hadoop git commit: HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang)
Repository: hadoop Updated Branches: refs/heads/branch-2.8 74782e7e4 -> b2667441e HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b2667441 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b2667441 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b2667441 Branch: refs/heads/branch-2.8 Commit: b2667441e63004b3159158cf5797618073efcf53 Parents: 74782e7 Author: Eric YangAuthored: Mon Oct 17 08:12:04 2016 -0700 Committer: Eric Yang Committed: Mon Oct 17 08:12:04 2016 -0700 -- .../org/apache/hadoop/conf/ConfServlet.java | 8 +- .../hadoop/http/AdminAuthorizedServlet.java | 11 +-- .../org/apache/hadoop/http/HttpServer2.java | 30 ++-- .../org/apache/hadoop/jmx/JMXJsonServlet.java | 8 +- .../java/org/apache/hadoop/log/LogLevel.java| 10 +-- .../apache/hadoop/metrics/MetricsServlet.java | 10 +-- .../org/apache/hadoop/http/TestHttpServer.java | 19 +++-- 7 files changed, 81 insertions(+), 15 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/b2667441/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java index c7f11b3..d4b34e9 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java @@ -20,6 +20,7 @@ package org.apache.hadoop.conf; import java.io.IOException; import java.io.Writer; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -56,7 +57,12 @@ public class ConfServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { -if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), +// If user is a static user and auth Type is null, that means +// there is a non-security environment and no need authorization, +// otherwise, do the authorization. +final ServletContext servletContext = getServletContext(); +if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && +!HttpServer2.isInstrumentationAccessAllowed(servletContext, request, response)) { return; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/b2667441/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java index ef562b4..e591ab4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java @@ -19,6 +19,7 @@ package org.apache.hadoop.http; import java.io.IOException; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,9 +36,13 @@ public class AdminAuthorizedServlet extends DefaultServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { -// Do the authorization -if (HttpServer2.hasAdministratorAccess(getServletContext(), request, + throws ServletException, IOException { +// If user is a static user and auth Type is null, that means +// there is a non-security environment and no need authorization, +// otherwise, do the authorization. +final ServletContext servletContext = getServletContext(); +if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) || +HttpServer2.hasAdministratorAccess(servletContext, request, response)) { // Authorization is done. Just call super. super.doGet(request, response);
hadoop git commit: HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang)
Repository: hadoop Updated Branches: refs/heads/branch-2 439422fff -> a4356bb7a HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang) (cherry picked from commit dc308e98b9f8f7458a28a015515876ddea5666f2) With Addendum patch Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/a4356bb7 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/a4356bb7 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/a4356bb7 Branch: refs/heads/branch-2 Commit: a4356bb7a5bf2fdf41bbced45968416e8ed945e6 Parents: 439422f Author: Eric YangAuthored: Sun Oct 16 20:32:48 2016 -0700 Committer: Eric Yang Committed: Sun Oct 16 20:32:48 2016 -0700 -- .../hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/a4356bb7/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java index cec62a1..1a3b97d 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java @@ -27,6 +27,7 @@ import java.util.regex.Pattern; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSocketFactory; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; - To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
hadoop git commit: HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang)
Repository: hadoop Updated Branches: refs/heads/branch-2.8 2304501bc -> 3574e5692 HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/3574e569 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/3574e569 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/3574e569 Branch: refs/heads/branch-2.8 Commit: 3574e5692da6da9b0eb9fbee66ef197ffbf1d1cd Parents: 2304501 Author: Eric YangAuthored: Fri Oct 14 22:10:15 2016 -0700 Committer: Eric Yang Committed: Fri Oct 14 22:14:59 2016 -0700 -- .../org/apache/hadoop/conf/ConfServlet.java | 8 - .../hadoop/http/AdminAuthorizedServlet.java | 11 +-- .../org/apache/hadoop/http/HttpServer2.java | 31 ++-- .../org/apache/hadoop/jmx/JMXJsonServlet.java | 8 - .../java/org/apache/hadoop/log/LogLevel.java| 10 +-- .../org/apache/hadoop/http/TestHttpServer.java | 17 ++- 6 files changed, 73 insertions(+), 12 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3574e569/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java index c7f11b3..d4b34e9 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java @@ -20,6 +20,7 @@ package org.apache.hadoop.conf; import java.io.IOException; import java.io.Writer; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -56,7 +57,12 @@ public class ConfServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { -if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), +// If user is a static user and auth Type is null, that means +// there is a non-security environment and no need authorization, +// otherwise, do the authorization. +final ServletContext servletContext = getServletContext(); +if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && +!HttpServer2.isInstrumentationAccessAllowed(servletContext, request, response)) { return; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/3574e569/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java index ef562b4..e591ab4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java @@ -19,6 +19,7 @@ package org.apache.hadoop.http; import java.io.IOException; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,9 +36,13 @@ public class AdminAuthorizedServlet extends DefaultServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { -// Do the authorization -if (HttpServer2.hasAdministratorAccess(getServletContext(), request, + throws ServletException, IOException { +// If user is a static user and auth Type is null, that means +// there is a non-security environment and no need authorization, +// otherwise, do the authorization. +final ServletContext servletContext = getServletContext(); +if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) || +HttpServer2.hasAdministratorAccess(servletContext, request, response)) { // Authorization is done. Just call super. super.doGet(request, response); http://git-wip-us.apache.org/repos/asf/hadoop/blob/3574e569/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
