diff --git a/hbase-common/src/main/resources/hbase-default.xml b/hbase-common/src/main/resources/hbase-default.xml
index 9773251061a..42ff0326469 100644
--- a/hbase-common/src/main/resources/hbase-default.xml
+++ b/hbase-common/src/main/resources/hbase-default.xml
@@ -1201,4 +1201,35 @@ possible configurations would overwhelm and obscure the important.
org.apache.hadoop.hbase.coordination.ZkCoordinatedStateManagerFully qualified name of class implementing coordinated state manager.
+
+ hbase.http.filter.initializers
+ org.apache.hadoop.hbase.http.lib.StaticUserWebFilter
+
+ A comma separated list of class names. Each class in the list must extend
+ org.apache.hadoop.hbase.http.FilterInitializer. The corresponding Filter will
+ be initialized. Then, the Filter will be applied to all user facing jsp
+ and servlet web pages.
+ The ordering of the list defines the ordering of the filters.
+ The default StaticUserWebFilter add a user principal as defined by the
+ hbase.http.staticuser.user property.
+
+
+
+ hbase.http.max.threads
+ 10
+
+ The maximum number of threads that the HTTP Server will create in its
+ ThreadPool.
+
+
+
+
+
+ The user name to filter as, on static web filters
+ while rendering content. An example use is the HDFS
+ web UI (user to be used for browsing files).
+
+ hbase.http.staticuser.user
+ dr.stack
+
diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml
index 0b31db1f64d..69cce0cf885 100644
--- a/hbase-server/pom.xml
+++ b/hbase-server/pom.xml
@@ -29,6 +29,9 @@
hbase-serverHBase - ServerMain functionality for HBase
+
+ target/test-classes/webapps
+
@@ -210,6 +213,9 @@
org.apache.hadoop.hbase.ServerResourceCheckerJUnitListener
+
+ target/test-classes/webapps
+
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/AdminAuthorizedServlet.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/AdminAuthorizedServlet.java
new file mode 100644
index 00000000000..0a7a02839c4
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/AdminAuthorizedServlet.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.mortbay.jetty.servlet.DefaultServlet;
+
+/**
+ * General servlet which is admin-authorized.
+ */
+@InterfaceAudience.Private
+@InterfaceStability.Evolving
+public class AdminAuthorizedServlet extends DefaultServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ // Do the authorization
+ if (HttpServer.hasAdministratorAccess(getServletContext(), request,
+ response)) {
+ // Authorization is done. Just call super.
+ super.doGet(request, response);
+ }
+ }
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/FilterContainer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/FilterContainer.java
new file mode 100644
index 00000000000..7a79acce9f3
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/FilterContainer.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import java.util.Map;
+
+/**
+ * A container interface to add javax.servlet.Filter.
+ */
+public interface FilterContainer {
+ /**
+ * Add a filter to the container.
+ * @param name Filter name
+ * @param classname Filter class name
+ * @param parameters a map from parameter names to initial values
+ */
+ void addFilter(String name, String classname, Map parameters);
+ /**
+ * Add a global filter to the container - This global filter will be
+ * applied to all available web contexts.
+ * @param name filter name
+ * @param classname filter class name
+ * @param parameters a map from parameter names to initial values
+ */
+ void addGlobalFilter(String name, String classname, Map parameters);
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/FilterInitializer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/FilterInitializer.java
new file mode 100644
index 00000000000..6b4223d81fa
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/FilterInitializer.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import org.apache.hadoop.conf.Configuration;
+
+/**
+ * Initialize a javax.servlet.Filter.
+ */
+public abstract class FilterInitializer {
+ /**
+ * Initialize a Filter to a FilterContainer.
+ * @param container The filter container
+ * @param conf Configuration for run-time parameters
+ */
+ public abstract void initFilter(FilterContainer container, Configuration conf);
+}
\ No newline at end of file
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HtmlQuoting.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HtmlQuoting.java
new file mode 100644
index 00000000000..60a74b73df8
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HtmlQuoting.java
@@ -0,0 +1,215 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * This class is responsible for quoting HTML characters.
+ */
+public class HtmlQuoting {
+ private static final byte[] ampBytes = "&".getBytes();
+ private static final byte[] aposBytes = "'".getBytes();
+ private static final byte[] gtBytes = ">".getBytes();
+ private static final byte[] ltBytes = "<".getBytes();
+ private static final byte[] quotBytes = """.getBytes();
+
+ /**
+ * Does the given string need to be quoted?
+ * @param data the string to check
+ * @param off the starting position
+ * @param len the number of bytes to check
+ * @return does the string contain any of the active html characters?
+ */
+ public static boolean needsQuoting(byte[] data, int off, int len) {
+ if (off+len > data.length) {
+ throw new IllegalStateException("off+len=" + off+len + " should be lower"
+ + " than data length=" + data.length);
+ }
+ for(int i=off; i< off+len; ++i) {
+ switch(data[i]) {
+ case '&':
+ case '<':
+ case '>':
+ case '\'':
+ case '"':
+ return true;
+ default:
+ break;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Does the given string need to be quoted?
+ * @param str the string to check
+ * @return does the string contain any of the active html characters?
+ */
+ public static boolean needsQuoting(String str) {
+ if (str == null) {
+ return false;
+ }
+ byte[] bytes = str.getBytes();
+ return needsQuoting(bytes, 0 , bytes.length);
+ }
+
+ /**
+ * Quote all of the active HTML characters in the given string as they
+ * are added to the buffer.
+ * @param output the stream to write the output to
+ * @param buffer the byte array to take the characters from
+ * @param off the index of the first byte to quote
+ * @param len the number of bytes to quote
+ */
+ public static void quoteHtmlChars(OutputStream output, byte[] buffer,
+ int off, int len) throws IOException {
+ for(int i=off; i < off+len; i++) {
+ switch (buffer[i]) {
+ case '&': output.write(ampBytes); break;
+ case '<': output.write(ltBytes); break;
+ case '>': output.write(gtBytes); break;
+ case '\'': output.write(aposBytes); break;
+ case '"': output.write(quotBytes); break;
+ default: output.write(buffer, i, 1);
+ }
+ }
+ }
+
+ /**
+ * Quote the given item to make it html-safe.
+ * @param item the string to quote
+ * @return the quoted string
+ */
+ public static String quoteHtmlChars(String item) {
+ if (item == null) {
+ return null;
+ }
+ byte[] bytes = item.getBytes();
+ if (needsQuoting(bytes, 0, bytes.length)) {
+ ByteArrayOutputStream buffer = new ByteArrayOutputStream();
+ try {
+ quoteHtmlChars(buffer, bytes, 0, bytes.length);
+ } catch (IOException ioe) {
+ // Won't happen, since it is a bytearrayoutputstream
+ }
+ return buffer.toString();
+ } else {
+ return item;
+ }
+ }
+
+ /**
+ * Return an output stream that quotes all of the output.
+ * @param out the stream to write the quoted output to
+ * @return a new stream that the application show write to
+ * @throws IOException if the underlying output fails
+ */
+ public static OutputStream quoteOutputStream(final OutputStream out
+ ) throws IOException {
+ return new OutputStream() {
+ private byte[] data = new byte[1];
+ @Override
+ public void write(byte[] data, int off, int len) throws IOException {
+ quoteHtmlChars(out, data, off, len);
+ }
+
+ @Override
+ public void write(int b) throws IOException {
+ data[0] = (byte) b;
+ quoteHtmlChars(out, data, 0, 1);
+ }
+
+ @Override
+ public void flush() throws IOException {
+ out.flush();
+ }
+
+ @Override
+ public void close() throws IOException {
+ out.close();
+ }
+ };
+ }
+
+ /**
+ * Remove HTML quoting from a string.
+ * @param item the string to unquote
+ * @return the unquoted string
+ */
+ public static String unquoteHtmlChars(String item) {
+ if (item == null) {
+ return null;
+ }
+ int next = item.indexOf('&');
+ // nothing was quoted
+ if (next == -1) {
+ return item;
+ }
+ int len = item.length();
+ int posn = 0;
+ StringBuilder buffer = new StringBuilder();
+ while (next != -1) {
+ buffer.append(item.substring(posn, next));
+ if (item.startsWith("&", next)) {
+ buffer.append('&');
+ next += 5;
+ } else if (item.startsWith("'", next)) {
+ buffer.append('\'');
+ next += 6;
+ } else if (item.startsWith(">", next)) {
+ buffer.append('>');
+ next += 4;
+ } else if (item.startsWith("<", next)) {
+ buffer.append('<');
+ next += 4;
+ } else if (item.startsWith(""", next)) {
+ buffer.append('"');
+ next += 6;
+ } else {
+ int end = item.indexOf(';', next)+1;
+ if (end == 0) {
+ end = len;
+ }
+ throw new IllegalArgumentException("Bad HTML quoting for " +
+ item.substring(next,end));
+ }
+ posn = next;
+ next = item.indexOf('&', posn);
+ }
+ buffer.append(item.substring(posn, len));
+ return buffer.toString();
+ }
+
+ public static void main(String[] args) throws Exception {
+ if (args.length == 0) {
+ throw new IllegalArgumentException("Please provide some arguments");
+ }
+ for(String arg:args) {
+ System.out.println("Original: " + arg);
+ String quoted = quoteHtmlChars(arg);
+ System.out.println("Quoted: "+ quoted);
+ String unquoted = unquoteHtmlChars(quoted);
+ System.out.println("Unquoted: " + unquoted);
+ System.out.println();
+ }
+ }
+
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpConfig.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpConfig.java
new file mode 100644
index 00000000000..c040aa73c22
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpConfig.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.conf.Configuration;
+
+/**
+ * Statics to get access to Http related configuration.
