HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1616002 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
b7e67db372
commit
b9984e59d8
|
@ -527,6 +527,8 @@ Release 2.6.0 - UNRELEASED
|
|||
HADOOP-10937. Need to set version name correctly before decrypting EEK.
|
||||
(Arun Suresh via wang)
|
||||
|
||||
HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
|
||||
|
||||
Release 2.5.0 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -1005,7 +1005,7 @@ public final class HttpServer2 implements FilterContainer {
|
|||
|
||||
String remoteUser = request.getRemoteUser();
|
||||
if (remoteUser == null) {
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN,
|
||||
"Unauthenticated users are not " +
|
||||
"authorized to access this page.");
|
||||
return false;
|
||||
|
@ -1013,7 +1013,7 @@ public final class HttpServer2 implements FilterContainer {
|
|||
|
||||
if (servletContext.getAttribute(ADMINS_ACL) != null &&
|
||||
!userHasAdministratorAccess(servletContext, remoteUser)) {
|
||||
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User "
|
||||
response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
|
||||
+ remoteUser + " is unauthorized to access this page.");
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -143,6 +143,12 @@ public class JMXJsonServlet extends HttpServlet {
|
|||
jsonFactory = new JsonFactory();
|
||||
}
|
||||
|
||||
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
|
||||
HttpServletResponse response) throws IOException {
|
||||
return HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
|
||||
request, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Process a GET request for the specified resource.
|
||||
*
|
||||
|
@ -154,8 +160,7 @@ public class JMXJsonServlet extends HttpServlet {
|
|||
@Override
|
||||
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
||||
try {
|
||||
if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
|
||||
request, response)) {
|
||||
if (!isInstrumentationAccessAllowed(request, response)) {
|
||||
return;
|
||||
}
|
||||
JsonGenerator jg = null;
|
||||
|
|
|
@ -414,7 +414,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
|||
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
|
||||
+ servlet, user));
|
||||
}
|
||||
assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, getHttpStatusCode(
|
||||
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
|
||||
serverURL + servlet, "userE"));
|
||||
}
|
||||
myServer.stop();
|
||||
|
@ -474,7 +474,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
|||
response = Mockito.mock(HttpServletResponse.class);
|
||||
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true);
|
||||
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
|
||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
|
||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
|
||||
|
||||
//authorization ON & user NOT NULL & ACLs NULL
|
||||
response = Mockito.mock(HttpServletResponse.class);
|
||||
|
@ -487,7 +487,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
|||
Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(false);
|
||||
Mockito.when(context.getAttribute(HttpServer2.ADMINS_ACL)).thenReturn(acls);
|
||||
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
|
||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
|
||||
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
|
||||
|
||||
//authorization ON & user NOT NULL & ACLs NOT NULL & user in in ACLs
|
||||
response = Mockito.mock(HttpServletResponse.class);
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.hadoop.crypto.key.kms.server;
|
||||
|
||||
import org.apache.hadoop.jmx.JMXJsonServlet;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
public class KMSJMXServlet extends JMXJsonServlet {
|
||||
|
||||
@Override
|
||||
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
|
||||
HttpServletResponse response) throws IOException {
|
||||
return true;
|
||||
}
|
||||
}
|
|
@ -42,7 +42,7 @@
|
|||
|
||||
<servlet>
|
||||
<servlet-name>jmx-servlet</servlet-name>
|
||||
<servlet-class>org.apache.hadoop.jmx.JMXJsonServlet</servlet-class>
|
||||
<servlet-class>org.apache.hadoop.crypto.key.kms.server.KMSJMXServlet</servlet-class>
|
||||
</servlet>
|
||||
|
||||
<servlet-mapping>
|
||||
|
|
Loading…
Reference in New Issue