diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyServers.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyServers.java new file mode 100644 index 00000000000..410e25f5839 --- /dev/null +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyServers.java @@ -0,0 +1,53 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.security.authorize; + +import java.net.InetSocketAddress; +import java.util.Collection; +import java.util.HashSet; + +import org.apache.hadoop.conf.Configuration; + +public class ProxyServers { + public static final String CONF_HADOOP_PROXYSERVERS = "hadoop.proxyservers"; + private static volatile Collection proxyServers; + + public static void refresh() { + refresh(new Configuration()); + } + + public static void refresh(Configuration conf){ + Collection tempServers = new HashSet(); + // trusted proxy servers such as http proxies + for (String host : conf.getTrimmedStrings(CONF_HADOOP_PROXYSERVERS)) { + InetSocketAddress addr = new InetSocketAddress(host, 0); + if (!addr.isUnresolved()) { + tempServers.add(addr.getAddress().getHostAddress()); + } + } + proxyServers = tempServers; + } + + public static boolean isProxyServer(String remoteAddr) { + if (proxyServers == null) { + refresh(); + } + return proxyServers.contains(remoteAddr); + } +} diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyServers.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyServers.java new file mode 100644 index 00000000000..858fb7b1a8b --- /dev/null +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyServers.java @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.security.authorize; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import org.apache.hadoop.conf.Configuration; +import org.junit.Test; + +public class TestProxyServers { + + @Test + public void testProxyServer() { + Configuration conf = new Configuration(); + assertFalse(ProxyServers.isProxyServer("1.1.1.1")); + conf.set(ProxyServers.CONF_HADOOP_PROXYSERVERS, "2.2.2.2, 3.3.3.3"); + ProxyUsers.refreshSuperUserGroupsConfiguration(conf); + assertFalse(ProxyServers.isProxyServer("1.1.1.1")); + assertTrue(ProxyServers.isProxyServer("2.2.2.2")); + assertTrue(ProxyServers.isProxyServer("3.3.3.3")); + } +}