+ */
+@InterfaceAudience.Private
+@InterfaceStability.Unstable
+public class HttpConfig {
+ private static Policy policy;
+ public enum Policy {
+ HTTP_ONLY,
+ HTTPS_ONLY,
+ HTTP_AND_HTTPS;
+
+ public static Policy fromString(String value) {
+ if (HTTPS_ONLY.name().equalsIgnoreCase(value)) {
+ return HTTPS_ONLY;
+ } else if (HTTP_AND_HTTPS.name().equalsIgnoreCase(value)) {
+ return HTTP_AND_HTTPS;
+ }
+ return HTTP_ONLY;
+ }
+
+ public boolean isHttpEnabled() {
+ return this == HTTP_ONLY || this == HTTP_AND_HTTPS;
+ }
+
+ public boolean isHttpsEnabled() {
+ return this == HTTPS_ONLY || this == HTTP_AND_HTTPS;
+ }
+ }
+
+ static {
+ Configuration conf = new Configuration();
+ boolean sslEnabled = conf.getBoolean(
+ ServerConfigurationKeys.HBASE_SSL_ENABLED_KEY,
+ ServerConfigurationKeys.HBASE_SSL_ENABLED_DEFAULT);
+ policy = sslEnabled ? Policy.HTTPS_ONLY : Policy.HTTP_ONLY;
+ }
+
+ public static void setPolicy(Policy policy) {
+ HttpConfig.policy = policy;
+ }
+
+ public static boolean isSecure() {
+ return policy == Policy.HTTPS_ONLY;
+ }
+
+ public static String getSchemePrefix() {
+ return (isSecure()) ? "https://" : "http://";
+ }
+
+ public static String getScheme(Policy policy) {
+ return policy == Policy.HTTPS_ONLY ? "https://" : "http://";
+ }
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpRequestLog.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpRequestLog.java
new file mode 100644
index 00000000000..def36a0898d
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpRequestLog.java
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import java.util.HashMap;
+
+import org.apache.commons.logging.impl.Log4JLogger;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogConfigurationException;
+import org.apache.commons.logging.LogFactory;
+import org.apache.log4j.Appender;
+import org.apache.log4j.Logger;
+import org.mortbay.jetty.NCSARequestLog;
+import org.mortbay.jetty.RequestLog;
+
+/**
+ * RequestLog object for use with Http
+ */
+public class HttpRequestLog {
+
+ public static final Log LOG = LogFactory.getLog(HttpRequestLog.class);
+ private static final HashMap serverToComponent;
+
+ static {
+ serverToComponent = new HashMap();
+ serverToComponent.put("master", "master");
+ serverToComponent.put("region", "regionserver");
+ }
+
+ public static RequestLog getRequestLog(String name) {
+
+ String lookup = serverToComponent.get(name);
+ if (lookup != null) {
+ name = lookup;
+ }
+ String loggerName = "http.requests." + name;
+ String appenderName = name + "requestlog";
+ Log logger = LogFactory.getLog(loggerName);
+
+ if (logger instanceof Log4JLogger) {
+ Log4JLogger httpLog4JLog = (Log4JLogger)logger;
+ Logger httpLogger = httpLog4JLog.getLogger();
+ Appender appender = null;
+
+ try {
+ appender = httpLogger.getAppender(appenderName);
+ } catch (LogConfigurationException e) {
+ LOG.warn("Http request log for " + loggerName
+ + " could not be created");
+ throw e;
+ }
+
+ if (appender == null) {
+ LOG.info("Http request log for " + loggerName
+ + " is not defined");
+ return null;
+ }
+
+ if (appender instanceof HttpRequestLogAppender) {
+ HttpRequestLogAppender requestLogAppender
+ = (HttpRequestLogAppender)appender;
+ NCSARequestLog requestLog = new NCSARequestLog();
+ requestLog.setFilename(requestLogAppender.getFilename());
+ requestLog.setRetainDays(requestLogAppender.getRetainDays());
+ return requestLog;
+ } else {
+ LOG.warn("Jetty request log for " + loggerName
+ + " was of the wrong class");
+ return null;
+ }
+ }
+ else {
+ LOG.warn("Jetty request log can only be enabled using Log4j");
+ return null;
+ }
+ }
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpRequestLogAppender.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpRequestLogAppender.java
new file mode 100644
index 00000000000..8039b342251
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpRequestLogAppender.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import org.apache.log4j.spi.LoggingEvent;
+import org.apache.log4j.AppenderSkeleton;
+
+/**
+ * Log4j Appender adapter for HttpRequestLog
+ */
+public class HttpRequestLogAppender extends AppenderSkeleton {
+
+ private String filename;
+ private int retainDays;
+
+ public HttpRequestLogAppender() {
+ }
+
+ public void setRetainDays(int retainDays) {
+ this.retainDays = retainDays;
+ }
+
+ public int getRetainDays() {
+ return retainDays;
+ }
+
+ public void setFilename(String filename) {
+ this.filename = filename;
+ }
+
+ public String getFilename() {
+ return filename;
+ }
+
+ @Override
+ public void append(LoggingEvent event) {
+ }
+
+ @Override
+ public void close() {
+ // Do nothing, we don't have close() on AppenderSkeleton.
+ }
+
+ @Override
+ public boolean requiresLayout() {
+ return false;
+ }
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
new file mode 100644
index 00000000000..857d0adb53d
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
@@ -0,0 +1,1362 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InterruptedIOException;
+import java.io.PrintWriter;
+import java.net.BindException;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.HadoopIllegalArgumentException;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
+import org.apache.hadoop.hbase.http.conf.ConfServlet;
+import org.apache.hadoop.hbase.http.jmx.JMXJsonServlet;
+import org.apache.hadoop.hbase.http.log.LogLevel;
+import org.apache.hadoop.metrics.MetricsServlet;
+import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
+import org.apache.hadoop.security.authorize.AccessControlList;
+import org.apache.hadoop.util.ReflectionUtils;
+import org.apache.hadoop.util.Shell;
+import org.mortbay.io.Buffer;
+import org.mortbay.jetty.Connector;
+import org.mortbay.jetty.Handler;
+import org.mortbay.jetty.MimeTypes;
+import org.mortbay.jetty.RequestLog;
+import org.mortbay.jetty.Server;
+import org.mortbay.jetty.handler.ContextHandler;
+import org.mortbay.jetty.handler.ContextHandlerCollection;
+import org.mortbay.jetty.handler.HandlerCollection;
+import org.mortbay.jetty.handler.RequestLogHandler;
+import org.mortbay.jetty.nio.SelectChannelConnector;
+import org.mortbay.jetty.security.SslSocketConnector;
+import org.mortbay.jetty.servlet.Context;
+import org.mortbay.jetty.servlet.DefaultServlet;
+import org.mortbay.jetty.servlet.FilterHolder;
+import org.mortbay.jetty.servlet.FilterMapping;
+import org.mortbay.jetty.servlet.ServletHandler;
+import org.mortbay.jetty.servlet.ServletHolder;
+import org.mortbay.jetty.webapp.WebAppContext;
+import org.mortbay.thread.QueuedThreadPool;
+import org.mortbay.util.MultiException;
+
+import com.google.common.base.Preconditions;
+import com.google.common.collect.Lists;
+import com.sun.jersey.spi.container.servlet.ServletContainer;
+
+/**
+ * Create a Jetty embedded server to answer http requests. The primary goal
+ * is to serve up status information for the server.
+ * There are three contexts:
+ * "/logs/" -> points to the log directory
+ * "/static/" -> points to common static files (src/webapps/static)
+ * "/" -> the jsp server code from (src/webapps/)
+ */
+@InterfaceAudience.Private
+@InterfaceStability.Evolving
+public class HttpServer implements FilterContainer {
+ public static final Log LOG = LogFactory.getLog(HttpServer.class);
+
+ static final String FILTER_INITIALIZERS_PROPERTY
+ = "hbase.http.filter.initializers";
+ static final String HTTP_MAX_THREADS = "hbase.http.max.threads";
+
+ // The ServletContext attribute where the daemon Configuration
+ // gets stored.
+ public static final String CONF_CONTEXT_ATTRIBUTE = "hbase.conf";
+ public static final String ADMINS_ACL = "admins.acl";
+ public static final String BIND_ADDRESS = "bind.address";
+ public static final String SPNEGO_FILTER = "SpnegoFilter";
+ public static final String NO_CACHE_FILTER = "NoCacheFilter";
+ public static final String APP_DIR = "webapps";
+
+ private final AccessControlList adminsAcl;
+
+ protected final Server webServer;
+ protected String appDir;
+ protected String logDir;
+
+ private static class ListenerInfo {
+ /**
+ * Boolean flag to determine whether the HTTP server should clean up the
+ * listener in stop().
+ */
+ private final boolean isManaged;
+ private final Connector listener;
+ private ListenerInfo(boolean isManaged, Connector listener) {
+ this.isManaged = isManaged;
+ this.listener = listener;
+ }
+ }
+
+ private final List listeners = Lists.newArrayList();
+
+ protected final WebAppContext webAppContext;
+ protected final boolean findPort;
+ protected final Map defaultContexts =
+ new HashMap();
+ protected final List filterNames = new ArrayList();
+ static final String STATE_DESCRIPTION_ALIVE = " - alive";
+ static final String STATE_DESCRIPTION_NOT_LIVE = " - not live";
+
+ /**
+ * Class to construct instances of HTTP server with specific options.
+ */
+ public static class Builder {
+ private ArrayList endpoints = Lists.newArrayList();
+ private Connector connector;
+ private Configuration conf;
+ private String[] pathSpecs;
+ private AccessControlList adminsAcl;
+ private boolean securityEnabled = false;
+ private String usernameConfKey;
+ private String keytabConfKey;
+ private boolean needsClientAuth;
+
+ private String hostName;
+ private String appDir = APP_DIR;
+ private String logDir;
+ private boolean findPort;
+
+ private String trustStore;
+ private String trustStorePassword;
+ private String trustStoreType;
+
+ private String keyStore;
+ private String keyStorePassword;
+ private String keyStoreType;
+
+ // The -keypass option in keytool
+ private String keyPassword;
+
+ @Deprecated
+ private String name;
+ @Deprecated
+ private String bindAddress;
+ @Deprecated
+ private int port = -1;
+
+ /**
+ * Add an endpoint that the HTTP server should listen to.
+ *
+ * @param endpoint
+ * the endpoint of that the HTTP server should listen to. The
+ * scheme specifies the protocol (i.e. HTTP / HTTPS), the host
+ * specifies the binding address, and the port specifies the
+ * listening port. Unspecified or zero port means that the server
+ * can listen to any port.
+ */
+ public Builder addEndpoint(URI endpoint) {
+ endpoints.add(endpoint);
+ return this;
+ }
+
+ /**
+ * Set the hostname of the http server. The host name is used to resolve the
+ * _HOST field in Kerberos principals. The hostname of the first listener
+ * will be used if the name is unspecified.
+ */
+ public Builder hostName(String hostName) {
+ this.hostName = hostName;
+ return this;
+ }
+
+ public Builder trustStore(String location, String password, String type) {
+ this.trustStore = location;
+ this.trustStorePassword = password;
+ this.trustStoreType = type;
+ return this;
+ }
+
+ public Builder keyStore(String location, String password, String type) {
+ this.keyStore = location;
+ this.keyStorePassword = password;
+ this.keyStoreType = type;
+ return this;
+ }
+
+ public Builder keyPassword(String password) {
+ this.keyPassword = password;
+ return this;
+ }
+
+ /**
+ * Specify whether the server should authorize the client in SSL
+ * connections.
+ */
+ public Builder needsClientAuth(boolean value) {
+ this.needsClientAuth = value;
+ return this;
+ }
+
+ /**
+ * Use setAppDir() instead.
+ */
+ @Deprecated
+ public Builder setName(String name){
+ this.name = name;
+ return this;
+ }
+
+ /**
+ * Use addEndpoint() instead.
+ */
+ @Deprecated
+ public Builder setBindAddress(String bindAddress){
+ this.bindAddress = bindAddress;
+ return this;
+ }
+
+ /**
+ * Use addEndpoint() instead.
+ */
+ @Deprecated
+ public Builder setPort(int port) {
+ this.port = port;
+ return this;
+ }
+
+ public Builder setFindPort(boolean findPort) {
+ this.findPort = findPort;
+ return this;
+ }
+
+ public Builder setConf(Configuration conf) {
+ this.conf = conf;
+ return this;
+ }
+
+ public Builder setConnector(Connector connector) {
+ this.connector = connector;
+ return this;
+ }
+
+ public Builder setPathSpec(String[] pathSpec) {
+ this.pathSpecs = pathSpec;
+ return this;
+ }
+
+ public Builder setACL(AccessControlList acl) {
+ this.adminsAcl = acl;
+ return this;
+ }
+
+ public Builder setSecurityEnabled(boolean securityEnabled) {
+ this.securityEnabled = securityEnabled;
+ return this;
+ }
+
+ public Builder setUsernameConfKey(String usernameConfKey) {
+ this.usernameConfKey = usernameConfKey;
+ return this;
+ }
+
+ public Builder setKeytabConfKey(String keytabConfKey) {
+ this.keytabConfKey = keytabConfKey;
+ return this;
+ }
+
+ public Builder setAppDir(String appDir) {
+ this.appDir = appDir;
+ return this;
+ }
+
+ public Builder setLogDir(String logDir) {
+ this.logDir = logDir;
+ return this;
+ }
+
+ public HttpServer build() throws IOException {
+
+ // Do we still need to assert this non null name if it is deprecated?
