Revert "HADOOP-13707. Skip authorization for anonymous user to access Hadoop"
This reverts commit 439422fff9
.
This commit is contained in:
parent
4a45a9b57e
commit
bae607f734
|
@ -20,7 +20,6 @@ package org.apache.hadoop.conf;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.Writer;
|
import java.io.Writer;
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServlet;
|
import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
@ -59,12 +58,7 @@ public class ConfServlet extends HttpServlet {
|
||||||
public void doGet(HttpServletRequest request, HttpServletResponse response)
|
public void doGet(HttpServletRequest request, HttpServletResponse response)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
|
|
||||||
// If user is a static user and auth Type is null, that means
|
if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
|
||||||
// there is a non-security environment and no need authorization,
|
|
||||||
// otherwise, do the authorization.
|
|
||||||
final ServletContext servletContext = getServletContext();
|
|
||||||
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
|
|
||||||
!HttpServer2.isInstrumentationAccessAllowed(servletContext,
|
|
||||||
request, response)) {
|
request, response)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,6 @@ package org.apache.hadoop.http;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
@ -36,13 +35,9 @@ public class AdminAuthorizedServlet extends DefaultServlet {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doGet(HttpServletRequest request, HttpServletResponse response)
|
protected void doGet(HttpServletRequest request, HttpServletResponse response)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
// If user is a static user and auth Type is null, that means
|
// Do the authorization
|
||||||
// there is a non-security environment and no need authorization,
|
if (HttpServer2.hasAdministratorAccess(getServletContext(), request,
|
||||||
// otherwise, do the authorization.
|
|
||||||
final ServletContext servletContext = getServletContext();
|
|
||||||
if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) ||
|
|
||||||
HttpServer2.hasAdministratorAccess(servletContext, request,
|
|
||||||
response)) {
|
response)) {
|
||||||
// Authorization is done. Just call super.
|
// Authorization is done. Just call super.
|
||||||
super.doGet(request, response);
|
super.doGet(request, response);
|
||||||
|
|
|
@ -97,9 +97,6 @@ import com.sun.jersey.spi.container.servlet.ServletContainer;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
|
|
||||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a Jetty embedded server to answer http requests. The primary goal is
|
* Create a Jetty embedded server to answer http requests. The primary goal is
|
||||||
* to serve up status information for the server. There are three contexts:
|
* to serve up status information for the server. There are three contexts:
|
||||||
|
@ -1171,24 +1168,6 @@ public final class HttpServer2 implements FilterContainer {
|
||||||
return sb.toString();
|
return sb.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* check whether user is static and unauthenticated, if the
|
|
||||||
* answer is TRUE, that means http sever is in non-security
|
|
||||||
* environment.
|
|
||||||
* @param servletContext the servlet context.
|
|
||||||
* @param request the servlet request.
|
|
||||||
* @return TRUE/FALSE based on the logic described above.
|
|
||||||
*/
|
|
||||||
public static boolean isStaticUserAndNoneAuthType(
|
|
||||||
ServletContext servletContext, HttpServletRequest request) {
|
|
||||||
Configuration conf =
|
|
||||||
(Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE);
|
|
||||||
final String authType = request.getAuthType();
|
|
||||||
final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER,
|
|
||||||
DEFAULT_HADOOP_HTTP_STATIC_USER);
|
|
||||||
return authType == null && staticUser.equals(request.getRemoteUser());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks the user has privileges to access to instrumentation servlets.
|
* Checks the user has privileges to access to instrumentation servlets.
|
||||||
* <p/>
|
* <p/>
|
||||||
|
@ -1286,14 +1265,9 @@ public final class HttpServer2 implements FilterContainer {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void doGet(HttpServletRequest request, HttpServletResponse response)
|
public void doGet(HttpServletRequest request, HttpServletResponse response)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
// If user is a static user and auth Type is null, that means
|
if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
|
||||||
// there is a non-security environment and no need authorization,
|
request, response)) {
|
||||||
// otherwise, do the authorization.
