HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1616002 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
b7e67db372
commit
b9984e59d8
|
@ -527,6 +527,8 @@ Release 2.6.0 - UNRELEASED
|
||||||
HADOOP-10937. Need to set version name correctly before decrypting EEK.
|
HADOOP-10937. Need to set version name correctly before decrypting EEK.
|
||||||
(Arun Suresh via wang)
|
(Arun Suresh via wang)
|
||||||
|
|
||||||
|
HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
|
||||||
|
|
||||||
Release 2.5.0 - UNRELEASED
|
Release 2.5.0 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -1005,7 +1005,7 @@ public final class HttpServer2 implements FilterContainer {
|
||||||
|
|
||||||
String remoteUser = request.getRemoteUser();
|
String remoteUser = request.getRemoteUser();
|
||||||
if (remoteUser == null) {
|
if (remoteUser == null) {
|
||||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
|
response.sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||||
"Unauthenticated users are not " +
|
"Unauthenticated users are not " +
|
||||||
"authorized to access this page.");
|
"authorized to access this page.");
|
||||||
return false;
|
return false;
|
||||||
|
@ -1013,7 +1013,7 @@ public final class HttpServer2 implements FilterContainer {
|
||||||
|
|
||||||
if (servletContext.getAttribute(ADMINS_ACL) != null &&
|
if (servletContext.getAttribute(ADMINS_ACL) != null &&
|
||||||
!userHasAdministratorAccess(servletContext, remoteUser)) {
|
!userHasAdministratorAccess(servletContext, remoteUser)) {
|
||||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User "
|
response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
|
||||||
+ remoteUser + " is unauthorized to access this page.");
|
+ remoteUser + " is unauthorized to access this page.");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -143,6 +143,12 @@ public class JMXJsonServlet extends HttpServlet {
|
||||||
jsonFactory = new JsonFactory();
|
jsonFactory = new JsonFactory();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
|
||||||
|
HttpServletResponse response) throws IOException {
|
||||||
|
return HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
|
||||||
|
request, response);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Process a GET request for the specified resource.
|
* Process a GET request for the specified resource.
|
||||||
*
|
*
|
||||||
|
@ -154,8 +160,7 @@ public class JMXJsonServlet extends HttpServlet {
|
||||||
@Override
|
@Override
|
||||||
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
||||||
try {
|
try {
|
||||||
if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
|
if (!isInstrumentationAccessAllowed(request, response)) {
|
||||||
request, response)) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
JsonGenerator jg = null;
|
JsonGenerator jg = null;
|
||||||
|
|
|
@ -414,7 +414,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
||||||
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
|
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
|
||||||
+ servlet, user));
|
+ servlet, user));
|
||||||
}
|
}
|
||||||
assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, getHttpStatusCode(
|
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
|
||||||
serverURL + servlet, "userE"));
|
serverURL + servlet, "userE"));
|
||||||
}
|
}
|
||||||
myServer.stop();
|
myServer.stop();
|
||||||
|
@ -474,7 +474,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
||||||
response = Mockito.mock(HttpServletResponse.class);
|
response = Mockito.mock(HttpServletResponse.class);
|
||||||
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true);
|
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true);
|
||||||
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
|
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
|
||||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
|
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
|
||||||
|
|
||||||
//authorization ON & user NOT NULL & ACLs NULL
|
//authorization ON & user NOT NULL & ACLs NULL
|
||||||
response = Mockito.mock(HttpServletResponse.class);
|
response = Mockito.mock(HttpServletResponse.class);
|
||||||
|
@ -487,7 +487,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
||||||
Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(false);
|
Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(false);
|
||||||
Mockito.when(context.getAttribute(HttpServer2.ADMINS_ACL)).thenReturn(acls);
|
Mockito.when(context.getAttribute(HttpServer2.ADMINS_ACL)).thenReturn(acls);
|
||||||
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
|
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
|
||||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
|
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
|
||||||
|
|
||||||
//authorization ON & user NOT NULL & ACLs NOT NULL & user in in ACLs
|
//authorization ON & user NOT NULL & ACLs NOT NULL & user in in ACLs
|
||||||
response = Mockito.mock(HttpServletResponse.class);
|
response = Mockito.mock(HttpServletResponse.class);
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.apache.hadoop.crypto.key.kms.server;
|
||||||
|
|
||||||
|
import org.apache.hadoop.jmx.JMXJsonServlet;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
public class KMSJMXServlet extends JMXJsonServlet {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
|
||||||
|
HttpServletResponse response) throws IOException {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
|
@ -42,7 +42,7 @@
|
||||||
|
|
||||||
<servlet>
|
<servlet>
|
||||||
<servlet-name>jmx-servlet</servlet-name>
|
<servlet-name>jmx-servlet</servlet-name>
|
||||||
<servlet-class>org.apache.hadoop.jmx.JMXJsonServlet</servlet-class>
|
<servlet-class>org.apache.hadoop.crypto.key.kms.server.KMSJMXServlet</servlet-class>
|
||||||
</servlet>
|
</servlet>
|
||||||
|
|
||||||
<servlet-mapping>
|
<servlet-mapping>
|
||||||
|
|
Loading…
Reference in New Issue