Author: daryn Date: Tue Apr 15 15:27:04 2014 New Revision: 1587609 URL: http://svn.apache.org/r1587609 Log: svn merge -c 1587608 FIXES: HADOOP-10498. Add support for proxy server. (daryn)
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1587609&r1=1587608&r2=1587609&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Tue Apr 15 15:27:04 2014 @@ -8,6 +8,8 @@ Release 2.5.0 - UNRELEASED NEW FEATURES + HADOOP-10498. Add support for proxy server. (daryn) + IMPROVEMENTS HADOOP-10451. Remove unused field and imports from SaslRpcServer. Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java?rev=1587609&r1=1587608&r2=1587609&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java Tue Apr 15 15:27:04 2014 @@ -19,9 +19,11 @@ package org.apache.hadoop.security.authorize; import java.net.InetAddress; +import java.net.InetSocketAddress; import java.net.UnknownHostException; import java.util.Collection; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; import java.util.Map.Entry; @@ -39,12 +41,16 @@ public class ProxyUsers { public static final String CONF_GROUPS = ".groups"; public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser."; public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\."; + public static final String CONF_HADOOP_PROXYSERVERS = "hadoop.proxyservers"; + private static boolean init = false; // list of groups and hosts per proxyuser private static Map<String, Collection<String>> proxyGroups = new HashMap<String, Collection<String>>(); private static Map<String, Collection<String>> proxyHosts = new HashMap<String, Collection<String>>(); + private static Collection<String> proxyServers = + new HashSet<String>(); /** * reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts" @@ -60,9 +66,10 @@ public class ProxyUsers { */ public static synchronized void refreshSuperUserGroupsConfiguration(Configuration conf) { - // remove alle existing stuff + // remove all existing stuff proxyGroups.clear(); proxyHosts.clear(); + proxyServers.clear(); // get all the new keys for groups String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_GROUPS; @@ -80,9 +87,23 @@ public class ProxyUsers { StringUtils.getTrimmedStringCollection(entry.getValue())); } + // trusted proxy servers such as http proxies + for (String host : conf.getTrimmedStrings(CONF_HADOOP_PROXYSERVERS)) { + InetSocketAddress addr = new InetSocketAddress(host, 0); + if (!addr.isUnresolved()) { + proxyServers.add(addr.getAddress().getHostAddress()); + } + } init = true; } + public static synchronized boolean isProxyServer(String remoteAddr) { + if(!init) { + refreshSuperUserGroupsConfiguration(); + } + return proxyServers.contains(remoteAddr); + } + /** * Returns configuration key for effective user groups allowed for a superuser * Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java?rev=1587609&r1=1587608&r2=1587609&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java Tue Apr 15 15:27:04 2014 @@ -169,6 +169,16 @@ public class TestProxyUsers { assertEquals (1,hosts.size()); } + @Test + public void testProxyServer() { + Configuration conf = new Configuration(); + assertFalse(ProxyUsers.isProxyServer("1.1.1.1")); + conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "2.2.2.2, 3.3.3.3"); + ProxyUsers.refreshSuperUserGroupsConfiguration(conf); + assertFalse(ProxyUsers.isProxyServer("1.1.1.1")); + assertTrue(ProxyUsers.isProxyServer("2.2.2.2")); + assertTrue(ProxyUsers.isProxyServer("3.3.3.3")); + } private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) { try {