YARN-8108. Added option to disable loading existing filters to prevent

security filter from initialize twice. Contributed by Sunil Govindan
2018-06-26 17:34:57 -04:00 · 2018-06-26 17:34:57 -04:00 · b69ba0f330
parent 3e586330eb
commit b69ba0f330
2 changed files with 12 additions and 4 deletions
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/WebApps.java
@ -83,6 +83,7 @@ public class WebApps {
      public String name;
      public String spec;
      public Map<String, String> params;
+      public boolean loadExistingFilters = true;
    }
    
    final String name;
@ -151,12 +152,13 @@ public class WebApps {

    public Builder<T> withServlet(String name, String pathSpec,
        Class<? extends HttpServlet> servlet,
-        Map<String, String> params) {
+        Map<String, String> params,boolean loadExistingFilters) {
      ServletStruct struct = new ServletStruct();
      struct.clazz = servlet;
      struct.name = name;
      struct.spec = pathSpec;
      struct.params = params;
+      struct.loadExistingFilters = loadExistingFilters;
      servlets.add(struct);
      return this;
    }
@ -256,9 +258,15 @@ public class WebApps {
          pathList.add("/" + wsName + "/*");
        }
      }
+
      for (ServletStruct s : servlets) {
        if (!pathList.contains(s.spec)) {
-          pathList.add(s.spec);
+          // The servlet told us to not load-existing filters, but we still want
+          // to add the default authentication filter always, so add it to the
+          // pathList
+          if (!s.loadExistingFilters) {
+            pathList.add(s.spec);
+          }
        }
      }
      if (conf == null) {
@ -333,7 +341,7 @@ public class WebApps {
        HttpServer2 server = builder.build();

        for(ServletStruct struct: servlets) {
-          if (struct.params != null) {
+          if (!struct.loadExistingFilters) {
            server.addInternalServlet(struct.name, struct.spec,
                struct.clazz, struct.params);
          } else {
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/ResourceManager.java
@ -1111,7 +1111,7 @@ public class ResourceManager extends CompositeService implements Recoverable {
                "ws")
            .with(conf)
            .withServlet("API-Service", "/app/*",
-                ServletContainer.class, params)
+                ServletContainer.class, params, false)
            .withHttpSpnegoPrincipalKey(
                YarnConfiguration.RM_WEBAPP_SPNEGO_USER_NAME_KEY)
            .withHttpSpnegoKeytabKey(