HDFS-5516. WebHDFS does not require user name when anonymous http requests are disallowed. Contributed by Miodrag Radulovic.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1578549 13f79535-47bb-0310-9956-ffa450edef68
2014-03-17 20:25:10 +00:00 · 2014-03-17 20:25:10 +00:00 · 6318afe3b9
parent 7944eab64a
commit 6318afe3b9
5 changed files with 38 additions and 2 deletions
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@ -629,6 +629,9 @@ Release 2.4.0 - UNRELEASED
    HDFS-6107. When a block can't be cached due to limited space on the
    DataNode, that block becomes uncacheable (cmccabe)

+    HDFS-5516. WebHDFS does not require user name when anonymous http requests
+    are disallowed. (Miodrag Radulovic via cnauroth)
+
  BREAKDOWN OF HDFS-5698 SUBTASKS AND RELATED JIRAS

    HDFS-5717. Save FSImage header in protobuf. (Haohui Mai via jing9)
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
@ -503,6 +503,7 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
  public static final String  DFS_NAMENODE_CHECKED_VOLUMES_KEY = "dfs.namenode.resource.checked.volumes";
  public static final String  DFS_NAMENODE_CHECKED_VOLUMES_MINIMUM_KEY = "dfs.namenode.resource.checked.volumes.minimum";
  public static final int     DFS_NAMENODE_CHECKED_VOLUMES_MINIMUM_DEFAULT = 1;
+  public static final String  DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED = "dfs.web.authentication.simple.anonymous.allowed";
  public static final String  DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY = "dfs.web.authentication.kerberos.principal";
  public static final String  DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY = "dfs.web.authentication.kerberos.keytab";
  public static final String  DFS_NAMENODE_MAX_OP_SIZE_KEY = "dfs.namenode.max.op.size";
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
@ -174,6 +174,13 @@ public class NameNodeHttpServer {
          DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY +
          "' is not set.");
    }
+    String anonymousAllowed = conf
+      .get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED);
+    if (anonymousAllowed != null && !anonymousAllowed.isEmpty()) {
+    params.put(
+        DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+        anonymousAllowed);
+    }
    return params;
  }

--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
@ -64,8 +64,10 @@ public class AuthFilter extends AuthenticationFilter {
    // set authentication type
    p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
        KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
-    //For Pseudo Authentication, allow anonymous.
-    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+    // if not set, enable anonymous for pseudo authentication
+    if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
+      p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+    }
    //set cookie path
    p.setProperty(COOKIE_PATH, "/");
    return p;
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
@ -75,4 +75,27 @@ public class TestAuthFilter {
    Assert.assertEquals("true",
        p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
  }
+  
+  @Test
+  public void testGetSimpleAuthDisabledConfiguration() throws ServletException {
+    AuthFilter filter = new AuthFilter();
+    Map<String, String> m = new HashMap<String,String>();
+    m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+        "false");
+    FilterConfig config = new DummyFilterConfig(m);
+    Properties p = filter.getConfiguration("random", config);
+    Assert.assertEquals("false",
+        p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+  }
+  
+  @Test
+  public void testGetSimpleAuthDefaultConfiguration() throws ServletException {
+    AuthFilter filter = new AuthFilter();
+    Map<String, String> m = new HashMap<String,String>();
+    
+    FilterConfig config = new DummyFilterConfig(m);
+    Properties p = filter.getConfiguration("random", config);
+    Assert.assertEquals("true",
+        p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+  }
 }