+ if (this.name == null) {
+ throw new HadoopIllegalArgumentException("name is not set");
+ }
+
+ // Make the behavior compatible with deprecated interfaces
+ if (bindAddress != null && port != -1) {
+ try {
+ endpoints.add(0, new URI("http", "", bindAddress, port, "", "", ""));
+ } catch (URISyntaxException e) {
+ throw new HadoopIllegalArgumentException("Invalid endpoint: "+ e);
+ }
+ }
+
+ if (endpoints.size() == 0 && connector == null) {
+ throw new HadoopIllegalArgumentException("No endpoints specified");
+ }
+
+ if (hostName == null) {
+ hostName = endpoints.size() == 0 ? connector.getHost() : endpoints.get(
+ 0).getHost();
+ }
+
+ if (this.conf == null) {
+ conf = new Configuration();
+ }
+
+ HttpServer server = new HttpServer(this);
+
+ if (this.securityEnabled) {
+ server.initSpnego(conf, hostName, usernameConfKey, keytabConfKey);
+ }
+
+ if (connector != null) {
+ server.addUnmanagedListener(connector);
+ }
+
+ for (URI ep : endpoints) {
+ Connector listener = null;
+ String scheme = ep.getScheme();
+ if ("http".equals(scheme)) {
+ listener = HttpServer.createDefaultChannelConnector();
+ } else if ("https".equals(scheme)) {
+ SslSocketConnector c = new SslSocketConnector();
+ c.setNeedClientAuth(needsClientAuth);
+ c.setKeyPassword(keyPassword);
+
+ if (keyStore != null) {
+ c.setKeystore(keyStore);
+ c.setKeystoreType(keyStoreType);
+ c.setPassword(keyStorePassword);
+ }
+
+ if (trustStore != null) {
+ c.setTruststore(trustStore);
+ c.setTruststoreType(trustStoreType);
+ c.setTrustPassword(trustStorePassword);
+ }
+ listener = c;
+
+ } else {
+ throw new HadoopIllegalArgumentException(
+ "unknown scheme for endpoint:" + ep);
+ }
+ listener.setHost(ep.getHost());
+ listener.setPort(ep.getPort() == -1 ? 0 : ep.getPort());
+ server.addManagedListener(listener);
+ }
+
+ server.loadListeners();
+ return server;
+
+ }
+
+ }
+
+ /** Same as this(name, bindAddress, port, findPort, null); */
+ @Deprecated
+ public HttpServer(String name, String bindAddress, int port, boolean findPort
+ ) throws IOException {
+ this(name, bindAddress, port, findPort, new Configuration());
+ }
+
+ @Deprecated
+ public HttpServer(String name, String bindAddress, int port,
+ boolean findPort, Configuration conf, Connector connector) throws IOException {
+ this(name, bindAddress, port, findPort, conf, null, connector, null);
+ }
+
+ /**
+ * Create a status server on the given port. Allows you to specify the
+ * path specifications that this server will be serving so that they will be
+ * added to the filters properly.
+ *
+ * @param name The name of the server
+ * @param bindAddress The address for this server
+ * @param port The port to use on the server
+ * @param findPort whether the server should start at the given port and
+ * increment by 1 until it finds a free port.
+ * @param conf Configuration
+ * @param pathSpecs Path specifications that this httpserver will be serving.
+ * These will be added to any filters.
+ */
+ @Deprecated
+ public HttpServer(String name, String bindAddress, int port,
+ boolean findPort, Configuration conf, String[] pathSpecs) throws IOException {
+ this(name, bindAddress, port, findPort, conf, null, null, pathSpecs);
+ }
+
+ /**
+ * Create a status server on the given port.
+ * The jsp scripts are taken from src/webapps/.
+ * @param name The name of the server
+ * @param port The port to use on the server
+ * @param findPort whether the server should start at the given port and
+ * increment by 1 until it finds a free port.
+ * @param conf Configuration
+ */
+ @Deprecated
+ public HttpServer(String name, String bindAddress, int port,
+ boolean findPort, Configuration conf) throws IOException {
+ this(name, bindAddress, port, findPort, conf, null, null, null);
+ }
+
+ @Deprecated
+ public HttpServer(String name, String bindAddress, int port,
+ boolean findPort, Configuration conf, AccessControlList adminsAcl)
+ throws IOException {
+ this(name, bindAddress, port, findPort, conf, adminsAcl, null, null);
+ }
+
+ /**
+ * Create a status server on the given port.
+ * The jsp scripts are taken from src/webapps/.
+ * @param name The name of the server
+ * @param bindAddress The address for this server
+ * @param port The port to use on the server
+ * @param findPort whether the server should start at the given port and
+ * increment by 1 until it finds a free port.
+ * @param conf Configuration
+ * @param adminsAcl {@link AccessControlList} of the admins
+ * @param connector The jetty {@link Connector} to use
+ */
+ @Deprecated
+ public HttpServer(String name, String bindAddress, int port,
+ boolean findPort, Configuration conf, AccessControlList adminsAcl,
+ Connector connector) throws IOException {
+ this(name, bindAddress, port, findPort, conf, adminsAcl, connector, null);
+ }
+
+ /**
+ * Create a status server on the given port.
+ * The jsp scripts are taken from src/webapps/.
+ * @param name The name of the server
+ * @param bindAddress The address for this server
+ * @param port The port to use on the server
+ * @param findPort whether the server should start at the given port and
+ * increment by 1 until it finds a free port.
+ * @param conf Configuration
+ * @param adminsAcl {@link AccessControlList} of the admins
+ * @param connector A jetty connection listener
+ * @param pathSpecs Path specifications that this httpserver will be serving.
+ * These will be added to any filters.
+ */
+ @Deprecated
+ public HttpServer(String name, String bindAddress, int port,
+ boolean findPort, Configuration conf, AccessControlList adminsAcl,
+ Connector connector, String[] pathSpecs) throws IOException {
+ this(new Builder().setName(name)
+ .addEndpoint(URI.create("http://" + bindAddress + ":" + port))
+ .setFindPort(findPort).setConf(conf).setACL(adminsAcl)
+ .setConnector(connector).setPathSpec(pathSpecs));
+ }
+
+ private HttpServer(final Builder b) throws IOException {
+ this.appDir = b.appDir;
+ this.logDir = b.logDir;
+ final String appDir = getWebAppsPath(b.name);
+ this.webServer = new Server();
+ this.adminsAcl = b.adminsAcl;
+ this.webAppContext = createWebAppContext(b.name, b.conf, adminsAcl, appDir);
+ this.findPort = b.findPort;
+ initializeWebServer(b.name, b.hostName, b.conf, b.pathSpecs);
+ }
+
+ private void initializeWebServer(String name, String hostName,
+ Configuration conf, String[] pathSpecs)
+ throws FileNotFoundException, IOException {
+
+ Preconditions.checkNotNull(webAppContext);
+
+ int maxThreads = conf.getInt(HTTP_MAX_THREADS, -1);
+ // If HTTP_MAX_THREADS is not configured, QueueThreadPool() will use the
+ // default value (currently 250).
+ QueuedThreadPool threadPool = maxThreads == -1 ? new QueuedThreadPool()
+ : new QueuedThreadPool(maxThreads);
+ threadPool.setDaemon(true);
+ webServer.setThreadPool(threadPool);
+
+ ContextHandlerCollection contexts = new ContextHandlerCollection();
+ RequestLog requestLog = HttpRequestLog.getRequestLog(name);
+
+ if (requestLog != null) {
+ RequestLogHandler requestLogHandler = new RequestLogHandler();
+ requestLogHandler.setRequestLog(requestLog);
+ HandlerCollection handlers = new HandlerCollection();
+ handlers.setHandlers(new Handler[] { requestLogHandler, contexts });
+ webServer.setHandler(handlers);
+ } else {
+ webServer.setHandler(contexts);
+ }
+
+ final String appDir = getWebAppsPath(name);
+
+ webServer.addHandler(webAppContext);
+
+ addDefaultApps(contexts, appDir, conf);
+
+ addGlobalFilter("safety", QuotingInputFilter.class.getName(), null);
+ final FilterInitializer[] initializers = getFilterInitializers(conf);
+ if (initializers != null) {
+ conf = new Configuration(conf);
+ conf.set(BIND_ADDRESS, hostName);
+ for (FilterInitializer c : initializers) {
+ c.initFilter(this, conf);
+ }
+ }
+
+ addDefaultServlets();
+
+ if (pathSpecs != null) {
+ for (String path : pathSpecs) {
+ LOG.info("adding path spec: " + path);
+ addFilterPathMapping(path, webAppContext);
+ }
+ }
+ }
+
+ private void addUnmanagedListener(Connector connector) {
+ listeners.add(new ListenerInfo(false, connector));
+ }
+
+ private void addManagedListener(Connector connector) {
+ listeners.add(new ListenerInfo(true, connector));
+ }
+
+ private static WebAppContext createWebAppContext(String name,
+ Configuration conf, AccessControlList adminsAcl, final String appDir) {
+ WebAppContext ctx = new WebAppContext();
+ ctx.setDisplayName(name);
+ ctx.setContextPath("/");
+ ctx.setWar(appDir + "/" + name);
+ ctx.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, conf);
+ ctx.getServletContext().setAttribute(ADMINS_ACL, adminsAcl);
+ addNoCacheFilter(ctx);
+ return ctx;
+ }
+
+ private static void addNoCacheFilter(WebAppContext ctxt) {
+ defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(),
+ Collections. emptyMap(), new String[] { "/*" });
+ }
+
+ /**
+ * Create a required listener for the Jetty instance listening on the port
+ * provided. This wrapper and all subclasses must create at least one
+ * listener.
+ */
+ public Connector createBaseListener(Configuration conf) throws IOException {
+ return HttpServer.createDefaultChannelConnector();
+ }
+
+ @InterfaceAudience.Private
+ public static Connector createDefaultChannelConnector() {
+ SelectChannelConnector ret = new SelectChannelConnector();
+ ret.setLowResourceMaxIdleTime(10000);
+ ret.setAcceptQueueSize(128);
+ ret.setResolveNames(false);
+ ret.setUseDirectBuffers(false);
+ if(Shell.WINDOWS) {
+ // result of setting the SO_REUSEADDR flag is different on Windows
+ // http://msdn.microsoft.com/en-us/library/ms740621(v=vs.85).aspx
+ // without this 2 NN's can start on the same machine and listen on
+ // the same port with indeterminate routing of incoming requests to them
+ ret.setReuseAddress(false);
+ }
+ ret.setHeaderBufferSize(1024*64);
+ return ret;
+ }
+
+ /** Get an array of FilterConfiguration specified in the conf */
+ private static FilterInitializer[] getFilterInitializers(Configuration conf) {
+ if (conf == null) {
+ return null;
+ }
+
+ Class[] classes = conf.getClasses(FILTER_INITIALIZERS_PROPERTY);
+ if (classes == null) {
+ return null;
+ }
+
+ FilterInitializer[] initializers = new FilterInitializer[classes.length];
+ for(int i = 0; i < classes.length; i++) {
+ initializers[i] = (FilterInitializer)ReflectionUtils.newInstance(
+ classes[i], conf);
+ }
+ return initializers;
+ }
+
+ /**
+ * Add default apps.
