ivanzlenko commented on code in PR #4523:
URL: https://github.com/apache/ozone/pull/4523#discussion_r1168207746
##########
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/S3GatewayHttpServer.java:
##########
@@ -18,29 +18,88 @@
package org.apache.hadoop.ozone.s3;
import java.io.IOException;
-
-import org.apache.hadoop.hdds.conf.MutableConfigurationSource;
-import org.apache.hadoop.hdds.server.http.BaseHttpServer;
-
+import java.util.HashMap;
+import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.hadoop.hdds.conf.MutableConfigurationSource;
+import org.apache.hadoop.hdds.server.http.BaseHttpServer;
+import org.apache.hadoop.hdds.server.http.ServletElementsFactory;
+import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
+import org.eclipse.jetty.servlet.FilterHolder;
+import org.eclipse.jetty.servlet.FilterMapping;
+import org.eclipse.jetty.servlet.ServletHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import static
org.apache.hadoop.ozone.s3secret.S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_AUTH_TYPE;
+import static
org.apache.hadoop.ozone.s3secret.S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_BIND_HOST_KEY;
+import static
org.apache.hadoop.ozone.s3secret.S3SecretConfigKeys.OZONE_S3G_SECRET_HTTP_ENABLED_KEY;
+import static
org.apache.hadoop.ozone.s3secret.S3SecretConfigKeys.OZONE_S3G_SECRET_KEYTAB_FILE;
+import static
org.apache.hadoop.ozone.s3secret.S3SecretConfigKeys.OZONE_S3G_SECRET_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL;
/**
- * S3 Gateway specific configuration keys.
+ * Http server to provide S3-compatible API.
*/
public class S3GatewayHttpServer extends BaseHttpServer {
+ private static final Logger LOG =
+ LoggerFactory.getLogger(S3GatewayHttpServer.class);
+
/**
* Default offset between two filters.
*/
public static final int FILTER_PRIORITY_DO_AFTER = 50;
public S3GatewayHttpServer(MutableConfigurationSource conf,
- String name) throws IOException {
+ String name) throws IOException {
super(conf, name);
addServlet("icon", "/favicon.ico", IconServlet.class);
+ addSecretAuthentication(conf);
+ }
+
+ private void addSecretAuthentication(MutableConfigurationSource conf)
+ throws IOException {
+
+ if (conf.getBoolean(OZONE_S3G_SECRET_HTTP_ENABLED_KEY, false)) {
+ String authType = conf.get(OZONE_S3G_SECRET_HTTP_AUTH_TYPE, "simple");
+
+ if (UserGroupInformation.isSecurityEnabled()
Review Comment:
It's actually the main idea to throw exception in that case. This endpoint
should be only enabled if global security is enabled. If this endpoint is
enabled without enabled security it should be treated as a missconfiguration.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
