[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."
Repository: hadoop Updated Branches: refs/heads/branch-3.0.1 6b23e5dc2 -> eaf7b0382 Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu." This reverts commit 172b23af33554b7d58fd41b022d983bcc2433da7. (cherry picked from commit d0d2d4c51e9534e08893ae14cf3fff7b2ee70b1d) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f49b044c Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f49b044c Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f49b044c Branch: refs/heads/branch-3.0.1 Commit: f49b044cbf08e797b25c6e0c8e6ede98e904773a Parents: 6b23e5d Author: Owen O'MalleyAuthored: Thu Mar 1 09:59:08 2018 -0800 Committer: Lei Xu Committed: Sat Mar 10 13:46:07 2018 -0800 -- .../AuthenticationWithProxyUserFilter.java | 43 --- .../hadoop/http/TestHttpServerWithSpengo.java | 15 +-- .../mapreduce/v2/app/webapp/AppController.java | 7 +- .../hadoop/yarn/server/webapp/AppBlock.java | 113 ++- 4 files changed, 85 insertions(+), 93 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/f49b044c/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java index c97f8ad..ea9b282 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java @@ -20,10 +20,9 @@ package org.apache.hadoop.security; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; +import org.apache.hadoop.util.HttpExceptionUtils; import org.apache.http.NameValuePair; import org.apache.http.client.utils.URLEncodedUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -42,9 +41,6 @@ import java.util.List; */ public class AuthenticationWithProxyUserFilter extends AuthenticationFilter { - public static final Logger LOG = - LoggerFactory.getLogger(AuthenticationWithProxyUserFilter.class); - /** * Constant used in URL's query string to perform a proxy user request, the * value of the DO_AS parameter is the user the request will be @@ -70,30 +66,29 @@ public class AuthenticationWithProxyUserFilter extends AuthenticationFilter { protected void doFilter(FilterChain filterChain, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { -final String proxyUser = getDoAs(request); +// authorize proxy user before calling next filter. +String proxyUser = getDoAs(request); if (proxyUser != null) { + UserGroupInformation realUser = + UserGroupInformation.createRemoteUser(request.getRemoteUser()); + UserGroupInformation proxyUserInfo = + UserGroupInformation.createProxyUser(proxyUser, realUser); - // Change the remote user after proxy user is authorized. - final HttpServletRequest finalReq = request; - request = new HttpServletRequestWrapper(finalReq) { - -private String getRemoteOrProxyUser() throws AuthorizationException { - UserGroupInformation realUser = - UserGroupInformation.createRemoteUser(finalReq.getRemoteUser()); - UserGroupInformation proxyUserInfo = - UserGroupInformation.createProxyUser(proxyUser, realUser); - ProxyUsers.authorize(proxyUserInfo, finalReq.getRemoteAddr()); - return proxyUserInfo.getUserName(); -} + try { +ProxyUsers.authorize(proxyUserInfo, request.getRemoteAddr()); + } catch (AuthorizationException ex) { +HttpExceptionUtils.createServletExceptionResponse(response, +HttpServletResponse.SC_FORBIDDEN, ex); +// stop filter chain if there is an Authorization Exception. +return; + } + final UserGroupInformation finalProxyUser = proxyUserInfo; + // Change the remote user after proxy user is authorized. + request = new HttpServletRequestWrapper(request) { @Override public String getRemoteUser() { - try { -return getRemoteOrProxyUser(); - } catch (AuthorizationException ex) { -
[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."
Repository: hadoop Updated Branches: refs/heads/branch-3.0 2e607f210 -> 8034faa88 Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu." This reverts commit 172b23af33554b7d58fd41b022d983bcc2433da7. (cherry picked from commit d0d2d4c51e9534e08893ae14cf3fff7b2ee70b1d) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0f106df4 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0f106df4 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0f106df4 Branch: refs/heads/branch-3.0 Commit: 0f106df4d6de589650c6acdfb34049ae17ac55b0 Parents: 2e607f2 Author: Owen O'MalleyAuthored: Thu Mar 1 09:59:08 2018 -0800 Committer: Lei Xu Committed: Sat Mar 10 13:33:52 2018 -0800 -- .../AuthenticationWithProxyUserFilter.java | 43 --- .../hadoop/http/TestHttpServerWithSpengo.java | 15 +-- .../mapreduce/v2/app/webapp/AppController.java | 7 +- .../hadoop/yarn/server/webapp/AppBlock.java | 113 ++- 4 files changed, 85 insertions(+), 93 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/0f106df4/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java index c97f8ad..ea9b282 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java @@ -20,10 +20,9 @@ package org.apache.hadoop.security; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; +import org.apache.hadoop.util.HttpExceptionUtils; import org.apache.http.NameValuePair; import org.apache.http.client.utils.URLEncodedUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -42,9 +41,6 @@ import java.util.List; */ public class AuthenticationWithProxyUserFilter extends AuthenticationFilter { - public static final Logger LOG = - LoggerFactory.getLogger(AuthenticationWithProxyUserFilter.class); - /** * Constant used in URL's query string to perform a proxy user request, the * value