+ * @param appDir The application directory
+ * @throws IOException
+ */
+ protected void addDefaultApps(ContextHandlerCollection parent,
+ final String appDir, Configuration conf) throws IOException {
+ // set up the context for "/logs/" if "hadoop.log.dir" property is defined.
+ String logDir = this.logDir;
+ if (logDir == null) {
+ logDir = System.getProperty("hadoop.log.dir");
+ }
+ if (logDir != null) {
+ Context logContext = new Context(parent, "/logs");
+ logContext.setResourceBase(logDir);
+ logContext.addServlet(AdminAuthorizedServlet.class, "/*");
+ if (conf.getBoolean(
+ ServerConfigurationKeys.HBASE_JETTY_LOGS_SERVE_ALIASES,
+ ServerConfigurationKeys.DEFAULT_HBASE_JETTY_LOGS_SERVE_ALIASES)) {
+ @SuppressWarnings("unchecked")
+ Map params = logContext.getInitParams();
+ params.put(
+ "org.mortbay.jetty.servlet.Default.aliases", "true");
+ }
+ logContext.setDisplayName("logs");
+ setContextAttributes(logContext, conf);
+ addNoCacheFilter(webAppContext);
+ defaultContexts.put(logContext, true);
+ }
+ // set up the context for "/static/*"
+ Context staticContext = new Context(parent, "/static");
+ staticContext.setResourceBase(appDir + "/static");
+ staticContext.addServlet(DefaultServlet.class, "/*");
+ staticContext.setDisplayName("static");
+ setContextAttributes(staticContext, conf);
+ defaultContexts.put(staticContext, true);
+ }
+
+ private void setContextAttributes(Context context, Configuration conf) {
+ context.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, conf);
+ context.getServletContext().setAttribute(ADMINS_ACL, adminsAcl);
+ }
+
+ /**
+ * Add default servlets.
+ */
+ protected void addDefaultServlets() {
+ // set up default servlets
+ addServlet("stacks", "/stacks", StackServlet.class);
+ addServlet("logLevel", "/logLevel", LogLevel.Servlet.class);
+ addServlet("metrics", "/metrics", MetricsServlet.class);
+ addServlet("jmx", "/jmx", JMXJsonServlet.class);
+ addServlet("conf", "/conf", ConfServlet.class);
+ }
+
+ public void addContext(Context ctxt, boolean isFiltered)
+ throws IOException {
+ webServer.addHandler(ctxt);
+ addNoCacheFilter(webAppContext);
+ defaultContexts.put(ctxt, isFiltered);
+ }
+
+ /**
+ * Add a context
+ * @param pathSpec The path spec for the context
+ * @param dir The directory containing the context
+ * @param isFiltered if true, the servlet is added to the filter path mapping
+ * @throws IOException
+ */
+ protected void addContext(String pathSpec, String dir, boolean isFiltered) throws IOException {
+ if (0 == webServer.getHandlers().length) {
+ throw new RuntimeException("Couldn't find handler");
+ }
+ WebAppContext webAppCtx = new WebAppContext();
+ webAppCtx.setContextPath(pathSpec);
+ webAppCtx.setWar(dir);
+ addContext(webAppCtx, true);
+ }
+
+ /**
+ * Set a value in the webapp context. These values are available to the jsp
+ * pages as "application.getAttribute(name)".
+ * @param name The name of the attribute
+ * @param value The value of the attribute
+ */
+ public void setAttribute(String name, Object value) {
+ webAppContext.setAttribute(name, value);
+ }
+
+ /**
+ * Add a Jersey resource package.
+ * @param packageName The Java package name containing the Jersey resource.
+ * @param pathSpec The path spec for the servlet
+ */
+ public void addJerseyResourcePackage(final String packageName,
+ final String pathSpec) {
+ LOG.info("addJerseyResourcePackage: packageName=" + packageName
+ + ", pathSpec=" + pathSpec);
+ final ServletHolder sh = new ServletHolder(ServletContainer.class);
+ sh.setInitParameter("com.sun.jersey.config.property.resourceConfigClass",
+ "com.sun.jersey.api.core.PackagesResourceConfig");
+ sh.setInitParameter("com.sun.jersey.config.property.packages", packageName);
+ webAppContext.addServlet(sh, pathSpec);
+ }
+
+ /**
+ * Add a servlet in the server.
+ * @param name The name of the servlet (can be passed as null)
+ * @param pathSpec The path spec for the servlet
+ * @param clazz The servlet class
+ */
+ public void addServlet(String name, String pathSpec,
+ Class clazz) {
+ addInternalServlet(name, pathSpec, clazz, false);
+ addFilterPathMapping(pathSpec, webAppContext);
+ }
+
+ /**
+ * Add an internal servlet in the server.
+ * Note: This method is to be used for adding servlets that facilitate
+ * internal communication and not for user facing functionality. For
+ * servlets added using this method, filters are not enabled.
+ *
+ * @param name The name of the servlet (can be passed as null)
+ * @param pathSpec The path spec for the servlet
+ * @param clazz The servlet class
+ */
+ public void addInternalServlet(String name, String pathSpec,
+ Class clazz) {
+ addInternalServlet(name, pathSpec, clazz, false);
+ }
+
+ /**
+ * Add an internal servlet in the server, specifying whether or not to
+ * protect with Kerberos authentication.
+ * Note: This method is to be used for adding servlets that facilitate
+ * internal communication and not for user facing functionality. For
+ + * servlets added using this method, filters (except internal Kerberos
+ * filters) are not enabled.
+ *
+ * @param name The name of the servlet (can be passed as null)
+ * @param pathSpec The path spec for the servlet
+ * @param clazz The servlet class
+ * @param requireAuth Require Kerberos authenticate to access servlet
+ */
+ public void addInternalServlet(String name, String pathSpec,
+ Class clazz, boolean requireAuth) {
+ ServletHolder holder = new ServletHolder(clazz);
+ if (name != null) {
+ holder.setName(name);
+ }
+ webAppContext.addServlet(holder, pathSpec);
+
+ if(requireAuth && UserGroupInformation.isSecurityEnabled()) {
+ LOG.info("Adding Kerberos (SPNEGO) filter to " + name);
+ ServletHandler handler = webAppContext.getServletHandler();
+ FilterMapping fmap = new FilterMapping();
+ fmap.setPathSpec(pathSpec);
+ fmap.setFilterName(SPNEGO_FILTER);
+ fmap.setDispatches(Handler.ALL);
+ handler.addFilterMapping(fmap);
+ }
+ }
+
+ @Override
+ public void addFilter(String name, String classname,
+ Map parameters) {
+
+ final String[] USER_FACING_URLS = { "*.html", "*.jsp" };
+ defineFilter(webAppContext, name, classname, parameters, USER_FACING_URLS);
+ LOG.info("Added filter " + name + " (class=" + classname
+ + ") to context " + webAppContext.getDisplayName());
+ final String[] ALL_URLS = { "/*" };
+ for (Map.Entry e : defaultContexts.entrySet()) {
+ if (e.getValue()) {
+ Context ctx = e.getKey();
+ defineFilter(ctx, name, classname, parameters, ALL_URLS);
+ LOG.info("Added filter " + name + " (class=" + classname
+ + ") to context " + ctx.getDisplayName());
+ }
+ }
+ filterNames.add(name);
+ }
+
+ @Override
+ public void addGlobalFilter(String name, String classname,
+ Map parameters) {
+ final String[] ALL_URLS = { "/*" };
+ defineFilter(webAppContext, name, classname, parameters, ALL_URLS);
+ for (Context ctx : defaultContexts.keySet()) {
+ defineFilter(ctx, name, classname, parameters, ALL_URLS);
+ }
+ LOG.info("Added global filter '" + name + "' (class=" + classname + ")");
+ }
+
+ /**
+ * Define a filter for a context and set up default url mappings.
+ */
+ public static void defineFilter(Context ctx, String name,
+ String classname, Map parameters, String[] urls) {
+
+ FilterHolder holder = new FilterHolder();
+ holder.setName(name);
+ holder.setClassName(classname);
+ holder.setInitParameters(parameters);
+ FilterMapping fmap = new FilterMapping();
+ fmap.setPathSpecs(urls);
+ fmap.setDispatches(Handler.ALL);
+ fmap.setFilterName(name);
+ ServletHandler handler = ctx.getServletHandler();
+ handler.addFilter(holder, fmap);
+ }
+
+ /**
+ * Add the path spec to the filter path mapping.
+ * @param pathSpec The path spec
+ * @param webAppCtx The WebApplicationContext to add to
+ */
+ protected void addFilterPathMapping(String pathSpec,
+ Context webAppCtx) {
+ ServletHandler handler = webAppCtx.getServletHandler();
+ for(String name : filterNames) {
+ FilterMapping fmap = new FilterMapping();
+ fmap.setPathSpec(pathSpec);
+ fmap.setFilterName(name);
+ fmap.setDispatches(Handler.ALL);
+ handler.addFilterMapping(fmap);
+ }
+ }
+
+ /**
+ * Get the value in the webapp context.
+ * @param name The name of the attribute
+ * @return The value of the attribute
+ */
+ public Object getAttribute(String name) {
+ return webAppContext.getAttribute(name);
+ }
+
+ public WebAppContext getWebAppContext(){
+ return this.webAppContext;
+ }
+
+ public String getWebAppsPath(String appName) throws FileNotFoundException {
+ return getWebAppsPath(this.appDir, appName);
+ }
+
+ /**
+ * Get the pathname to the webapps files.
+ * @param appName eg "secondary" or "datanode"
+ * @return the pathname as a URL
+ * @throws FileNotFoundException if 'webapps' directory cannot be found on CLASSPATH.
+ */
+ protected String getWebAppsPath(String webapps, String appName) throws FileNotFoundException {
+ URL url = getClass().getClassLoader().getResource(webapps + "/" + appName);
+ if (url == null)
+ throw new FileNotFoundException(webapps + "/" + appName
+ + " not found in CLASSPATH");
+ String urlString = url.toString();
+ return urlString.substring(0, urlString.lastIndexOf('/'));
+ }
+
+ /**
+ * Get the port that the server is on
+ * @return the port
+ */
+ @Deprecated
+ public int getPort() {
+ return webServer.getConnectors()[0].getLocalPort();
+ }
+
+ /**
+ * Get the address that corresponds to a particular connector.
+ *
+ * @return the corresponding address for the connector, or null if there's no
+ * such connector or the connector is not bounded.