hadoop git commit: HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang)
Repository: hadoop Updated Branches: refs/heads/branch-2 863e1020c -> dc308e98b HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/dc308e98 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/dc308e98 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/dc308e98 Branch: refs/heads/branch-2 Commit: dc308e98b9f8f7458a28a015515876ddea5666f2 Parents: 863e102 Author: Eric YangAuthored: Fri Oct 14 22:10:15 2016 -0700 Committer: Eric Yang Committed: Fri Oct 14 22:13:24 2016 -0700 -- .../org/apache/hadoop/conf/ConfServlet.java | 8 - .../hadoop/http/AdminAuthorizedServlet.java | 11 +-- .../org/apache/hadoop/http/HttpServer2.java | 31 ++-- .../org/apache/hadoop/jmx/JMXJsonServlet.java | 8 - .../java/org/apache/hadoop/log/LogLevel.java| 10 +-- .../org/apache/hadoop/http/TestHttpServer.java | 17 ++- 6 files changed, 73 insertions(+), 12 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/dc308e98/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java index c7f11b3..d4b34e9 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java @@ -20,6 +20,7 @@ package org.apache.hadoop.conf; import java.io.IOException; import java.io.Writer; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -56,7 +57,12 @@ public class ConfServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { -if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), +// If user is a static user and auth Type is null, that means +// there is a non-security environment and no need authorization, +// otherwise, do the authorization. +final ServletContext servletContext = getServletContext(); +if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && +!HttpServer2.isInstrumentationAccessAllowed(servletContext, request, response)) { return; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/dc308e98/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java index ef562b4..e591ab4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java @@ -19,6 +19,7 @@ package org.apache.hadoop.http; import java.io.IOException; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,9 +36,13 @@ public class AdminAuthorizedServlet extends DefaultServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { -// Do the authorization -if (HttpServer2.hasAdministratorAccess(getServletContext(), request, + throws ServletException, IOException { +// If user is a static user and auth Type is null, that means +// there is a non-security environment and no need authorization, +// otherwise, do the authorization. +final ServletContext servletContext = getServletContext(); +if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) || +HttpServer2.hasAdministratorAccess(servletContext, request, response)) { // Authorization is done. Just call super. super.doGet(request, response); http://git-wip-us.apache.org/repos/asf/hadoop/blob/dc308e98/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
hadoop git commit: HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang)
Repository: hadoop Updated Branches: refs/heads/master [created] f2b056bad HADOOP-13707. Skip authorization for anonymous user to access Hadoop web interface in non-secure environment. (Yuanbo Liu via eyang) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f2b056ba Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f2b056ba Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f2b056ba Branch: refs/heads/master Commit: f2b056bad73d2b3cc787f880403faf30aabab15a Parents: a0da1ec Author: Eric YangAuthored: Fri Oct 14 22:10:15 2016 -0700 Committer: Eric Yang Committed: Fri Oct 14 22:10:15 2016 -0700 -- hadoop-common-project/hadoop-common/CHANGES.txt | 3 ++ .../org/apache/hadoop/conf/ConfServlet.java | 8 - .../hadoop/http/AdminAuthorizedServlet.java | 11 +-- .../org/apache/hadoop/http/HttpServer2.java | 31 ++-- .../org/apache/hadoop/jmx/JMXJsonServlet.java | 8 - .../java/org/apache/hadoop/log/LogLevel.java| 10 +-- .../org/apache/hadoop/http/TestHttpServer.java | 17 ++- 7 files changed, 76 insertions(+), 12 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hadoop/blob/f2b056ba/hadoop-common-project/hadoop-common/CHANGES.txt -- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index bfad714..7154bd7 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -175,6 +175,9 @@ Release 2.8.0 - UNRELEASED BUG FIXES +HADOOP-13707. Skip authorization for anonymous user to access Hadoop +web interface in non-secure environment. (Yuanbo Liu via eyang) + HADOOP-12124. Add HTrace support for FsShell (cmccabe) HADOOP-12171. Shorten overly-long htrace span names for server (cmccabe) http://git-wip-us.apache.org/repos/asf/hadoop/blob/f2b056ba/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java index c7f11b3..d4b34e9 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java @@ -20,6 +20,7 @@ package org.apache.hadoop.conf; import java.io.IOException; import java.io.Writer; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -56,7 +57,12 @@ public class ConfServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { -if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), +// If user is a static user and auth Type is null, that means +// there is a non-security environment and no need authorization, +// otherwise, do the authorization. +final ServletContext servletContext = getServletContext(); +if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) && +!HttpServer2.isInstrumentationAccessAllowed(servletContext, request, response)) { return; } http://git-wip-us.apache.org/repos/asf/hadoop/blob/f2b056ba/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java -- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java index ef562b4..e591ab4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java @@ -19,6 +19,7 @@ package org.apache.hadoop.http; import java.io.IOException; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,9 +36,13 @@ public class AdminAuthorizedServlet extends DefaultServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { -//