subject:"\[1\/3\] hadoop git commit\: Revert \"HADOOP\-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu.\""

[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."

2018-03-10 Thread lei

Repository: hadoop
Updated Branches:
  refs/heads/branch-3.0.1 6b23e5dc2 -> eaf7b0382


Revert "HADOOP-14077. Add ability to access jmx via proxy.  Contributed by 
Yuanbo Liu."

This reverts commit 172b23af33554b7d58fd41b022d983bcc2433da7.

(cherry picked from commit d0d2d4c51e9534e08893ae14cf3fff7b2ee70b1d)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f49b044c
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f49b044c
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f49b044c

Branch: refs/heads/branch-3.0.1
Commit: f49b044cbf08e797b25c6e0c8e6ede98e904773a
Parents: 6b23e5d
Author: Owen O'Malley 
Authored: Thu Mar 1 09:59:08 2018 -0800
Committer: Lei Xu 
Committed: Sat Mar 10 13:46:07 2018 -0800

--
 .../AuthenticationWithProxyUserFilter.java  |  43 ---
 .../hadoop/http/TestHttpServerWithSpengo.java   |  15 +--
 .../mapreduce/v2/app/webapp/AppController.java  |   7 +-
 .../hadoop/yarn/server/webapp/AppBlock.java | 113 ++-
 4 files changed, 85 insertions(+), 93 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/hadoop/blob/f49b044c/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
--
diff --git 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
index c97f8ad..ea9b282 100644
--- 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
+++ 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
@@ -20,10 +20,9 @@ package org.apache.hadoop.security;
 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.ProxyUsers;
+import org.apache.hadoop.util.HttpExceptionUtils;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.utils.URLEncodedUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -42,9 +41,6 @@ import java.util.List;
  */
 public class AuthenticationWithProxyUserFilter extends AuthenticationFilter {
 
-  public static final Logger LOG =
-  LoggerFactory.getLogger(AuthenticationWithProxyUserFilter.class);
-
   /**
* Constant used in URL's query string to perform a proxy user request, the
* value of the DO_AS parameter is the user the request will be
@@ -70,30 +66,29 @@ public class AuthenticationWithProxyUserFilter extends 
AuthenticationFilter {
   protected void doFilter(FilterChain filterChain, HttpServletRequest request,
   HttpServletResponse response) throws IOException, ServletException {
 
-final String proxyUser = getDoAs(request);
+// authorize proxy user before calling next filter.
+String proxyUser = getDoAs(request);
 if (proxyUser != null) {
+  UserGroupInformation realUser =
+  UserGroupInformation.createRemoteUser(request.getRemoteUser());
+  UserGroupInformation proxyUserInfo =
+  UserGroupInformation.createProxyUser(proxyUser, realUser);
 
-  // Change the remote user after proxy user is authorized.
-  final HttpServletRequest finalReq = request;
-  request = new HttpServletRequestWrapper(finalReq) {
-
-private String getRemoteOrProxyUser() throws AuthorizationException {
-  UserGroupInformation realUser =
-  UserGroupInformation.createRemoteUser(finalReq.getRemoteUser());
-  UserGroupInformation proxyUserInfo =
-  UserGroupInformation.createProxyUser(proxyUser, realUser);
-  ProxyUsers.authorize(proxyUserInfo, finalReq.getRemoteAddr());
-  return proxyUserInfo.getUserName();
-}
+  try {
+ProxyUsers.authorize(proxyUserInfo, request.getRemoteAddr());
+  } catch (AuthorizationException ex) {
+HttpExceptionUtils.createServletExceptionResponse(response,
+HttpServletResponse.SC_FORBIDDEN, ex);
+// stop filter chain if there is an Authorization Exception.
+return;
+  }
 
+  final UserGroupInformation finalProxyUser = proxyUserInfo;
+  // Change the remote user after proxy user is authorized.
+  request = new HttpServletRequestWrapper(request) {
 @Override
 public String getRemoteUser() {
-  try {
-return getRemoteOrProxyUser();
-  } catch (AuthorizationException ex) {
-

[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."

2018-03-10 Thread lei

Repository: hadoop
Updated Branches:
  refs/heads/branch-3.0 2e607f210 -> 8034faa88


Revert "HADOOP-14077. Add ability to access jmx via proxy.  Contributed by 
Yuanbo Liu."

This reverts commit 172b23af33554b7d58fd41b022d983bcc2433da7.

(cherry picked from commit d0d2d4c51e9534e08893ae14cf3fff7b2ee70b1d)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0f106df4
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0f106df4
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0f106df4

Branch: refs/heads/branch-3.0
Commit: 0f106df4d6de589650c6acdfb34049ae17ac55b0
Parents: 2e607f2
Author: Owen O'Malley 
Authored: Thu Mar 1 09:59:08 2018 -0800
Committer: Lei Xu 
Committed: Sat Mar 10 13:33:52 2018 -0800

--
 .../AuthenticationWithProxyUserFilter.java  |  43 ---
 .../hadoop/http/TestHttpServerWithSpengo.java   |  15 +--
 .../mapreduce/v2/app/webapp/AppController.java  |   7 +-
 .../hadoop/yarn/server/webapp/AppBlock.java | 113 ++-
 4 files changed, 85 insertions(+), 93 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/hadoop/blob/0f106df4/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
--
diff --git 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
index c97f8ad..ea9b282 100644
--- 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
+++ 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
@@ -20,10 +20,9 @@ package org.apache.hadoop.security;
 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.ProxyUsers;
+import org.apache.hadoop.util.HttpExceptionUtils;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.utils.URLEncodedUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -42,9 +41,6 @@ import java.util.List;
  */
 public class AuthenticationWithProxyUserFilter extends AuthenticationFilter {
 
-  public static final Logger LOG =
-  LoggerFactory.getLogger(AuthenticationWithProxyUserFilter.class);
-
   /**
* Constant used in URL's query string to perform a proxy user request, the
* value of the DO_AS parameter is the user the request will be
@@ -70,30 +66,29 @@ public class AuthenticationWithProxyUserFilter extends 
AuthenticationFilter {
   protected void doFilter(FilterChain filterChain, HttpServletRequest request,
   HttpServletResponse response) throws IOException, ServletException {
 
-final String proxyUser = getDoAs(request);
+// authorize proxy user before calling next filter.
+String proxyUser = getDoAs(request);
 if (proxyUser != null) {
+  UserGroupInformation realUser =
+  UserGroupInformation.createRemoteUser(request.getRemoteUser());
+  UserGroupInformation proxyUserInfo =
+  UserGroupInformation.createProxyUser(proxyUser, realUser);
 
-  // Change the remote user after proxy user is authorized.
-  final HttpServletRequest finalReq = request;
-  request = new HttpServletRequestWrapper(finalReq) {
-
-private String getRemoteOrProxyUser() throws AuthorizationException {
-  UserGroupInformation realUser =
-  UserGroupInformation.createRemoteUser(finalReq.getRemoteUser());
-  UserGroupInformation proxyUserInfo =
-  UserGroupInformation.createProxyUser(proxyUser, realUser);
-  ProxyUsers.authorize(proxyUserInfo, finalReq.getRemoteAddr());
-  return proxyUserInfo.getUserName();
-}
+  try {
+ProxyUsers.authorize(proxyUserInfo, request.getRemoteAddr());
+  } catch (AuthorizationException ex) {
+HttpExceptionUtils.createServletExceptionResponse(response,
+HttpServletResponse.SC_FORBIDDEN, ex);
+// stop filter chain if there is an Authorization Exception.
+return;
+  }
 
+  final UserGroupInformation finalProxyUser = proxyUserInfo;
+  // Change the remote user after proxy user is authorized.
+  request = new HttpServletRequestWrapper(request) {
 @Override
 public String getRemoteUser() {
-  try {
-return getRemoteOrProxyUser();
-  } catch (AuthorizationException ex) {
-

[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."

