Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-13707. Skip authorization for anonymous user to access Hadoop 

web interface in non-secure environment.  (Yuanbo Liu via eyang)

    (cherry picked from commit dc308e98b9)
    With Addendum patch
This commit is contained in:
Eric Yang 2016-10-16 20:32:48 -07:00
parent a4356bb7a5
commit 7993fb5b81
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics/MetricsServlet.java
View File

@ -25,6 +25,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.TreeMap; import java.util.TreeMap;
import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -109,8 +110,13 @@ public class MetricsServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response) public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { throws ServletException, IOException {
if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), // If user is a static user and auth Type is null, that means
request, response)) { // there is a non-security environment and no need authorization,
// otherwise, do the authorization.
final ServletContext servletContext = getServletContext();
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
!HttpServer2.isInstrumentationAccessAllowed(servletContext,
request, response)) {
return; return;
} }