|
|
||||||
final ServletContext servletContext = getServletContext();
|
|
||||||
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
|
|
||||||
!HttpServer2.isInstrumentationAccessAllowed(servletContext,
|
|
||||||
request, response)) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
response.setContentType("text/plain; charset=UTF-8");
|
response.setContentType("text/plain; charset=UTF-8");
|
||||||
|
|
|
@ -38,7 +38,6 @@ import javax.management.RuntimeMBeanException;
|
||||||
import javax.management.openmbean.CompositeData;
|
import javax.management.openmbean.CompositeData;
|
||||||
import javax.management.openmbean.CompositeType;
|
import javax.management.openmbean.CompositeType;
|
||||||
import javax.management.openmbean.TabularData;
|
import javax.management.openmbean.TabularData;
|
||||||
import javax.servlet.ServletContext;
|
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServlet;
|
import javax.servlet.http.HttpServlet;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
@ -168,12 +167,7 @@ public class JMXJsonServlet extends HttpServlet {
|
||||||
String jsonpcb = null;
|
String jsonpcb = null;
|
||||||
PrintWriter writer = null;
|
PrintWriter writer = null;
|
||||||
try {
|
try {
|
||||||
// If user is a static user and auth Type is null, that means
|
if (!isInstrumentationAccessAllowed(request, response)) {
|
||||||
// there is a non-security environment and no need authorization,
|
|
||||||
// otherwise, do the authorization.
|
|
||||||
final ServletContext servletContext = getServletContext();
|
|
||||||
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
|
|
||||||
!isInstrumentationAccessAllowed(request, response)) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -323,13 +323,9 @@ public class LogLevel {
|
||||||
public void doGet(HttpServletRequest request, HttpServletResponse response
|
public void doGet(HttpServletRequest request, HttpServletResponse response
|
||||||
) throws ServletException, IOException {
|
) throws ServletException, IOException {
|
||||||
|
|
||||||
// If user is a static user and auth Type is null, that means
|
// Do the authorization
|
||||||
// there is a non-security environment and no need authorization,
|
if (!HttpServer2.hasAdministratorAccess(getServletContext(), request,
|
||||||
// otherwise, do the authorization.
|
response)) {
|
||||||
final ServletContext servletContext = getServletContext();
|
|
||||||
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
|
|
||||||
!HttpServer2.hasAdministratorAccess(servletContext,
|
|
||||||
request, response)) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -68,9 +68,6 @@ import java.util.concurrent.CountDownLatch;
|
||||||
import java.util.concurrent.Executor;
|
import java.util.concurrent.Executor;
|
||||||
import java.util.concurrent.Executors;
|
import java.util.concurrent.Executors;
|
||||||
|
|
||||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
|
|
||||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
|
|
||||||
|
|
||||||
public class TestHttpServer extends HttpServerFunctionalTest {
|
public class TestHttpServer extends HttpServerFunctionalTest {
|
||||||
static final Logger LOG = LoggerFactory.getLogger(TestHttpServer.class);
|
static final Logger LOG = LoggerFactory.getLogger(TestHttpServer.class);
|
||||||
private static HttpServer2 server;
|
private static HttpServer2 server;
|
||||||
|
@ -458,7 +455,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
||||||
String serverURL = "http://"
|
String serverURL = "http://"
|
||||||
+ NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/";
|
+ NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/";
|
||||||
for (String servlet : new String[] { "conf", "logs", "stacks",
|
for (String servlet : new String[] { "conf", "logs", "stacks",
|
||||||
"logLevel", "metrics", "jmx" }) {
|
"logLevel", "metrics" }) {
|
||||||
for (String user : new String[] { "userA", "userB", "userC", "userD" }) {
|
for (String user : new String[] { "userA", "userB", "userC", "userD" }) {
|
||||||
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
|
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
|
||||||
+ servlet, user));
|
+ servlet, user));
|
||||||
|
@ -466,18 +463,6 @@ public class TestHttpServer extends HttpServerFunctionalTest {
|
||||||
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
|
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
|
||||||
serverURL + servlet, "userE"));
|
serverURL + servlet, "userE"));
|
||||||
}
|
}
|
||||||
|
|
||||||
// hadoop.security.authorization is set as true while
|
|
||||||
// hadoop.http.authentication.type's value is `simple`(default value)
|
|
||||||
// in this case, static user has administrator access
|
|
||||||
final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER,
|
|
||||||
DEFAULT_HADOOP_HTTP_STATIC_USER);
|
|
||||||
for (String servlet : new String[] {"conf", "logs", "stacks",
|
|
||||||
"logLevel", "jmx"}) {
|
|
||||||
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(
|
|
||||||
serverURL + servlet, staticUser));
|
|
||||||
}
|
|
||||||
|
|
||||||
myServer.stop();
|
myServer.stop();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue