Author: cnauroth
Date: Mon Mar 17 20:30:20 2014
New Revision: 1578552
URL: http://svn.apache.org/r1578552
Log:
HDFS-5516. Merging change r1578549 from trunk to branch-2.
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1578552&r1=1578551&r2=1578552&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
(original)
+++ hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
Mon Mar 17 20:30:20 2014
@@ -385,6 +385,9 @@ Release 2.4.0 - UNRELEASED
HDFS-6094. The same block can be counted twice towards safe mode
threshold. (Arpit Agarwal)
+ HDFS-5516. WebHDFS does not require user name when anonymous http requests
+ are disallowed. (Miodrag Radulovic via cnauroth)
+
BREAKDOWN OF HDFS-5698 SUBTASKS AND RELATED JIRAS
HDFS-5717. Save FSImage header in protobuf. (Haohui Mai via jing9)
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java?rev=1578552&r1=1578551&r2=1578552&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
Mon Mar 17 20:30:20 2014
@@ -505,6 +505,7 @@ public class DFSConfigKeys extends Commo
public static final String DFS_NAMENODE_CHECKED_VOLUMES_KEY =
"dfs.namenode.resource.checked.volumes";
public static final String DFS_NAMENODE_CHECKED_VOLUMES_MINIMUM_KEY =
"dfs.namenode.resource.checked.volumes.minimum";
public static final int DFS_NAMENODE_CHECKED_VOLUMES_MINIMUM_DEFAULT = 1;
+ public static final String DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED
= "dfs.web.authentication.simple.anonymous.allowed";
public static final String DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY =
"dfs.web.authentication.kerberos.principal";
public static final String DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY =
"dfs.web.authentication.kerberos.keytab";
public static final String DFS_NAMENODE_MAX_OP_SIZE_KEY =
"dfs.namenode.max.op.size";
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java?rev=1578552&r1=1578551&r2=1578552&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
Mon Mar 17 20:30:20 2014
@@ -174,6 +174,13 @@ public class NameNodeHttpServer {
DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY +
"' is not set.");
}
+ String anonymousAllowed = conf
+ .get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED);
+ if (anonymousAllowed != null && !anonymousAllowed.isEmpty()) {
+ params.put(
+ DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+ anonymousAllowed);
+ }
return params;
}
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java?rev=1578552&r1=1578551&r2=1578552&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
Mon Mar 17 20:30:20 2014
@@ -64,8 +64,10 @@ public class AuthFilter extends Authenti
// set authentication type
p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
- //For Pseudo Authentication, allow anonymous.
- p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+ // if not set, enable anonymous for pseudo authentication
+ if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
+ p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+ }
//set cookie path
p.setProperty(COOKIE_PATH, "/");
return p;
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java?rev=1578552&r1=1578551&r2=1578552&view=diff
==============================================================================
---
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
(original)
+++
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
Mon Mar 17 20:30:20 2014
@@ -75,4 +75,27 @@ public class TestAuthFilter {
Assert.assertEquals("true",
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
+
+ @Test
+ public void testGetSimpleAuthDisabledConfiguration() throws ServletException
{
+ AuthFilter filter = new AuthFilter();
+ Map<String, String> m = new HashMap<String,String>();
+ m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+ "false");
+ FilterConfig config = new DummyFilterConfig(m);
+ Properties p = filter.getConfiguration("random", config);
+ Assert.assertEquals("false",
+ p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+ }
+
+ @Test
+ public void testGetSimpleAuthDefaultConfiguration() throws ServletException {
+ AuthFilter filter = new AuthFilter();
+ Map<String, String> m = new HashMap<String,String>();
+
+ FilterConfig config = new DummyFilterConfig(m);
+ Properties p = filter.getConfiguration("random", config);
+ Assert.assertEquals("true",
+ p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+ }
}