+ */
+ public InetSocketAddress getConnectorAddress(int index) {
+ Preconditions.checkArgument(index >= 0);
+ if (index > webServer.getConnectors().length)
+ return null;
+
+ Connector c = webServer.getConnectors()[index];
+ if (c.getLocalPort() == -1) {
+ // The connector is not bounded
+ return null;
+ }
+
+ return new InetSocketAddress(c.getHost(), c.getLocalPort());
+ }
+
+ /**
+ * Set the min, max number of worker threads (simultaneous connections).
+ */
+ public void setThreads(int min, int max) {
+ QueuedThreadPool pool = (QueuedThreadPool) webServer.getThreadPool();
+ pool.setMinThreads(min);
+ pool.setMaxThreads(max);
+ }
+
+ private void initSpnego(Configuration conf, String hostName,
+ String usernameConfKey, String keytabConfKey) throws IOException {
+ Map params = new HashMap();
+ String principalInConf = conf.get(usernameConfKey);
+ if (principalInConf != null && !principalInConf.isEmpty()) {
+ params.put("kerberos.principal", SecurityUtil.getServerPrincipal(
+ principalInConf, hostName));
+ }
+ String httpKeytab = conf.get(keytabConfKey);
+ if (httpKeytab != null && !httpKeytab.isEmpty()) {
+ params.put("kerberos.keytab", httpKeytab);
+ }
+ params.put(AuthenticationFilter.AUTH_TYPE, "kerberos");
+
+ defineFilter(webAppContext, SPNEGO_FILTER,
+ AuthenticationFilter.class.getName(), params, null);
+ }
+
+ /**
+ * Start the server. Does not wait for the server to start.
+ */
+ public void start() throws IOException {
+ try {
+ try {
+ openListeners();
+ webServer.start();
+ } catch (IOException ex) {
+ LOG.info("HttpServer.start() threw a non Bind IOException", ex);
+ throw ex;
+ } catch (MultiException ex) {
+ LOG.info("HttpServer.start() threw a MultiException", ex);
+ throw ex;
+ }
+ // Make sure there is no handler failures.
+ Handler[] handlers = webServer.getHandlers();
+ for (int i = 0; i < handlers.length; i++) {
+ if (handlers[i].isFailed()) {
+ throw new IOException(
+ "Problem in starting http server. Server handlers failed");
+ }
+ }
+ // Make sure there are no errors initializing the context.
+ Throwable unavailableException = webAppContext.getUnavailableException();
+ if (unavailableException != null) {
+ // Have to stop the webserver, or else its non-daemon threads
+ // will hang forever.
+ webServer.stop();
+ throw new IOException("Unable to initialize WebAppContext",
+ unavailableException);
+ }
+ } catch (IOException e) {
+ throw e;
+ } catch (InterruptedException e) {
+ throw (IOException) new InterruptedIOException(
+ "Interrupted while starting HTTP server").initCause(e);
+ } catch (Exception e) {
+ throw new IOException("Problem starting http server", e);
+ }
+ }
+
+ private void loadListeners() {
+ for (ListenerInfo li : listeners) {
+ webServer.addConnector(li.listener);
+ }
+ }
+
+ /**
+ * Open the main listener for the server
+ * @throws Exception
+ */
+ void openListeners() throws Exception {
+ for (ListenerInfo li : listeners) {
+ Connector listener = li.listener;
+ if (!li.isManaged || li.listener.getLocalPort() != -1) {
+ // This listener is either started externally or has been bound
+ continue;
+ }
+ int port = listener.getPort();
+ while (true) {
+ // jetty has a bug where you can't reopen a listener that previously
+ // failed to open w/o issuing a close first, even if the port is changed
+ try {
+ listener.close();
+ listener.open();
+ LOG.info("Jetty bound to port " + listener.getLocalPort());
+ break;
+ } catch (BindException ex) {
+ if (port == 0 || !findPort) {
+ BindException be = new BindException("Port in use: "
+ + listener.getHost() + ":" + listener.getPort());
+ be.initCause(ex);
+ throw be;
+ }
+ }
+ // try the next port number
+ listener.setPort(++port);
+ Thread.sleep(100);
+ }
+ }
+ }
+
+ /**
+ * stop the server
+ */
+ public void stop() throws Exception {
+ MultiException exception = null;
+ for (ListenerInfo li : listeners) {
+ if (!li.isManaged) {
+ continue;
+ }
+
+ try {
+ li.listener.close();
+ } catch (Exception e) {
+ LOG.error(
+ "Error while stopping listener for webapp"
+ + webAppContext.getDisplayName(), e);
+ exception = addMultiException(exception, e);
+ }
+ }
+
+ try {
+ // clear & stop webAppContext attributes to avoid memory leaks.
+ webAppContext.clearAttributes();
+ webAppContext.stop();
+ } catch (Exception e) {
+ LOG.error("Error while stopping web app context for webapp "
+ + webAppContext.getDisplayName(), e);
+ exception = addMultiException(exception, e);
+ }
+
+ try {
+ webServer.stop();
+ } catch (Exception e) {
+ LOG.error("Error while stopping web server for webapp "
+ + webAppContext.getDisplayName(), e);
+ exception = addMultiException(exception, e);
+ }
+
+ if (exception != null) {
+ exception.ifExceptionThrow();
+ }
+
+ }
+
+ private MultiException addMultiException(MultiException exception, Exception e) {
+ if(exception == null){
+ exception = new MultiException();
+ }
+ exception.add(e);
+ return exception;
+ }
+
+ public void join() throws InterruptedException {
+ webServer.join();
+ }
+
+ /**
+ * Test for the availability of the web server
+ * @return true if the web server is started, false otherwise
+ */
+ public boolean isAlive() {
+ return webServer != null && webServer.isStarted();
+ }
+
+ /**
+ * Return the host and port of the HttpServer, if live
+ * @return the classname and any HTTP URL
+ */
+ @Override
+ public String toString() {
+ if (listeners.size() == 0) {
+ return "Inactive HttpServer";
+ } else {
+ StringBuilder sb = new StringBuilder("HttpServer (")
+ .append(isAlive() ? STATE_DESCRIPTION_ALIVE : STATE_DESCRIPTION_NOT_LIVE).append("), listening at:");
+ for (ListenerInfo li : listeners) {
+ Connector l = li.listener;
+ sb.append(l.getHost()).append(":").append(l.getPort()).append("/,");
+ }
+ return sb.toString();
+ }
+ }
+
+ /**
+ * Checks the user has privileges to access to instrumentation servlets.
+ *
+ * If hadoop.security.instrumentation.requires.admin is set to FALSE
+ * (default value) it always returns TRUE.
+ *
+ * If hadoop.security.instrumentation.requires.admin is set to TRUE
+ * it will check that if the current user is in the admin ACLS. If the user is
+ * in the admin ACLs it returns TRUE, otherwise it returns FALSE.
+ *
+ * @param servletContext the servlet context.
+ * @param request the servlet request.
+ * @param response the servlet response.
+ * @return TRUE/FALSE based on the logic decribed above.
+ */
+ public static boolean isInstrumentationAccessAllowed(
+ ServletContext servletContext, HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
+ Configuration conf =
+ (Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE);
+
+ boolean access = true;
+ boolean adminAccess = conf.getBoolean(
+ CommonConfigurationKeys.HADOOP_SECURITY_INSTRUMENTATION_REQUIRES_ADMIN,
+ false);
+ if (adminAccess) {
+ access = hasAdministratorAccess(servletContext, request, response);
+ }
+ return access;
+ }
+
+ /**
+ * Does the user sending the HttpServletRequest has the administrator ACLs? If
+ * it isn't the case, response will be modified to send an error to the user.
+ *
+ * @param servletContext
+ * @param request
+ * @param response used to send the error response if user does not have admin access.
+ * @return true if admin-authorized, false otherwise
+ * @throws IOException
+ */
+ public static boolean hasAdministratorAccess(
+ ServletContext servletContext, HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
+ Configuration conf =
+ (Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE);
+ // If there is no authorization, anybody has administrator access.
+ if (!conf.getBoolean(
+ CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)) {
+ return true;
+ }
+
+ String remoteUser = request.getRemoteUser();
+ if (remoteUser == null) {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+ "Unauthenticated users are not " +
+ "authorized to access this page.");
+ return false;
+ }
+
+ if (servletContext.getAttribute(ADMINS_ACL) != null &&
+ !userHasAdministratorAccess(servletContext, remoteUser)) {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User "
+ + remoteUser + " is unauthorized to access this page.");
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Get the admin ACLs from the given ServletContext and check if the given
+ * user is in the ACL.
+ *
+ * @param servletContext the context containing the admin ACL.
+ * @param remoteUser the remote user to check for.
+ * @return true if the user is present in the ACL, false if no ACL is set or
+ * the user is not present
+ */
+ public static boolean userHasAdministratorAccess(ServletContext servletContext,
+ String remoteUser) {
+ AccessControlList adminsAcl = (AccessControlList) servletContext
+ .getAttribute(ADMINS_ACL);
+ UserGroupInformation remoteUserUGI =
+ UserGroupInformation.createRemoteUser(remoteUser);
+ return adminsAcl != null && adminsAcl.isUserAllowed(remoteUserUGI);
+ }
+
+ /**
+ * A very simple servlet to serve up a text representation of the current
+ * stack traces. It both returns the stacks to the caller and logs them.
+ * Currently the stack traces are done sequentially rather than exactly the
+ * same data.
+ */
+ public static class StackServlet extends HttpServlet {
+ private static final long serialVersionUID = -6284183679759467039L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ if (!HttpServer.isInstrumentationAccessAllowed(getServletContext(),
+ request, response)) {
+ return;
+ }
+ response.setContentType("text/plain; charset=UTF-8");
+ PrintWriter out = response.getWriter();
+ ReflectionUtils.printThreadInfo(out, "");
+ out.close();
+ ReflectionUtils.logThreadInfo(LOG, "jsp requested", 1);
+ }
+ }
+
+ /**
+ * A Servlet input filter that quotes all HTML active characters in the
+ * parameter names and values. The goal is to quote the characters to make
+ * all of the servlets resistant to cross-site scripting attacks.
+ */
+ public static class QuotingInputFilter implements Filter {
+ private FilterConfig config;
+
+ public static class RequestQuoter extends HttpServletRequestWrapper {
+ private final HttpServletRequest rawRequest;
+ public RequestQuoter(HttpServletRequest rawRequest) {
+ super(rawRequest);
+ this.rawRequest = rawRequest;
+ }
+
+ /**
+ * Return the set of parameter names, quoting each name.
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public Enumeration getParameterNames() {
+ return new Enumeration() {
+ private Enumeration rawIterator =
+ rawRequest.getParameterNames();
+ @Override
+ public boolean hasMoreElements() {
+ return rawIterator.hasMoreElements();
+ }
+
+ @Override
+ public String nextElement() {
+ return HtmlQuoting.quoteHtmlChars(rawIterator.nextElement());
+ }
+ };
+ }
+
+ /**
+ * Unquote the name and quote the value.
