From b59911d841ec016c0b0ee3115c8efea4a84a6d1d Mon Sep 17 00:00:00 2001 From: Zsombor Gegesy Date: Tue, 16 Apr 2019 05:27:29 -0700 Subject: [PATCH] HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy. Signed-off-by: Wei-Chiu Chuang (cherry picked from commit 008766c119d9ed9d568f9458ed0c02136962da5b) --- .../key/kms/server/KMSExceptionsProvider.java | 5 +- .../crypto/key/kms/server/KMSMDCFilter.java | 58 ++++++++++++++----- 2 files changed, 48 insertions(+), 15 deletions(-) diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java index 3d977532df8..ceaa8bc815e 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java @@ -111,9 +111,10 @@ public class KMSExceptionsProvider implements ExceptionMapper { UserGroupInformation ugi = KMSMDCFilter.getUgi(); String method = KMSMDCFilter.getMethod(); String url = KMSMDCFilter.getURL(); + String remoteClientAddress = KMSMDCFilter.getRemoteClientAddress(); String msg = getOneLineMessage(ex); - LOG.warn("User:'{}' Method:{} URL:{} Response:{}-{}", ugi, method, url, - status, msg, ex); + LOG.warn("User:'{}' Method:{} URL:{} From:{} Response:{}-{}", ugi, method, + url, remoteClientAddress, status, msg, ex); } } diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java index 81591e57cde..f3c0bbdda61 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java @@ -21,6 +21,8 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation; +import com.google.common.annotations.VisibleForTesting; + import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -38,29 +40,40 @@ import java.io.IOException; public class KMSMDCFilter implements Filter { private static class Data { - private UserGroupInformation ugi; - private String method; - private StringBuffer url; + private final UserGroupInformation ugi; + private final String method; + private final String url; + private final String remoteClientAddress; - private Data(UserGroupInformation ugi, String method, StringBuffer url) { + private Data(UserGroupInformation ugi, String method, String url, + String remoteClientAddress) { this.ugi = ugi; this.method = method; this.url = url; + this.remoteClientAddress = remoteClientAddress; } } private static final ThreadLocal DATA_TL = new ThreadLocal(); public static UserGroupInformation getUgi() { - return DATA_TL.get().ugi; + Data data = DATA_TL.get(); + return data != null ? data.ugi : null; } public static String getMethod() { - return DATA_TL.get().method; + Data data = DATA_TL.get(); + return data != null ? data.method : null; } public static String getURL() { - return DATA_TL.get().url.toString(); + Data data = DATA_TL.get(); + return data != null ? data.url : null; + } + + public static String getRemoteClientAddress() { + Data data = DATA_TL.get(); + return data != null ? data.remoteClientAddress : null; } @Override @@ -72,22 +85,41 @@ public class KMSMDCFilter implements Filter { FilterChain chain) throws IOException, ServletException { try { - DATA_TL.remove(); + clearContext(); UserGroupInformation ugi = HttpUserGroupInformation.get(); - String method = ((HttpServletRequest) request).getMethod(); - StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL(); - String queryString = ((HttpServletRequest) request).getQueryString(); + HttpServletRequest httpServletRequest = (HttpServletRequest) request; + String method = httpServletRequest.getMethod(); + StringBuffer requestURL = httpServletRequest.getRequestURL(); + String queryString = httpServletRequest.getQueryString(); if (queryString != null) { requestURL.append("?").append(queryString); } - DATA_TL.set(new Data(ugi, method, requestURL)); + setContext(ugi, method, requestURL.toString(), request.getRemoteAddr()); chain.doFilter(request, response); } finally { - DATA_TL.remove(); + clearContext(); } } @Override public void destroy() { } + + /** + * Sets the context with the given parameters. + * @param ugi the {@link UserGroupInformation} for the current request. + * @param method the http method + * @param requestURL the requested URL. + * @param remoteAddr the remote address of the client. + */ + @VisibleForTesting + public static void setContext(UserGroupInformation ugi, + String method, String requestURL, String remoteAddr) { + DATA_TL.set(new Data(ugi, method, requestURL, remoteAddr)); + } + + private static void clearContext() { + DATA_TL.remove(); + } + }