HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1616002 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2014-08-05 20:58:25 +00:00
parent b7e67db372
commit b9984e59d8
6 changed files with 48 additions and 8 deletions

View File

@ -527,6 +527,8 @@ Release 2.6.0 - UNRELEASED
HADOOP-10937. Need to set version name correctly before decrypting EEK.
(Arun Suresh via wang)
HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
Release 2.5.0 - UNRELEASED
INCOMPATIBLE CHANGES

View File

@ -1005,7 +1005,7 @@ public final class HttpServer2 implements FilterContainer {
String remoteUser = request.getRemoteUser();
if (remoteUser == null) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
response.sendError(HttpServletResponse.SC_FORBIDDEN,
"Unauthenticated users are not " +
"authorized to access this page.");
return false;
@ -1013,7 +1013,7 @@ public final class HttpServer2 implements FilterContainer {
if (servletContext.getAttribute(ADMINS_ACL) != null &&
!userHasAdministratorAccess(servletContext, remoteUser)) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User "
response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
+ remoteUser + " is unauthorized to access this page.");
return false;
}

View File

@ -143,6 +143,12 @@ public class JMXJsonServlet extends HttpServlet {
jsonFactory = new JsonFactory();
}
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
HttpServletResponse response) throws IOException {
return HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
request, response);
}
/**
* Process a GET request for the specified resource.
*
@ -154,8 +160,7 @@ public class JMXJsonServlet extends HttpServlet {
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) {
try {
if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
request, response)) {
if (!isInstrumentationAccessAllowed(request, response)) {
return;
}
JsonGenerator jg = null;

View File

@ -414,7 +414,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
+ servlet, user));
}
assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, getHttpStatusCode(
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
serverURL + servlet, "userE"));
}
myServer.stop();
@ -474,7 +474,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
response = Mockito.mock(HttpServletResponse.class);
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true);
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
//authorization ON & user NOT NULL & ACLs NULL
response = Mockito.mock(HttpServletResponse.class);
@ -487,7 +487,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(false);
Mockito.when(context.getAttribute(HttpServer2.ADMINS_ACL)).thenReturn(acls);
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
//authorization ON & user NOT NULL & ACLs NOT NULL & user in in ACLs
response = Mockito.mock(HttpServletResponse.class);

View File

@ -0,0 +1,33 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.crypto.key.kms.server;
import org.apache.hadoop.jmx.JMXJsonServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class KMSJMXServlet extends JMXJsonServlet {
@Override
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
HttpServletResponse response) throws IOException {
return true;
}
}

View File

@ -42,7 +42,7 @@
<servlet>
<servlet-name>jmx-servlet</servlet-name>
<servlet-class>org.apache.hadoop.jmx.JMXJsonServlet</servlet-class>
<servlet-class>org.apache.hadoop.crypto.key.kms.server.KMSJMXServlet</servlet-class>
</servlet>
<servlet-mapping>