+ */
+ @Override
+ public String getParameter(String name) {
+ return HtmlQuoting.quoteHtmlChars(rawRequest.getParameter
+ (HtmlQuoting.unquoteHtmlChars(name)));
+ }
+
+ @Override
+ public String[] getParameterValues(String name) {
+ String unquoteName = HtmlQuoting.unquoteHtmlChars(name);
+ String[] unquoteValue = rawRequest.getParameterValues(unquoteName);
+ if (unquoteValue == null) {
+ return null;
+ }
+ String[] result = new String[unquoteValue.length];
+ for(int i=0; i < result.length; ++i) {
+ result[i] = HtmlQuoting.quoteHtmlChars(unquoteValue[i]);
+ }
+ return result;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public Map getParameterMap() {
+ Map result = new HashMap();
+ Map raw = rawRequest.getParameterMap();
+ for (Map.Entry item: raw.entrySet()) {
+ String[] rawValue = item.getValue();
+ String[] cookedValue = new String[rawValue.length];
+ for(int i=0; i< rawValue.length; ++i) {
+ cookedValue[i] = HtmlQuoting.quoteHtmlChars(rawValue[i]);
+ }
+ result.put(HtmlQuoting.quoteHtmlChars(item.getKey()), cookedValue);
+ }
+ return result;
+ }
+
+ /**
+ * Quote the url so that users specifying the HOST HTTP header
+ * can't inject attacks.
+ */
+ @Override
+ public StringBuffer getRequestURL(){
+ String url = rawRequest.getRequestURL().toString();
+ return new StringBuffer(HtmlQuoting.quoteHtmlChars(url));
+ }
+
+ /**
+ * Quote the server name so that users specifying the HOST HTTP header
+ * can't inject attacks.
+ */
+ @Override
+ public String getServerName() {
+ return HtmlQuoting.quoteHtmlChars(rawRequest.getServerName());
+ }
+ }
+
+ @Override
+ public void init(FilterConfig config) throws ServletException {
+ this.config = config;
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ @Override
+ public void doFilter(ServletRequest request,
+ ServletResponse response,
+ FilterChain chain
+ ) throws IOException, ServletException {
+ HttpServletRequestWrapper quoted =
+ new RequestQuoter((HttpServletRequest) request);
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+
+ String mime = inferMimeType(request);
+ if (mime == null) {
+ httpResponse.setContentType("text/plain; charset=utf-8");
+ } else if (mime.startsWith("text/html")) {
+ // HTML with unspecified encoding, we want to
+ // force HTML with utf-8 encoding
+ // This is to avoid the following security issue:
+ // http://openmya.hacker.jp/hasegawa/security/utf7cs.html
+ httpResponse.setContentType("text/html; charset=utf-8");
+ } else if (mime.startsWith("application/xml")) {
+ httpResponse.setContentType("text/xml; charset=utf-8");
+ }
+ chain.doFilter(quoted, httpResponse);
+ }
+
+ /**
+ * Infer the mime type for the response based on the extension of the request
+ * URI. Returns null if unknown.
+ */
+ private String inferMimeType(ServletRequest request) {
+ String path = ((HttpServletRequest)request).getRequestURI();
+ ContextHandler.SContext sContext = (ContextHandler.SContext)config.getServletContext();
+ MimeTypes mimes = sContext.getContextHandler().getMimeTypes();
+ Buffer mimeBuffer = mimes.getMimeByExtension(path);
+ return (mimeBuffer == null) ? null : mimeBuffer.toString();
+ }
+
+ }
+
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/InfoServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/InfoServer.java
new file mode 100644
index 00000000000..911f0406d3c
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/InfoServer.java
@@ -0,0 +1,90 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hbase.http;
+
+import java.io.IOException;
+import java.net.URI;
+
+import javax.servlet.http.HttpServlet;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.conf.Configuration;
+
+/**
+ * Create a Jetty embedded server to answer http requests. The primary goal
+ * is to serve up status information for the server.
+ * There are three contexts:
+ * "/stacks/" -> points to stack trace
+ * "/static/" -> points to common static files (src/hbase-webapps/static)
+ * "/" -> the jsp server code from (src/hbase-webapps/)
+ */
+@InterfaceAudience.Private
+public class InfoServer {
+ private static final String HBASE_APP_DIR = "hbase-webapps";
+ private final HttpServer httpServer;
+
+ /**
+ * Create a status server on the given port.
+ * The jsp scripts are taken from src/hbase-webapps/name.
+ * @param name The name of the server
+ * @param bindAddress address to bind to
+ * @param port The port to use on the server
+ * @param findPort whether the server should start at the given port and
+ * increment by 1 until it finds a free port.
+ * @throws IOException e
+ */
+ public InfoServer(String name, String bindAddress, int port, boolean findPort,
+ final Configuration c)
+ throws IOException {
+ HttpServer.Builder builder = new HttpServer.Builder();
+ builder
+ .setName(name)
+ .addEndpoint(URI.create("http://" + bindAddress + ":" + port))
+ .setAppDir(HBASE_APP_DIR).setFindPort(findPort).setConf(c);
+ String logDir = System.getProperty("hbase.log.dir");
+ if (logDir != null) {
+ builder.setLogDir(logDir);
+ }
+ this.httpServer = builder.build();
+ }
+
+ public void addServlet(String name, String pathSpec,
+ Class clazz) {
+ this.httpServer.addServlet(name, pathSpec, clazz);
+ }
+
+ public void setAttribute(String name, Object value) {
+ this.httpServer.setAttribute(name, value);
+ }
+
+ public void start() throws IOException {
+ this.httpServer.start();
+ }
+
+ @Deprecated
+ public int getPort() {
+ return this.httpServer.getPort();
+ }
+
+ public void stop() throws Exception {
+ this.httpServer.stop();
+ }
+
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
new file mode 100644
index 00000000000..fffbd8e0845
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class NoCacheFilter implements Filter {
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res,
+ FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletResponse httpRes = (HttpServletResponse) res;
+ httpRes.setHeader("Cache-Control", "no-cache");
+ long now = System.currentTimeMillis();
+ httpRes.addDateHeader("Expires", now);
+ httpRes.addDateHeader("Date", now);
+ httpRes.addHeader("Pragma", "no-cache");
+ chain.doFilter(req, res);
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/ServerConfigurationKeys.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/ServerConfigurationKeys.java
new file mode 100644
index 00000000000..80026ffcffe
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/ServerConfigurationKeys.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+
+/**
+ * This interface contains constants for configuration keys used
+ * in the hbase http server code.
+ */
+@InterfaceAudience.Private
+@InterfaceStability.Evolving
+public interface ServerConfigurationKeys {
+
+ /** Enable/Disable ssl for http server */
+ public static final String HBASE_SSL_ENABLED_KEY = "hbase.ssl.enabled";
+
+ public static final boolean HBASE_SSL_ENABLED_DEFAULT = false;
+
+ /** Enable/Disable aliases serving from jetty */
+ public static final String HBASE_JETTY_LOGS_SERVE_ALIASES =
+ "hbase.jetty.logs.serve.aliases";
+
+ public static final boolean DEFAULT_HBASE_JETTY_LOGS_SERVE_ALIASES =
+ true;
+
+ public static final String HBASE_HTTP_STATIC_USER = "hbase.http.staticuser.user";
+
+ public static final String DEFAULT_HBASE_HTTP_STATIC_USER = "dr.stack";
+
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/conf/ConfServlet.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/conf/ConfServlet.java
new file mode 100644
index 00000000000..aee6231ffd6
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/conf/ConfServlet.java
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http.conf;
+
+import java.io.IOException;
+import java.io.Writer;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.http.HttpServer;
+
+/**
+ * A servlet to print out the running configuration data.
+ */
+@InterfaceAudience.LimitedPrivate({"HBase"})
+@InterfaceStability.Unstable
+public class ConfServlet extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
+ private static final String FORMAT_JSON = "json";
+ private static final String FORMAT_XML = "xml";
+ private static final String FORMAT_PARAM = "format";
+
+ /**
+ * Return the Configuration of the daemon hosting this servlet.
+ * This is populated when the HttpServer starts.
+ */
+ private Configuration getConfFromContext() {
+ Configuration conf = (Configuration)getServletContext().getAttribute(
+ HttpServer.CONF_CONTEXT_ATTRIBUTE);
+ assert conf != null;
+ return conf;
+ }
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ if (!HttpServer.isInstrumentationAccessAllowed(getServletContext(),
+ request, response)) {
+ return;
+ }
+
+ String format = request.getParameter(FORMAT_PARAM);
+ if (null == format) {
+ format = FORMAT_XML;
+ }
+
+ if (FORMAT_XML.equals(format)) {
+ response.setContentType("text/xml; charset=utf-8");
+ } else if (FORMAT_JSON.equals(format)) {
+ response.setContentType("application/json; charset=utf-8");
+ }
+
+ Writer out = response.getWriter();
+ try {
+ writeResponse(getConfFromContext(), out, format);
+ } catch (BadFormatException bfe) {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST, bfe.getMessage());
+ }
+ out.close();
+ }
+
+ /**
+ * Guts of the servlet - extracted for easy testing.
+ */
+ static void writeResponse(Configuration conf, Writer out, String format)
+ throws IOException, BadFormatException {
+ if (FORMAT_JSON.equals(format)) {
+ Configuration.dumpConfiguration(conf, out);
+ } else if (FORMAT_XML.equals(format)) {
+ conf.writeXml(out);
+ } else {
+ throw new BadFormatException("Bad format: " + format);
+ }
+ }
+
+ public static class BadFormatException extends Exception {
+ private static final long serialVersionUID = 1L;
+
+ public BadFormatException(String msg) {
+ super(msg);
+ }
+ }
+
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/jmx/JMXJsonServlet.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/jmx/JMXJsonServlet.java
new file mode 100644
index 00000000000..d3812b69873
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/jmx/JMXJsonServlet.java
@@ -0,0 +1,423 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hbase.http.jmx;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.lang.management.ManagementFactory;
+import java.lang.reflect.Array;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.management.AttributeNotFoundException;
+import javax.management.InstanceNotFoundException;
+import javax.management.IntrospectionException;
+import javax.management.MBeanAttributeInfo;
+import javax.management.MBeanException;
+import javax.management.MBeanInfo;
+import javax.management.MBeanServer;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.management.ReflectionException;
+import javax.management.RuntimeErrorException;
+import javax.management.RuntimeMBeanException;
+import javax.management.openmbean.CompositeData;
+import javax.management.openmbean.CompositeType;
+import javax.management.openmbean.TabularData;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.hbase.http.HttpServer;
+import org.codehaus.jackson.JsonFactory;
+import org.codehaus.jackson.JsonGenerator;
+
+/*
+ * This servlet is based off of the JMXProxyServlet from Tomcat 7.0.14. It has
+ * been rewritten to be read only and to output in a JSON format so it is not
+ * really that close to the original.
+ */
+/**
+ * Provides Read only web access to JMX.
+ *
+ * This servlet generally will be placed under the /jmx URL for each
+ * HttpServer. It provides read only
+ * access to JMX metrics. The optional qry parameter
+ * may be used to query only a subset of the JMX Beans. This query
+ * functionality is provided through the
+ * {@link MBeanServer#queryNames(ObjectName, javax.management.QueryExp)}
+ * method.
+ *
+ * For example http://.../jmx?qry=Hadoop:* will return
+ * all hadoop metrics exposed through JMX.
+ *
+ * The optional get parameter is used to query an specific
+ * attribute of a JMX bean. The format of the URL is
+ * http://.../jmx?get=MXBeanName::AttributeName
+ *
+ * For example
+ *
+ * http://../jmx?get=Hadoop:service=NameNode,name=NameNodeInfo::ClusterId
+ * will return the cluster id of the namenode mxbean.
