svn merge -c 1343290. Backport of HADOOP-8358 to branch-2. (harsh)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1343294 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Harsh J
parent
1f804b5d20
commit
d7585fa501
|
|
@ -26,6 +26,8 @@ Release 2.0.1-alpha - UNRELEASED
|
|||
|
||||
HADOOP-8323. Add javadoc and tests for Text.clear() behavior (harsh)
|
||||
|
||||
HADOOP-8358. Config-related WARN for dfs.web.ugi can be avoided. (harsh)
|
||||
|
||||
BUG FIXES
|
||||
|
||||
HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ package org.apache.hadoop.fs;
|
|||
|
||||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.classification.InterfaceStability;
|
||||
import org.apache.hadoop.http.lib.StaticUserWebFilter;
|
||||
|
||||
/**
|
||||
* This class contains constants for configuration keys used
|
||||
|
|
@ -161,5 +162,12 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic {
|
|||
"ha.failover-controller.cli-check.rpc-timeout.ms";
|
||||
public static final int HA_FC_CLI_CHECK_TIMEOUT_DEFAULT = 20000;
|
||||
|
||||
/** Static user web-filter properties.
|
||||
* See {@link StaticUserWebFilter}.
|
||||
*/
|
||||
public static final String HADOOP_HTTP_STATIC_USER =
|
||||
"hadoop.http.staticuser.user";
|
||||
public static final String DEFAULT_HADOOP_HTTP_STATIC_USER =
|
||||
"dr.who";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,15 +37,15 @@ import org.apache.hadoop.http.FilterInitializer;
|
|||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
|
||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
|
||||
|
||||
/**
|
||||
* Provides a servlet filter that pretends to authenticate a fake user (Dr.Who)
|
||||
* so that the web UI is usable for a secure cluster without authentication.
|
||||
*/
|
||||
public class StaticUserWebFilter extends FilterInitializer {
|
||||
static final String DEPRECATED_UGI_KEY = "dfs.web.ugi";
|
||||
|
||||
static final String USERNAME_KEY = "hadoop.http.staticuser.user";
|
||||
static final String USERNAME_DEFAULT = "dr.who";
|
||||
|
||||
private static final Log LOG = LogFactory.getLog(StaticUserWebFilter.class);
|
||||
|
||||
|
|
@ -112,7 +112,7 @@ public class StaticUserWebFilter extends FilterInitializer {
|
|||
|
||||
@Override
|
||||
public void init(FilterConfig conf) throws ServletException {
|
||||
this.username = conf.getInitParameter(USERNAME_KEY);
|
||||
this.username = conf.getInitParameter(HADOOP_HTTP_STATIC_USER);
|
||||
this.user = new User(username);
|
||||
}
|
||||
|
||||
|
|
@ -123,7 +123,7 @@ public class StaticUserWebFilter extends FilterInitializer {
|
|||
HashMap<String, String> options = new HashMap<String, String>();
|
||||
|
||||
String username = getUsernameFromConf(conf);
|
||||
options.put(USERNAME_KEY, username);
|
||||
options.put(HADOOP_HTTP_STATIC_USER, username);
|
||||
|
||||
container.addFilter("static_user_filter",
|
||||
StaticUserFilter.class.getName(),
|
||||
|
|
@ -139,11 +139,12 @@ public class StaticUserWebFilter extends FilterInitializer {
|
|||
// We can't use the normal configuration deprecation mechanism here
|
||||
// since we need to split out the username from the configured UGI.
|
||||
LOG.warn(DEPRECATED_UGI_KEY + " should not be used. Instead, use " +
|
||||
USERNAME_KEY + ".");
|
||||
HADOOP_HTTP_STATIC_USER + ".");
|
||||
String[] parts = oldStyleUgi.split(",");
|
||||
return parts[0];
|
||||
} else {
|
||||
return conf.get(USERNAME_KEY, USERNAME_DEFAULT);
|
||||
return conf.get(HADOOP_HTTP_STATIC_USER,
|
||||
DEFAULT_HADOOP_HTTP_STATIC_USER);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -944,4 +944,15 @@
|
|||
</description>
|
||||
</property>
|
||||
|
||||
|
||||
<!-- Static Web User Filter properties. -->
|
||||
<property>
|
||||
<description>
|
||||
The user name to filter as, on static web filters
|
||||
while rendering content. An example use is the HDFS
|
||||
web UI (user to be used for browsing files).
|
||||
</description>
|
||||
<name>hadoop.http.staticuser.user</name>
|
||||
<value>dr.who</value>
|
||||
</property>
|
||||
</configuration>
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletRequestWrapper;
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.CommonConfigurationKeys;
|
||||
import org.apache.hadoop.http.lib.StaticUserWebFilter.StaticUserFilter;
|
||||
import org.junit.Test;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
|
|
@ -36,7 +37,7 @@ public class TestStaticUserWebFilter {
|
|||
private FilterConfig mockConfig(String username) {
|
||||
FilterConfig mock = Mockito.mock(FilterConfig.class);
|
||||
Mockito.doReturn(username).when(mock).getInitParameter(
|
||||
StaticUserWebFilter.USERNAME_KEY);
|
||||
CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER);
|
||||
return mock;
|
||||
}
|
||||
|
||||
|
|
@ -73,7 +74,7 @@ public class TestStaticUserWebFilter {
|
|||
@Test
|
||||
public void testConfiguration() {
|
||||
Configuration conf = new Configuration();
|
||||
conf.set(StaticUserWebFilter.USERNAME_KEY, "joe");
|
||||
conf.set(CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER, "joe");
|
||||
assertEquals("joe", StaticUserWebFilter.getUsernameFromConf(conf));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -71,10 +71,12 @@ import org.apache.hadoop.security.authorize.ProxyUsers;
|
|||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.util.VersionInfo;
|
||||
|
||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
|
||||
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
|
||||
|
||||
@InterfaceAudience.Private
|
||||
public class JspHelper {
|
||||
public static final String CURRENT_CONF = "current.conf";
|
||||
final static public String WEB_UGI_PROPERTY_NAME = DFSConfigKeys.DFS_WEB_UGI_KEY;
|
||||
public static final String DELEGATION_PARAMETER_NAME = DelegationParam.NAME;
|
||||
public static final String NAMENODE_ADDRESS = "nnaddr";
|
||||
static final String SET_DELEGATION = "&" + DELEGATION_PARAMETER_NAME +
|
||||
|
|
@ -483,11 +485,12 @@ public class JspHelper {
|
|||
*/
|
||||
public static UserGroupInformation getDefaultWebUser(Configuration conf
|
||||
) throws IOException {
|
||||
String[] strings = conf.getStrings(JspHelper.WEB_UGI_PROPERTY_NAME);
|
||||
if (strings == null || strings.length == 0) {
|
||||
String user = conf.get(
|
||||
HADOOP_HTTP_STATIC_USER, DEFAULT_HADOOP_HTTP_STATIC_USER);
|
||||
if (user == null || user.length() == 0) {
|
||||
throw new IOException("Cannot determine UGI from request or conf");
|
||||
}
|
||||
return UserGroupInformation.createRemoteUser(strings[0]);
|
||||
return UserGroupInformation.createRemoteUser(user);
|
||||
}
|
||||
|
||||
private static InetSocketAddress getNNServiceAddress(ServletContext context,
|
||||
|
|
|
|||
|
|
@ -239,14 +239,6 @@
|
|||
left empty in a non-HA cluster.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>dfs.web.ugi</name>
|
||||
<value>webuser,webgroup</value>
|
||||
<description>The user account used by the web interface.
|
||||
Syntax: USERNAME,GROUP1,GROUP2, ...
|
||||
</description>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>dfs.permissions.enabled</name>
|
||||
|
|
|
|||
Loading…
Reference in New Issue