svn merge -c 1343290. Backport of HADOOP-8358 to branch-2. (harsh)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1343294 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
1f804b5d20
commit
d7585fa501
|
@ -26,6 +26,8 @@ Release 2.0.1-alpha - UNRELEASED
|
||||||
|
|
||||||
HADOOP-8323. Add javadoc and tests for Text.clear() behavior (harsh)
|
HADOOP-8323. Add javadoc and tests for Text.clear() behavior (harsh)
|
||||||
|
|
||||||
|
HADOOP-8358. Config-related WARN for dfs.web.ugi can be avoided. (harsh)
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
||||||
HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname
|
HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname
|
||||||
|
|
|
@ -20,6 +20,7 @@ package org.apache.hadoop.fs;
|
||||||
|
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.classification.InterfaceStability;
|
import org.apache.hadoop.classification.InterfaceStability;
|
||||||
|
import org.apache.hadoop.http.lib.StaticUserWebFilter;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class contains constants for configuration keys used
|
* This class contains constants for configuration keys used
|
||||||
|
@ -161,5 +162,12 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic {
|
||||||
"ha.failover-controller.cli-check.rpc-timeout.ms";
|
"ha.failover-controller.cli-check.rpc-timeout.ms";
|
||||||
public static final int HA_FC_CLI_CHECK_TIMEOUT_DEFAULT = 20000;
|
public static final int HA_FC_CLI_CHECK_TIMEOUT_DEFAULT = 20000;
|
||||||
|
|
||||||
|
/** Static user web-filter properties.
|
||||||
|
* See {@link StaticUserWebFilter}.
|
||||||
|
*/
|
||||||
|
public static final String HADOOP_HTTP_STATIC_USER =
|
||||||
|
"hadoop.http.staticuser.user";
|
||||||
|
public static final String DEFAULT_HADOOP_HTTP_STATIC_USER =
|
||||||
|
"dr.who";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -37,15 +37,15 @@ import org.apache.hadoop.http.FilterInitializer;
|
||||||
|
|
||||||
import javax.servlet.Filter;
|
import javax.servlet.Filter;
|
||||||
|
|
||||||
|
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
|
||||||
|
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Provides a servlet filter that pretends to authenticate a fake user (Dr.Who)
|
* Provides a servlet filter that pretends to authenticate a fake user (Dr.Who)
|
||||||
* so that the web UI is usable for a secure cluster without authentication.
|
* so that the web UI is usable for a secure cluster without authentication.
|
||||||
*/
|
*/
|
||||||
public class StaticUserWebFilter extends FilterInitializer {
|
public class StaticUserWebFilter extends FilterInitializer {
|
||||||
static final String DEPRECATED_UGI_KEY = "dfs.web.ugi";
|
static final String DEPRECATED_UGI_KEY = "dfs.web.ugi";
|
||||||
|
|
||||||
static final String USERNAME_KEY = "hadoop.http.staticuser.user";
|
|
||||||
static final String USERNAME_DEFAULT = "dr.who";
|
|
||||||
|
|
||||||
private static final Log LOG = LogFactory.getLog(StaticUserWebFilter.class);
|
private static final Log LOG = LogFactory.getLog(StaticUserWebFilter.class);
|
||||||
|
|
||||||
|
@ -112,7 +112,7 @@ public class StaticUserWebFilter extends FilterInitializer {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void init(FilterConfig conf) throws ServletException {
|
public void init(FilterConfig conf) throws ServletException {
|
||||||
this.username = conf.getInitParameter(USERNAME_KEY);
|
this.username = conf.getInitParameter(HADOOP_HTTP_STATIC_USER);
|
||||||
this.user = new User(username);
|
this.user = new User(username);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -123,7 +123,7 @@ public class StaticUserWebFilter extends FilterInitializer {
|
||||||
HashMap<String, String> options = new HashMap<String, String>();
|
HashMap<String, String> options = new HashMap<String, String>();
|
||||||
|
|
||||||
String username = getUsernameFromConf(conf);
|
String username = getUsernameFromConf(conf);
|
||||||
options.put(USERNAME_KEY, username);
|
options.put(HADOOP_HTTP_STATIC_USER, username);
|
||||||
|
|
||||||
container.addFilter("static_user_filter",
|
container.addFilter("static_user_filter",
|
||||||
StaticUserFilter.class.getName(),
|
StaticUserFilter.class.getName(),
|
||||||
|
@ -139,11 +139,12 @@ public class StaticUserWebFilter extends FilterInitializer {
|
||||||
// We can't use the normal configuration deprecation mechanism here
|
// We can't use the normal configuration deprecation mechanism here
|
||||||
// since we need to split out the username from the configured UGI.
|
// since we need to split out the username from the configured UGI.
|
||||||
LOG.warn(DEPRECATED_UGI_KEY + " should not be used. Instead, use " +
|
LOG.warn(DEPRECATED_UGI_KEY + " should not be used. Instead, use " +
|
||||||
USERNAME_KEY + ".");
|
HADOOP_HTTP_STATIC_USER + ".");
|
||||||
String[] parts = oldStyleUgi.split(",");
|
String[] parts = oldStyleUgi.split(",");
|
||||||
return parts[0];
|
return parts[0];
|
||||||
} else {
|
} else {
|
||||||
return conf.get(USERNAME_KEY, USERNAME_DEFAULT);
|
return conf.get(HADOOP_HTTP_STATIC_USER,
|
||||||
|
DEFAULT_HADOOP_HTTP_STATIC_USER);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -944,4 +944,15 @@
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
|
|
||||||
|
<!-- Static Web User Filter properties. -->
|
||||||
|
<property>
|
||||||
|
<description>
|
||||||
|
The user name to filter as, on static web filters
|
||||||
|
while rendering content. An example use is the HDFS
|
||||||
|
web UI (user to be used for browsing files).