+ *
+ * If the qry or the get parameter is not formatted
+ * correctly then a 400 BAD REQUEST http response code will be returned.
+ *
+ * If a resouce such as a mbean or attribute can not be found,
+ * a 404 SC_NOT_FOUND http response code will be returned.
+ *
+ * The servlet attempts to convert the the JMXBeans into JSON. Each
+ * bean's attributes will be converted to a JSON object member.
+ *
+ * If the attribute is a boolean, a number, a string, or an array
+ * it will be converted to the JSON equivalent.
+ *
+ * If the value is a {@link CompositeData} then it will be converted
+ * to a JSON object with the keys as the name of the JSON member and
+ * the value is converted following these same rules.
+ *
+ * If the value is a {@link TabularData} then it will be converted
+ * to an array of the {@link CompositeData} elements that it contains.
+ *
+ * All other objects will be converted to a string and output as such.
+ *
+ * The bean's name and modelerType will be returned for all beans.
+ *
+ * Optional paramater "callback" should be used to deliver JSONP response.
+ *
+ */
+public class JMXJsonServlet extends HttpServlet {
+ private static final Log LOG = LogFactory.getLog(JMXJsonServlet.class);
+
+ private static final long serialVersionUID = 1L;
+
+ private static final String CALLBACK_PARAM = "callback";
+
+ /**
+ * MBean server.
+ */
+ protected transient MBeanServer mBeanServer;
+
+ /**
+ * Json Factory to create Json generators for write objects in json format
+ */
+ protected transient JsonFactory jsonFactory;
+ /**
+ * Initialize this servlet.
+ */
+ @Override
+ public void init() throws ServletException {
+ // Retrieve the MBean server
+ mBeanServer = ManagementFactory.getPlatformMBeanServer();
+ jsonFactory = new JsonFactory();
+ }
+
+ /**
+ * Process a GET request for the specified resource.
+ *
+ * @param request
+ * The servlet request we are processing
+ * @param response
+ * The servlet response we are creating
+ */
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) {
+ try {
+ if (!HttpServer.isInstrumentationAccessAllowed(getServletContext(),
+ request, response)) {
+ return;
+ }
+ JsonGenerator jg = null;
+ String jsonpcb = null;
+ PrintWriter writer = null;
+ try {
+ writer = response.getWriter();
+
+ // "callback" parameter implies JSONP outpout
+ jsonpcb = request.getParameter(CALLBACK_PARAM);
+ if (jsonpcb != null) {
+ response.setContentType("application/javascript; charset=utf8");
+ writer.write(jsonpcb + "(");
+ } else {
+ response.setContentType("application/json; charset=utf8");
+ }
+
+ jg = jsonFactory.createJsonGenerator(writer);
+ jg.disable(JsonGenerator.Feature.AUTO_CLOSE_TARGET);
+ jg.useDefaultPrettyPrinter();
+ jg.writeStartObject();
+
+ // query per mbean attribute
+ String getmethod = request.getParameter("get");
+ if (getmethod != null) {
+ String[] splitStrings = getmethod.split("\\:\\:");
+ if (splitStrings.length != 2) {
+ jg.writeStringField("result", "ERROR");
+ jg.writeStringField("message", "query format is not as expected.");
+ jg.flush();
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ return;
+ }
+ listBeans(jg, new ObjectName(splitStrings[0]), splitStrings[1],
+ response);
+ return;
+ }
+
+ // query per mbean
+ String qry = request.getParameter("qry");
+ if (qry == null) {
+ qry = "*:*";
+ }
+ listBeans(jg, new ObjectName(qry), null, response);
+ } finally {
+ if (jg != null) {
+ jg.close();
+ }
+ if (jsonpcb != null) {
+ writer.write(");");
+ }
+ if (writer != null) {
+ writer.close();
+ }
+ }
+ } catch (IOException e) {
+ LOG.error("Caught an exception while processing JMX request", e);
+ response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ } catch (MalformedObjectNameException e) {
+ LOG.error("Caught an exception while processing JMX request", e);
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ }
+ }
+
+ // --------------------------------------------------------- Private Methods
+ private void listBeans(JsonGenerator jg, ObjectName qry, String attribute,
+ HttpServletResponse response)
+ throws IOException {
+ LOG.debug("Listing beans for "+qry);
+ Set names = null;
+ names = mBeanServer.queryNames(qry, null);
+
+ jg.writeArrayFieldStart("beans");
+ Iterator it = names.iterator();
+ while (it.hasNext()) {
+ ObjectName oname = it.next();
+ MBeanInfo minfo;
+ String code = "";
+ Object attributeinfo = null;
+ try {
+ minfo = mBeanServer.getMBeanInfo(oname);
+ code = minfo.getClassName();
+ String prs = "";
+ try {
+ if ("org.apache.commons.modeler.BaseModelMBean".equals(code)) {
+ prs = "modelerType";
+ code = (String) mBeanServer.getAttribute(oname, prs);
+ }
+ if (attribute!=null) {
+ prs = attribute;
+ attributeinfo = mBeanServer.getAttribute(oname, prs);
+ }
+ } catch (AttributeNotFoundException e) {
+ // If the modelerType attribute was not found, the class name is used
+ // instead.
+ LOG.error("getting attribute " + prs + " of " + oname
+ + " threw an exception", e);
+ } catch (MBeanException e) {
+ // The code inside the attribute getter threw an exception so log it,
+ // and fall back on the class name
+ LOG.error("getting attribute " + prs + " of " + oname
+ + " threw an exception", e);
+ } catch (RuntimeException e) {
+ // For some reason even with an MBeanException available to them
+ // Runtime exceptionscan still find their way through, so treat them
+ // the same as MBeanException
+ LOG.error("getting attribute " + prs + " of " + oname
+ + " threw an exception", e);
+ } catch ( ReflectionException e ) {
+ // This happens when the code inside the JMX bean (setter?? from the
+ // java docs) threw an exception, so log it and fall back on the
+ // class name
+ LOG.error("getting attribute " + prs + " of " + oname
+ + " threw an exception", e);
+ }
+ } catch (InstanceNotFoundException e) {
+ //Ignored for some reason the bean was not found so don't output it
+ continue;
+ } catch ( IntrospectionException e ) {
+ // This is an internal error, something odd happened with reflection so
+ // log it and don't output the bean.
+ LOG.error("Problem while trying to process JMX query: " + qry
+ + " with MBean " + oname, e);
+ continue;
+ } catch ( ReflectionException e ) {
+ // This happens when the code inside the JMX bean threw an exception, so
+ // log it and don't output the bean.
+ LOG.error("Problem while trying to process JMX query: " + qry
+ + " with MBean " + oname, e);
+ continue;
+ }
+
+ jg.writeStartObject();
+ jg.writeStringField("name", oname.toString());
+
+ jg.writeStringField("modelerType", code);
+ if ((attribute != null) && (attributeinfo == null)) {
+ jg.writeStringField("result", "ERROR");
+ jg.writeStringField("message", "No attribute with name " + attribute
+ + " was found.");
+ jg.writeEndObject();
+ jg.writeEndArray();
+ jg.close();
+ response.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ return;
+ }
+
+ if (attribute != null) {
+ writeAttribute(jg, attribute, attributeinfo);
+ } else {
+ MBeanAttributeInfo attrs[] = minfo.getAttributes();
+ for (int i = 0; i < attrs.length; i++) {
+ writeAttribute(jg, oname, attrs[i]);
+ }
+ }
+ jg.writeEndObject();
+ }
+ jg.writeEndArray();
+ }
+
+ private void writeAttribute(JsonGenerator jg, ObjectName oname, MBeanAttributeInfo attr) throws IOException {
+ if (!attr.isReadable()) {
+ return;
+ }
+ String attName = attr.getName();
+ if ("modelerType".equals(attName)) {
+ return;
+ }
+ if (attName.indexOf("=") >= 0 || attName.indexOf(":") >= 0
+ || attName.indexOf(" ") >= 0) {
+ return;
+ }
+ Object value = null;
+ try {
+ value = mBeanServer.getAttribute(oname, attName);
+ } catch (RuntimeMBeanException e) {
+ // UnsupportedOperationExceptions happen in the normal course of business,
+ // so no need to log them as errors all the time.
+ if (e.getCause() instanceof UnsupportedOperationException) {
+ LOG.debug("getting attribute "+attName+" of "+oname+" threw an exception", e);
+ } else {
+ LOG.error("getting attribute "+attName+" of "+oname+" threw an exception", e);
+ }
+ return;
+ } catch (RuntimeErrorException e) {
+ // RuntimeErrorException happens when an unexpected failure occurs in getAttribute
+ // for example https://issues.apache.org/jira/browse/DAEMON-120
+ LOG.debug("getting attribute "+attName+" of "+oname+" threw an exception", e);
+ return;
+ } catch (AttributeNotFoundException e) {
+ //Ignored the attribute was not found, which should never happen because the bean
+ //just told us that it has this attribute, but if this happens just don't output
+ //the attribute.
+ return;
+ } catch (MBeanException e) {
+ //The code inside the attribute getter threw an exception so log it, and
+ // skip outputting the attribute
+ LOG.error("getting attribute "+attName+" of "+oname+" threw an exception", e);
+ return;
+ } catch (RuntimeException e) {
+ //For some reason even with an MBeanException available to them Runtime exceptions
+ //can still find their way through, so treat them the same as MBeanException
+ LOG.error("getting attribute "+attName+" of "+oname+" threw an exception", e);
+ return;
+ } catch (ReflectionException e) {
+ //This happens when the code inside the JMX bean (setter?? from the java docs)
+ //threw an exception, so log it and skip outputting the attribute
+ LOG.error("getting attribute "+attName+" of "+oname+" threw an exception", e);
+ return;
+ } catch (InstanceNotFoundException e) {
+ //Ignored the mbean itself was not found, which should never happen because we
+ //just accessed it (perhaps something unregistered in-between) but if this
+ //happens just don't output the attribute.
+ return;
+ }
+
+ writeAttribute(jg, attName, value);
+ }
+
+ private void writeAttribute(JsonGenerator jg, String attName, Object value) throws IOException {
+ jg.writeFieldName(attName);
+ writeObject(jg, value);
+ }
+
+ private void writeObject(JsonGenerator jg, Object value) throws IOException {
+ if(value == null) {
+ jg.writeNull();
+ } else {
+ Class c = value.getClass();
+ if (c.isArray()) {
+ jg.writeStartArray();
+ int len = Array.getLength(value);
+ for (int j = 0; j < len; j++) {
+ Object item = Array.get(value, j);
+ writeObject(jg, item);
+ }
+ jg.writeEndArray();
+ } else if(value instanceof Number) {
+ Number n = (Number)value;
+ jg.writeNumber(n.toString());
+ } else if(value instanceof Boolean) {
+ Boolean b = (Boolean)value;
+ jg.writeBoolean(b);
+ } else if(value instanceof CompositeData) {
+ CompositeData cds = (CompositeData)value;
+ CompositeType comp = cds.getCompositeType();
+ Set keys = comp.keySet();
+ jg.writeStartObject();
+ for(String key: keys) {
+ writeAttribute(jg, key, cds.get(key));
+ }
+ jg.writeEndObject();
+ } else if(value instanceof TabularData) {
+ TabularData tds = (TabularData)value;
+ jg.writeStartArray();
+ for(Object entry : tds.values()) {
+ writeObject(jg, entry);
+ }
+ jg.writeEndArray();
+ } else {
+ jg.writeString(value.toString());
+ }
+ }
+ }
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/jmx/package-info.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/jmx/package-info.java
new file mode 100644
index 00000000000..c33b340d225
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/jmx/package-info.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * This package provides access to JMX primarily through the
+ * {@link org.apache.hadoop.hbase.http.jmx.JMXJsonServlet} class.