of the DO_AS parameter is the user the request will be @@ -70,30 +66,29 @@ public class AuthenticationWithProxyUserFilter extends AuthenticationFilter { protected void doFilter(FilterChain filterChain, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { -final String proxyUser = getDoAs(request); +// authorize proxy user before calling next filter. +String proxyUser = getDoAs(request); if (proxyUser != null) { + UserGroupInformation realUser = + UserGroupInformation.createRemoteUser(request.getRemoteUser()); + UserGroupInformation proxyUserInfo = + UserGroupInformation.createProxyUser(proxyUser, realUser); - // Change the remote user after proxy user is authorized. - final HttpServletRequest finalReq = request; - request = new HttpServletRequestWrapper(finalReq) { - -private String getRemoteOrProxyUser() throws AuthorizationException { - UserGroupInformation realUser = - UserGroupInformation.createRemoteUser(finalReq.getRemoteUser()); - UserGroupInformation proxyUserInfo = - UserGroupInformation.createProxyUser(proxyUser, realUser); - ProxyUsers.authorize(proxyUserInfo, finalReq.getRemoteAddr()); - return proxyUserInfo.getUserName(); -} + try { +ProxyUsers.authorize(proxyUserInfo, request.getRemoteAddr()); + } catch (AuthorizationException ex) { +HttpExceptionUtils.createServletExceptionResponse(response, +HttpServletResponse.SC_FORBIDDEN, ex); +// stop filter chain if there is an Authorization Exception. +return; + } + final UserGroupInformation finalProxyUser = proxyUserInfo; + // Change the remote user after proxy user is authorized. + request = new HttpServletRequestWrapper(request) { @Override public String getRemoteUser() { - try { -return getRemoteOrProxyUser(); - } catch (AuthorizationException ex) { -
[1/3] hadoop git commit: Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu."
Repository: hadoop Updated Branches: refs/heads/trunk 4743d4a2c -> ea18e70a7 Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed by Yuanbo Liu." This reverts commit 172b23af33554b7d58fd41b022d983bcc2433da7. (cherry picked from commit d0d2d4c51e9534e08893ae14cf3fff7b2ee70b1d) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/3a8dade9 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/3a8dade9 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/3a8dade9 Branch: refs/heads/trunk Commit: 3a8dade9b1bf01cf75fc68cecb351c23302cdee5 Parents: 4743d4a Author: Owen O'MalleyAuthored: Thu Mar 1 09:59:08 2018 -0800 Committer: Wangda Tan Committed: Fri Mar 9 22:46:30 2018 -0800 -- .../AuthenticationWithProxyUserFilter.java | 43 --- .../hadoop/http/TestHttpServerWithSpengo.java | 15 +-- .../mapreduce/v2/app/webapp/AppController.java | 7 +- .../hadoop/yarn/server/webapp/AppBlock.java | 113 ++- 4 files changed, 85 insertions(+), 93 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3a8dade9/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java index c97f8ad..ea9b282 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java @@ -20,10 +20,9 @@ package org.apache.hadoop.security; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.authorize.ProxyUsers; +import org.apache.hadoop.util.HttpExceptionUtils; import org.apache.http.NameValuePair; import org.apache.http.client.utils.URLEncodedUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -42,9 +41,6 @@ import java.util.List; */ public class AuthenticationWithProxyUserFilter extends AuthenticationFilter { - public static final Logger LOG = - LoggerFactory.getLogger(AuthenticationWithProxyUserFilter.class); - /** * Constant used in URL's query string to perform a proxy user request, the * value of the DO_AS parameter is the user the request will be @@ -70,30 +66,29 @@ public class AuthenticationWithProxyUserFilter extends AuthenticationFilter { protected void doFilter(FilterChain filterChain, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { -final String proxyUser = getDoAs(request); +// authorize proxy user before calling next filter. +String proxyUser = getDoAs(request); if (proxyUser != null) { + UserGroupInformation realUser = + UserGroupInformation.createRemoteUser(request.getRemoteUser()); + UserGroupInformation proxyUserInfo = + UserGroupInformation.createProxyUser(proxyUser, realUser); - // Change the remote user after proxy user is authorized. - final HttpServletRequest finalReq = request; - request = new HttpServletRequestWrapper(finalReq) { - -private String getRemoteOrProxyUser() throws AuthorizationException { - UserGroupInformation realUser = - UserGroupInformation.createRemoteUser(finalReq.getRemoteUser()); - UserGroupInformation proxyUserInfo = - UserGroupInformation.createProxyUser(proxyUser, realUser); - ProxyUsers.authorize(proxyUserInfo, finalReq.getRemoteAddr()); - return proxyUserInfo.getUserName(); -} + try { +ProxyUsers.authorize(proxyUserInfo, request.getRemoteAddr()); + } catch (AuthorizationException ex) { +HttpExceptionUtils.createServletExceptionResponse(response, +HttpServletResponse.SC_FORBIDDEN, ex); +// stop filter chain if there is an Authorization Exception. +return; + } + final UserGroupInformation finalProxyUser = proxyUserInfo; + // Change the remote user after proxy user is authorized. + request = new HttpServletRequestWrapper(request) { @Override public String getRemoteUser() { - try { -return getRemoteOrProxyUser(); - } catch (AuthorizationException ex) { -