HDFS-10481. HTTPFS server should correctly impersonate as end user to open file. Contributed by Xiao Chen.
(cherry picked from commit47e0321ee9
) (cherry picked from commitd5609e3499
)
This commit is contained in:
parent
d712b2ee3b
commit
6f69113417
|
@ -79,6 +79,7 @@ import java.io.IOException;
|
|||
import java.io.InputStream;
|
||||
import java.net.URI;
|
||||
import java.security.AccessControlException;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.text.MessageFormat;
|
||||
import java.util.EnumSet;
|
||||
import java.util.List;
|
||||
|
@ -94,6 +95,7 @@ import java.util.Map;
|
|||
@InterfaceAudience.Private
|
||||
public class HttpFSServer {
|
||||
private static Logger AUDIT_LOG = LoggerFactory.getLogger("httpfsaudit");
|
||||
private static final Logger LOG = LoggerFactory.getLogger(HttpFSServer.class);
|
||||
|
||||
/**
|
||||
* Executes a {@link FileSystemAccess.FileSystemExecutor} using a filesystem for the effective
|
||||
|
@ -208,9 +210,23 @@ public class HttpFSServer {
|
|||
case OPEN: {
|
||||
//Invoking the command directly using an unmanaged FileSystem that is
|
||||
// released by the FileSystemReleaseFilter
|
||||
FSOperations.FSOpen command = new FSOperations.FSOpen(path);
|
||||
FileSystem fs = createFileSystem(user);
|
||||
InputStream is = command.execute(fs);
|
||||
final FSOperations.FSOpen command = new FSOperations.FSOpen(path);
|
||||
final FileSystem fs = createFileSystem(user);
|
||||
InputStream is = null;
|
||||
UserGroupInformation ugi = UserGroupInformation
|
||||
.createProxyUser(user.getShortUserName(),
|
||||
UserGroupInformation.getLoginUser());
|
||||
try {
|
||||
is = ugi.doAs(new PrivilegedExceptionAction<InputStream>() {
|
||||
@Override
|
||||
public InputStream run() throws Exception {
|
||||
return command.execute(fs);
|
||||
}
|
||||
});
|
||||
} catch (InterruptedException ie) {
|
||||
LOG.info("Open interrupted.", ie);
|
||||
Thread.currentThread().interrupt();
|
||||
}
|
||||
Long offset = params.get(OffsetParam.NAME, OffsetParam.class);
|
||||
Long len = params.get(LenParam.NAME, LenParam.class);
|
||||
AUDIT_LOG.info("[{}] offset [{}] len [{}]",
|
||||
|
@ -221,8 +237,7 @@ public class HttpFSServer {
|
|||
break;
|
||||
}
|
||||
case GETFILESTATUS: {
|
||||
FSOperations.FSFileStatus command =
|
||||
new FSOperations.FSFileStatus(path);
|
||||
FSOperations.FSFileStatus command = new FSOperations.FSFileStatus(path);
|
||||
Map json = fsExecute(user, command);
|
||||
AUDIT_LOG.info("[{}]", path);
|
||||
response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
|
||||
|
@ -230,11 +245,10 @@ public class HttpFSServer {
|
|||
}
|
||||
case LISTSTATUS: {
|
||||
String filter = params.get(FilterParam.NAME, FilterParam.class);
|
||||
FSOperations.FSListStatus command = new FSOperations.FSListStatus(
|
||||
path, filter);
|
||||
FSOperations.FSListStatus command =
|
||||
new FSOperations.FSListStatus(path, filter);
|
||||
Map json = fsExecute(user, command);
|
||||
AUDIT_LOG.info("[{}] filter [{}]", path,
|
||||
(filter != null) ? filter : "-");
|
||||
AUDIT_LOG.info("[{}] filter [{}]", path, (filter != null) ? filter : "-");
|
||||
response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
|
||||
break;
|
||||
}
|
||||
|
@ -281,38 +295,34 @@ public class HttpFSServer {
|
|||
break;
|
||||
}
|
||||
case GETACLSTATUS: {
|
||||
FSOperations.FSAclStatus command =
|
||||
new FSOperations.FSAclStatus(path);
|
||||
FSOperations.FSAclStatus command = new FSOperations.FSAclStatus(path);
|
||||
Map json = fsExecute(user, command);
|
||||
AUDIT_LOG.info("ACL status for [{}]", path);
|
||||
response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
|
||||
break;
|
||||
}
|
||||
case GETXATTRS: {
|
||||
List<String> xattrNames = params.getValues(XAttrNameParam.NAME,
|
||||
XAttrNameParam.class);
|
||||
XAttrCodec encoding = params.get(XAttrEncodingParam.NAME,
|
||||
XAttrEncodingParam.class);
|
||||
FSOperations.FSGetXAttrs command = new FSOperations.FSGetXAttrs(path,
|
||||
xattrNames, encoding);
|
||||
@SuppressWarnings("rawtypes")
|
||||
Map json = fsExecute(user, command);
|
||||
List<String> xattrNames =
|
||||
params.getValues(XAttrNameParam.NAME, XAttrNameParam.class);
|
||||
XAttrCodec encoding =
|
||||
params.get(XAttrEncodingParam.NAME, XAttrEncodingParam.class);
|
||||
FSOperations.FSGetXAttrs command =
|
||||
new FSOperations.FSGetXAttrs(path, xattrNames, encoding);
|
||||
@SuppressWarnings("rawtypes") Map json = fsExecute(user, command);
|
||||
AUDIT_LOG.info("XAttrs for [{}]", path);
|
||||
response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
|
||||
break;
|
||||
}
|
||||
case LISTXATTRS: {
|
||||
FSOperations.FSListXAttrs command = new FSOperations.FSListXAttrs(path);
|
||||
@SuppressWarnings("rawtypes")
|
||||
Map json = fsExecute(user, command);
|
||||
@SuppressWarnings("rawtypes") Map json = fsExecute(user, command);
|
||||
AUDIT_LOG.info("XAttr names for [{}]", path);
|
||||
response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
throw new IOException(
|
||||
MessageFormat.format("Invalid HTTP GET operation [{0}]",
|
||||
op.value()));
|
||||
MessageFormat.format("Invalid HTTP GET operation [{0}]", op.value()));
|
||||
}
|
||||
}
|
||||
return response;
|
||||
|
|
Loading…
Reference in New Issue