HDFS-9760. WebHDFS AuthFilter cannot be configured with custom AltKerberos auth handler (Ryan Sasson via aw)
This commit is contained in:
parent
60d2011b7c
commit
401ae4ecdb
|
@ -2715,6 +2715,9 @@ Release 2.8.0 - UNRELEASED
|
||||||
HDFS-9713. DataXceiver#copyBlock should return if block is pinned.
|
HDFS-9713. DataXceiver#copyBlock should return if block is pinned.
|
||||||
(umamahesh)
|
(umamahesh)
|
||||||
|
|
||||||
|
HDFS-9760. WebHDFS AuthFilter cannot be configured with custom AltKerberos
|
||||||
|
auth handler (Ryan Sasson via aw)
|
||||||
|
|
||||||
Release 2.7.3 - UNRELEASED
|
Release 2.7.3 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -21,7 +21,9 @@ package org.apache.hadoop.hdfs.server.namenode;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.Iterator;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Map.Entry;
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
|
|
||||||
|
@ -34,6 +36,7 @@ import org.apache.hadoop.hdfs.client.HdfsClientConfigKeys;
|
||||||
import org.apache.hadoop.hdfs.server.common.JspHelper;
|
import org.apache.hadoop.hdfs.server.common.JspHelper;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
|
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
|
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
|
||||||
|
import org.apache.hadoop.hdfs.web.AuthFilter;
|
||||||
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
|
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
|
||||||
import org.apache.hadoop.hdfs.web.resources.Param;
|
import org.apache.hadoop.hdfs.web.resources.Param;
|
||||||
import org.apache.hadoop.hdfs.web.resources.UserParam;
|
import org.apache.hadoop.hdfs.web.resources.UserParam;
|
||||||
|
@ -158,6 +161,14 @@ public class NameNodeHttpServer {
|
||||||
private Map<String, String> getAuthFilterParams(Configuration conf)
|
private Map<String, String> getAuthFilterParams(Configuration conf)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
Map<String, String> params = new HashMap<String, String>();
|
Map<String, String> params = new HashMap<String, String>();
|
||||||
|
// Select configs beginning with 'dfs.web.authentication.'
|
||||||
|
Iterator<Map.Entry<String, String>> iterator = conf.iterator();
|
||||||
|
while (iterator.hasNext()) {
|
||||||
|
Entry<String, String> kvPair = iterator.next();
|
||||||
|
if (kvPair.getKey().startsWith(AuthFilter.CONF_PREFIX)) {
|
||||||
|
params.put(kvPair.getKey(), kvPair.getValue());
|
||||||
|
}
|
||||||
|
}
|
||||||
String principalInConf = conf
|
String principalInConf = conf
|
||||||
.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY);
|
.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY);
|
||||||
if (principalInConf != null && !principalInConf.isEmpty()) {
|
if (principalInConf != null && !principalInConf.isEmpty()) {
|
||||||
|
|
|
@ -46,7 +46,7 @@ import org.apache.hadoop.util.StringUtils;
|
||||||
* obtains Hadoop-Auth configuration for webhdfs.
|
* obtains Hadoop-Auth configuration for webhdfs.
|
||||||
*/
|
*/
|
||||||
public class AuthFilter extends AuthenticationFilter {
|
public class AuthFilter extends AuthenticationFilter {
|
||||||
private static final String CONF_PREFIX = "dfs.web.authentication.";
|
public static final String CONF_PREFIX = "dfs.web.authentication.";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the filter configuration properties,
|
* Returns the filter configuration properties,
|
||||||
|
@ -62,9 +62,11 @@ public class AuthFilter extends AuthenticationFilter {
|
||||||
protected Properties getConfiguration(String prefix, FilterConfig config)
|
protected Properties getConfiguration(String prefix, FilterConfig config)
|
||||||
throws ServletException {
|
throws ServletException {
|
||||||
final Properties p = super.getConfiguration(CONF_PREFIX, config);
|
final Properties p = super.getConfiguration(CONF_PREFIX, config);
|
||||||
// set authentication type
|
// if not set, configure based on security enabled
|
||||||
|
if (p.getProperty(AUTH_TYPE) == null) {
|
||||||
p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
|
p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
|
||||||
KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
|
KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
|
||||||
|
}
|
||||||
// if not set, enable anonymous for pseudo authentication
|
// if not set, enable anonymous for pseudo authentication
|
||||||
if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
|
if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
|
||||||
p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
|
p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
|
||||||
|
|
|
@ -98,4 +98,19 @@ public class TestAuthFilter {
|
||||||
Assert.assertEquals("true",
|
Assert.assertEquals("true",
|
||||||
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
|
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetCustomAuthConfiguration() throws ServletException {
|
||||||
|
AuthFilter filter = new AuthFilter();
|
||||||
|
Map<String, String> m = new HashMap<String,String>();
|
||||||
|
|
||||||
|
m.put(AuthFilter.CONF_PREFIX + AuthFilter.AUTH_TYPE, "com.yourclass");
|
||||||
|
m.put(AuthFilter.CONF_PREFIX + "alt-kerberos.param", "value");
|
||||||
|
FilterConfig config = new DummyFilterConfig(m);
|
||||||
|
|
||||||
|
Properties p = filter.getConfiguration(AuthFilter.CONF_PREFIX, config);
|
||||||
|
Assert.assertEquals("com.yourclass", p.getProperty(AuthFilter.AUTH_TYPE));
|
||||||
|
Assert.assertEquals("value", p.getProperty("alt-kerberos.param"));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue