStream(hoopSite);
conf.writeXml(os);
Modified: hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1224794&r1=1224793&r2=1224794&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Mon Dec 26
19:37:25 2011
@@ -188,6 +188,9 @@ Trunk (unreleased changes)
HttpFS server should check that upload requests have correct
content-type. (tucu)
+ HDFS-2707. HttpFS should read the hadoop-auth secret from a file
+ instead inline from the configuration. (tucu)
+
Release 0.23.1 - UNRELEASED
INCOMPATIBLE CHANGES