2018-03-09 Thread wangda

Repository: hadoop
Updated Branches:
  refs/heads/trunk 4743d4a2c -> ea18e70a7


Revert "HADOOP-14077. Add ability to access jmx via proxy.  Contributed by 
Yuanbo Liu."

This reverts commit 172b23af33554b7d58fd41b022d983bcc2433da7.

(cherry picked from commit d0d2d4c51e9534e08893ae14cf3fff7b2ee70b1d)


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/3a8dade9
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/3a8dade9
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/3a8dade9

Branch: refs/heads/trunk
Commit: 3a8dade9b1bf01cf75fc68cecb351c23302cdee5
Parents: 4743d4a
Author: Owen O'Malley 
Authored: Thu Mar 1 09:59:08 2018 -0800
Committer: Wangda Tan 
Committed: Fri Mar 9 22:46:30 2018 -0800

--
 .../AuthenticationWithProxyUserFilter.java  |  43 ---
 .../hadoop/http/TestHttpServerWithSpengo.java   |  15 +--
 .../mapreduce/v2/app/webapp/AppController.java  |   7 +-
 .../hadoop/yarn/server/webapp/AppBlock.java | 113 ++-
 4 files changed, 85 insertions(+), 93 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/hadoop/blob/3a8dade9/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
--
diff --git 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
index c97f8ad..ea9b282 100644
--- 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
+++ 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java
@@ -20,10 +20,9 @@ package org.apache.hadoop.security;
 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.apache.hadoop.security.authorize.ProxyUsers;
+import org.apache.hadoop.util.HttpExceptionUtils;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.utils.URLEncodedUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -42,9 +41,6 @@ import java.util.List;
  */
 public class AuthenticationWithProxyUserFilter extends AuthenticationFilter {
 
-  public static final Logger LOG =
-  LoggerFactory.getLogger(AuthenticationWithProxyUserFilter.class);
-
   /**
* Constant used in URL's query string to perform a proxy user request, the
* value of the DO_AS parameter is the user the request will be
@@ -70,30 +66,29 @@ public class AuthenticationWithProxyUserFilter extends 
AuthenticationFilter {
   protected void doFilter(FilterChain filterChain, HttpServletRequest request,
   HttpServletResponse response) throws IOException, ServletException {
 
-final String proxyUser = getDoAs(request);
+// authorize proxy user before calling next filter.
+String proxyUser = getDoAs(request);
 if (proxyUser != null) {
+  UserGroupInformation realUser =
+  UserGroupInformation.createRemoteUser(request.getRemoteUser());
+  UserGroupInformation proxyUserInfo =
+  UserGroupInformation.createProxyUser(proxyUser, realUser);
 
-  // Change the remote user after proxy user is authorized.
-  final HttpServletRequest finalReq = request;
-  request = new HttpServletRequestWrapper(finalReq) {
-
-private String getRemoteOrProxyUser() throws AuthorizationException {
-  UserGroupInformation realUser =
-  UserGroupInformation.createRemoteUser(finalReq.getRemoteUser());
-  UserGroupInformation proxyUserInfo =
-  UserGroupInformation.createProxyUser(proxyUser, realUser);
-  ProxyUsers.authorize(proxyUserInfo, finalReq.getRemoteAddr());
-  return proxyUserInfo.getUserName();
-}
+  try {
+ProxyUsers.authorize(proxyUserInfo, request.getRemoteAddr());
+  } catch (AuthorizationException ex) {
+HttpExceptionUtils.createServletExceptionResponse(response,
+HttpServletResponse.SC_FORBIDDEN, ex);
+// stop filter chain if there is an Authorization Exception.
+return;
+  }
 
+  final UserGroupInformation finalProxyUser = proxyUserInfo;
+  // Change the remote user after proxy user is authorized.
+  request = new HttpServletRequestWrapper(request) {
 @Override
 public String getRemoteUser() {
-  try {
-return getRemoteOrProxyUser();
-  } catch (AuthorizationException ex) {
-

[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."

[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."

[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."

3 matches

Site Navigation

Mail list logo

Footer information