HDFS-5516. Merging change r1578549 from trunk to branch-2.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1578552 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Chris Nauroth 2014-03-17 20:30:20 +00:00
parent 8e38068076
commit 6db6c6744f
5 changed files with 38 additions and 2 deletions

View File

@ -385,6 +385,9 @@ Release 2.4.0 - UNRELEASED
HDFS-6094. The same block can be counted twice towards safe mode
threshold. (Arpit Agarwal)
HDFS-5516. WebHDFS does not require user name when anonymous http requests
are disallowed. (Miodrag Radulovic via cnauroth)
BREAKDOWN OF HDFS-5698 SUBTASKS AND RELATED JIRAS
HDFS-5717. Save FSImage header in protobuf. (Haohui Mai via jing9)

View File

@ -505,6 +505,7 @@ public class DFSConfigKeys extends CommonConfigurationKeys {
public static final String DFS_NAMENODE_CHECKED_VOLUMES_KEY = "dfs.namenode.resource.checked.volumes";
public static final String DFS_NAMENODE_CHECKED_VOLUMES_MINIMUM_KEY = "dfs.namenode.resource.checked.volumes.minimum";
public static final int DFS_NAMENODE_CHECKED_VOLUMES_MINIMUM_DEFAULT = 1;
public static final String DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED = "dfs.web.authentication.simple.anonymous.allowed";
public static final String DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY = "dfs.web.authentication.kerberos.principal";
public static final String DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY = "dfs.web.authentication.kerberos.keytab";
public static final String DFS_NAMENODE_MAX_OP_SIZE_KEY = "dfs.namenode.max.op.size";

View File

@ -174,6 +174,13 @@ public class NameNodeHttpServer {
DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY +
"' is not set.");
}
String anonymousAllowed = conf
.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED);
if (anonymousAllowed != null && !anonymousAllowed.isEmpty()) {
params.put(
DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
anonymousAllowed);
}
return params;
}

View File

@ -64,8 +64,10 @@ public class AuthFilter extends AuthenticationFilter {
// set authentication type
p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
//For Pseudo Authentication, allow anonymous.
p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
// if not set, enable anonymous for pseudo authentication
if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
}
//set cookie path
p.setProperty(COOKIE_PATH, "/");
return p;

View File

@ -75,4 +75,27 @@ public class TestAuthFilter {
Assert.assertEquals("true",
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
@Test
public void testGetSimpleAuthDisabledConfiguration() throws ServletException {
AuthFilter filter = new AuthFilter();
Map<String, String> m = new HashMap<String,String>();
m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
"false");
FilterConfig config = new DummyFilterConfig(m);
Properties p = filter.getConfiguration("random", config);
Assert.assertEquals("false",
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
@Test
public void testGetSimpleAuthDefaultConfiguration() throws ServletException {
AuthFilter filter = new AuthFilter();
Map<String, String> m = new HashMap<String,String>();
FilterConfig config = new DummyFilterConfig(m);
Properties p = filter.getConfiguration("random", config);
Assert.assertEquals("true",
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
}