HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)

Conflicts:
	hadoop-common-project/hadoop-common/CHANGES.txt

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1619546 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2014-08-21 18:59:51 +00:00
parent 05daefb1a8
commit bcff355417
6 changed files with 48 additions and 8 deletions

View File

@ -287,6 +287,8 @@ Release 2.6.0 - UNRELEASED
HADOOP-10937. Need to set version name correctly before decrypting EEK.
(Arun Suresh via wang)
HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
Release 2.5.0 - 2014-08-11
INCOMPATIBLE CHANGES

View File

@ -1037,7 +1037,7 @@ public final class HttpServer2 implements FilterContainer {
String remoteUser = request.getRemoteUser();
if (remoteUser == null) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
response.sendError(HttpServletResponse.SC_FORBIDDEN,
"Unauthenticated users are not " +
"authorized to access this page.");
return false;
@ -1045,7 +1045,7 @@ public final class HttpServer2 implements FilterContainer {
if (servletContext.getAttribute(ADMINS_ACL) != null &&
!userHasAdministratorAccess(servletContext, remoteUser)) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User "
response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
+ remoteUser + " is unauthorized to access this page.");
return false;
}

View File

@ -140,6 +140,12 @@ public class JMXJsonServlet extends HttpServlet {
mBeanServer = ManagementFactory.getPlatformMBeanServer();
}
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
HttpServletResponse response) throws IOException {
return HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
request, response);
}
/**
* Process a GET request for the specified resource.
*
@ -153,8 +159,7 @@ public class JMXJsonServlet extends HttpServlet {
String jsonpcb = null;
PrintWriter writer = null;
try {
if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
request, response)) {
if (!isInstrumentationAccessAllowed(request, response)) {
return;
}

View File

@ -421,7 +421,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
+ servlet, user));
}
assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, getHttpStatusCode(
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
serverURL + servlet, "userE"));
}
myServer.stop();
@ -481,7 +481,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
response = Mockito.mock(HttpServletResponse.class);
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true);
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
//authorization ON & user NOT NULL & ACLs NULL
response = Mockito.mock(HttpServletResponse.class);
@ -494,7 +494,7 @@ public class TestHttpServer extends HttpServerFunctionalTest {
Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(false);
Mockito.when(context.getAttribute(HttpServer2.ADMINS_ACL)).thenReturn(acls);
Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response));
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString());
Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString());
//authorization ON & user NOT NULL & ACLs NOT NULL & user in in ACLs
response = Mockito.mock(HttpServletResponse.class);

View File

@ -0,0 +1,33 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.crypto.key.kms.server;
import org.apache.hadoop.jmx.JMXJsonServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class KMSJMXServlet extends JMXJsonServlet {
@Override
protected boolean isInstrumentationAccessAllowed(HttpServletRequest request,
HttpServletResponse response) throws IOException {
return true;
}
}

View File

@ -42,7 +42,7 @@
<servlet>
<servlet-name>jmx-servlet</servlet-name>
<servlet-class>org.apache.hadoop.jmx.JMXJsonServlet</servlet-class>
<servlet-class>org.apache.hadoop.crypto.key.kms.server.KMSJMXServlet</servlet-class>
</servlet>
<servlet-mapping>