|
||||||
|
</description>
|
||||||
|
<name>hadoop.http.staticuser.user</name>
|
||||||
|
<value>dr.who</value>
|
||||||
|
</property>
|
||||||
</configuration>
|
</configuration>
|
||||||
|
|
|
@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletRequestWrapper;
|
import javax.servlet.http.HttpServletRequestWrapper;
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeys;
|
||||||
import org.apache.hadoop.http.lib.StaticUserWebFilter.StaticUserFilter;
|
import org.apache.hadoop.http.lib.StaticUserWebFilter.StaticUserFilter;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.mockito.ArgumentCaptor;
|
import org.mockito.ArgumentCaptor;
|
||||||
|
@ -36,7 +37,7 @@ public class TestStaticUserWebFilter {
|
||||||
private FilterConfig mockConfig(String username) {
|
private FilterConfig mockConfig(String username) {
|
||||||
FilterConfig mock = Mockito.mock(FilterConfig.class);
|
FilterConfig mock = Mockito.mock(FilterConfig.class);
|
||||||
Mockito.doReturn(username).when(mock).getInitParameter(
|
Mockito.doReturn(username).when(mock).getInitParameter(
|
||||||
StaticUserWebFilter.USERNAME_KEY);
|
CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER);
|
||||||
return mock;
|
return mock;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -73,7 +74,7 @@ public class TestStaticUserWebFilter {
|
||||||
@Test
|
@Test
|
||||||
public void testConfiguration() {
|
public void testConfiguration() {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set(StaticUserWebFilter.USERNAME_KEY, "joe");
|
conf.set(CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER, "joe");
|
||||||
assertEquals("joe", StaticUserWebFilter.getUsernameFromConf(conf));
|
assertEquals("joe", StaticUserWebFilter.getUsernameFromConf(conf));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -71,10 +71,12 @@ import org.apache.hadoop.security.authorize.ProxyUsers;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
import org.apache.hadoop.util.VersionInfo;
|
import org.apache.hadoop.util.VersionInfo;
|
||||||
|
|
||||||
|
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
|
||||||
|
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
|
||||||
|
|
||||||
@InterfaceAudience.Private
|
@InterfaceAudience.Private
|
||||||
public class JspHelper {
|
public class JspHelper {
|
||||||
public static final String CURRENT_CONF = "current.conf";
|
public static final String CURRENT_CONF = "current.conf";
|
||||||
final static public String WEB_UGI_PROPERTY_NAME = DFSConfigKeys.DFS_WEB_UGI_KEY;
|
|
||||||
public static final String DELEGATION_PARAMETER_NAME = DelegationParam.NAME;
|
public static final String DELEGATION_PARAMETER_NAME = DelegationParam.NAME;
|
||||||
public static final String NAMENODE_ADDRESS = "nnaddr";
|
public static final String NAMENODE_ADDRESS = "nnaddr";
|
||||||
static final String SET_DELEGATION = "&" + DELEGATION_PARAMETER_NAME +
|
static final String SET_DELEGATION = "&" + DELEGATION_PARAMETER_NAME +
|
||||||
|
@ -483,11 +485,12 @@ public class JspHelper {
|
||||||
*/
|
*/
|
||||||
public static UserGroupInformation getDefaultWebUser(Configuration conf
|
public static UserGroupInformation getDefaultWebUser(Configuration conf
|
||||||
) throws IOException {
|
) throws IOException {
|
||||||
String[] strings = conf.getStrings(JspHelper.WEB_UGI_PROPERTY_NAME);
|
String user = conf.get(
|
||||||
if (strings == null || strings.length == 0) {
|
HADOOP_HTTP_STATIC_USER, DEFAULT_HADOOP_HTTP_STATIC_USER);
|
||||||
|
if (user == null || user.length() == 0) {
|
||||||
throw new IOException("Cannot determine UGI from request or conf");
|
throw new IOException("Cannot determine UGI from request or conf");
|
||||||
}
|
}
|
||||||
return UserGroupInformation.createRemoteUser(strings[0]);
|
return UserGroupInformation.createRemoteUser(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static InetSocketAddress getNNServiceAddress(ServletContext context,
|
private static InetSocketAddress getNNServiceAddress(ServletContext context,
|
||||||
|
|
|
@ -239,14 +239,6 @@
|
||||||
left empty in a non-HA cluster.
|
left empty in a non-HA cluster.
|
||||||
</description>
|
</description>
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
<property>
|
|
||||||
<name>dfs.web.ugi</name>
|
|
||||||
<value>webuser,webgroup</value>
|
|
||||||
<description>The user account used by the web interface.
|
|
||||||
Syntax: USERNAME,GROUP1,GROUP2, ...
|
|
||||||
</description>
|
|
||||||
</property>
|
|
||||||
|
|
||||||
<property>
|
<property>
|
||||||
<name>dfs.permissions.enabled</name>
|
<name>dfs.permissions.enabled</name>
|
||||||
|
|
Loading…
Reference in New Issue