+ *
+ * Copied from hadoop source code.
+ * See https://issues.apache.org/jira/browse/HADOOP-10232 to know why.
+ *
+ */
+package org.apache.hadoop.hbase.http.jmx;
\ No newline at end of file
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/lib/StaticUserWebFilter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/lib/StaticUserWebFilter.java
new file mode 100644
index 00000000000..9e2f1574a41
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/lib/StaticUserWebFilter.java
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http.lib;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.HashMap;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.http.FilterContainer;
+import org.apache.hadoop.hbase.http.FilterInitializer;
+
+import javax.servlet.Filter;
+
+import static org.apache.hadoop.hbase.http.ServerConfigurationKeys.HBASE_HTTP_STATIC_USER;
+import static org.apache.hadoop.hbase.http.ServerConfigurationKeys.DEFAULT_HBASE_HTTP_STATIC_USER;
+
+/**
+ * Provides a servlet filter that pretends to authenticate a fake user (Dr.Who)
+ * so that the web UI is usable for a secure cluster without authentication.
+ */
+public class StaticUserWebFilter extends FilterInitializer {
+ static final String DEPRECATED_UGI_KEY = "dfs.web.ugi";
+
+ private static final Log LOG = LogFactory.getLog(StaticUserWebFilter.class);
+
+ static class User implements Principal {
+ private final String name;
+ public User(String name) {
+ this.name = name;
+ }
+ @Override
+ public String getName() {
+ return name;
+ }
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+ @Override
+ public boolean equals(Object other) {
+ if (other == this) {
+ return true;
+ } else if (other == null || other.getClass() != getClass()) {
+ return false;
+ }
+ return ((User) other).name.equals(name);
+ }
+ @Override
+ public String toString() {
+ return name;
+ }
+ }
+
+ public static class StaticUserFilter implements Filter {
+ private User user;
+ private String username;
+
+ @Override
+ public void destroy() {
+ // NOTHING
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain
+ ) throws IOException, ServletException {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ // if the user is already authenticated, don't override it
+ if (httpRequest.getRemoteUser() != null) {
+ chain.doFilter(request, response);
+ } else {
+ HttpServletRequestWrapper wrapper =
+ new HttpServletRequestWrapper(httpRequest) {
+ @Override
+ public Principal getUserPrincipal() {
+ return user;
+ }
+ @Override
+ public String getRemoteUser() {
+ return username;
+ }
+ };
+ chain.doFilter(wrapper, response);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig conf) throws ServletException {
+ this.username = conf.getInitParameter(HBASE_HTTP_STATIC_USER);
+ this.user = new User(username);
+ }
+
+ }
+
+ @Override
+ public void initFilter(FilterContainer container, Configuration conf) {
+ HashMap options = new HashMap();
+
+ String username = getUsernameFromConf(conf);
+ options.put(HBASE_HTTP_STATIC_USER, username);
+
+ container.addFilter("static_user_filter",
+ StaticUserFilter.class.getName(),
+ options);
+ }
+
+ /**
+ * Retrieve the static username from the configuration.
+ */
+ static String getUsernameFromConf(Configuration conf) {
+ String oldStyleUgi = conf.get(DEPRECATED_UGI_KEY);
+ if (oldStyleUgi != null) {
+ // We can't use the normal configuration deprecation mechanism here
+ // since we need to split out the username from the configured UGI.
+ LOG.warn(DEPRECATED_UGI_KEY + " should not be used. Instead, use " +
+ HBASE_HTTP_STATIC_USER + ".");
+ String[] parts = oldStyleUgi.split(",");
+ return parts[0];
+ } else {
+ return conf.get(HBASE_HTTP_STATIC_USER,
+ DEFAULT_HBASE_HTTP_STATIC_USER);
+ }
+ }
+
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/lib/package-info.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/lib/package-info.java
new file mode 100644
index 00000000000..f92fa570a7b
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/lib/package-info.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ * This package provides user-selectable (via configuration) classes that add
+ * functionality to the web UI. They are configured as a list of classes in the
+ * configuration parameter hadoop.http.filter.initializers.
+ *
+ *
+ *
StaticUserWebFilter - An authorization plugin that makes all
+ * users a static configured user.
+ *
+ *
+ * Copied from hadoop source code.
+ * See https://issues.apache.org/jira/browse/HADOOP-10232 to know why
+ *
+ */
+@InterfaceAudience.LimitedPrivate({"HBase"})
+@InterfaceStability.Unstable
+package org.apache.hadoop.hbase.http.lib;
+
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/log/LogLevel.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/log/LogLevel.java
new file mode 100644
index 00000000000..c2a47c07a72
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/log/LogLevel.java
@@ -0,0 +1,175 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http.log;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.PrintWriter;
+import java.net.URL;
+import java.net.URLConnection;
+import java.util.regex.Pattern;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.commons.logging.impl.Jdk14Logger;
+import org.apache.commons.logging.impl.Log4JLogger;
+import org.apache.hadoop.classification.InterfaceAudience;
+import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.hbase.http.HttpServer;
+import org.apache.hadoop.util.ServletUtil;
+
+/**
+ * Change log level in runtime.
+ */
+@InterfaceStability.Evolving
+public class LogLevel {
+ public static final String USAGES = "\nUsage: General options are:\n"
+ + "\t[-getlevel ]\n"
+ + "\t[-setlevel ]\n";
+
+ /**
+ * A command line implementation
+ */
+ public static void main(String[] args) {
+ if (args.length == 3 && "-getlevel".equals(args[0])) {
+ process("http://" + args[1] + "/logLevel?log=" + args[2]);
+ return;
+ }
+ else if (args.length == 4 && "-setlevel".equals(args[0])) {
+ process("http://" + args[1] + "/logLevel?log=" + args[2]
+ + "&level=" + args[3]);
+ return;
+ }
+
+ System.err.println(USAGES);
+ System.exit(-1);
+ }
+
+ private static void process(String urlstring) {
+ try {
+ URL url = new URL(urlstring);
+ System.out.println("Connecting to " + url);
+ URLConnection connection = url.openConnection();
+ connection.connect();
+
+ BufferedReader in = new BufferedReader(new InputStreamReader(
+ connection.getInputStream()));
+ for(String line; (line = in.readLine()) != null; )
+ if (line.startsWith(MARKER)) {
+ System.out.println(TAG.matcher(line).replaceAll(""));
+ }
+ in.close();
+ } catch (IOException ioe) {
+ System.err.println("" + ioe);
+ }
+ }
+
+ static final String MARKER = "";
+ static final Pattern TAG = Pattern.compile("<[^>]*>");
+
+ /**
+ * A servlet implementation
+ */
+ @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
+ @InterfaceStability.Unstable
+ public static class Servlet extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response
+ ) throws ServletException, IOException {
+
+ // Do the authorization
+ if (!HttpServer.hasAdministratorAccess(getServletContext(), request,
+ response)) {
+ return;
+ }
+
+ PrintWriter out = ServletUtil.initHTML(response, "Log Level");
+ String logName = ServletUtil.getParameter(request, "log");
+ String level = ServletUtil.getParameter(request, "level");
+
+ if (logName != null) {
+ out.println("
"
+ + "\n"
+ + "\n";
+
+ private static void process(org.apache.log4j.Logger log, String level,
+ PrintWriter out) throws IOException {
+ if (level != null) {
+ if (!level.equals(org.apache.log4j.Level.toLevel(level).toString())) {
+ out.println(MARKER + "Bad level : " + level + " ");
+ } else {
+ log.setLevel(org.apache.log4j.Level.toLevel(level));
+ out.println(MARKER + "Setting Level to " + level + " ... ");
+ }
+ }
+ out.println(MARKER
+ + "Effective level: " + log.getEffectiveLevel() + " ");
+ }
+
+ private static void process(java.util.logging.Logger log, String level,
+ PrintWriter out) throws IOException {
+ if (level != null) {
+ log.setLevel(java.util.logging.Level.parse(level));
+ out.println(MARKER + "Setting Level to " + level + " ... ");
+ }
+
+ java.util.logging.Level lev;
+ for(; (lev = log.getLevel()) == null; log = log.getParent());
+ out.println(MARKER + "Effective level: " + lev + " ");
+ }
+ }
+}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/http/package-info.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/package-info.java
new file mode 100644
index 00000000000..045bafeaeee
--- /dev/null
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/http/package-info.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * Copied from hadoop source code.
+ * See https://issues.apache.org/jira/browse/HADOOP-10232 to know why.
+ *
+ */
+@InterfaceStability.Unstable
+package org.apache.hadoop.hbase.http;
+
+import org.apache.hadoop.classification.InterfaceStability;
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index c798e4bf2e6..6a5c77e626d 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -73,6 +73,8 @@ import org.apache.hadoop.hbase.CoordinatedStateManager;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.exceptions.DeserializationException;
import org.apache.hadoop.hbase.executor.ExecutorType;
+import org.apache.hadoop.hbase.http.InfoServer;
+import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
import org.apache.hadoop.hbase.ipc.RequestContext;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.ipc.ServerNotRunningYetException;
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
index f251bb82bac..fdf2cd39222 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
@@ -85,6 +85,7 @@ import org.apache.hadoop.hbase.exceptions.RegionOpeningException;
import org.apache.hadoop.hbase.executor.ExecutorService;
import org.apache.hadoop.hbase.executor.ExecutorType;
import org.apache.hadoop.hbase.fs.HFileSystem;
+import org.apache.hadoop.hbase.http.InfoServer;
import org.apache.hadoop.hbase.io.hfile.CacheConfig;
import org.apache.hadoop.hbase.ipc.RpcClient;
import org.apache.hadoop.hbase.ipc.RpcServerInterface;
@@ -124,7 +125,6 @@ import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;
import org.apache.hadoop.hbase.util.FSTableDescriptors;
import org.apache.hadoop.hbase.util.FSUtils;
import org.apache.hadoop.hbase.util.HasThread;
-import org.apache.hadoop.hbase.util.InfoServer;
import org.apache.hadoop.hbase.util.JvmPauseMonitor;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.hbase.util.Sleeper;
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java
index d2c4e9d1186..0701a062324 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java
@@ -34,10 +34,10 @@ import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
+import org.apache.hadoop.hbase.http.InfoServer;
import org.apache.hadoop.hbase.rest.filter.AuthFilter;
import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.hbase.util.HttpServerUtil;
-import org.apache.hadoop.hbase.util.InfoServer;
import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.hbase.util.VersionInfo;
import org.apache.hadoop.net.DNS;
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/GenericTestUtils.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/GenericTestUtils.java
new file mode 100644
index 00000000000..6981c8af95f
--- /dev/null
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/GenericTestUtils.java
@@ -0,0 +1,365 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.StringWriter;
+import java.lang.management.ManagementFactory;
+import java.lang.management.ThreadInfo;
+import java.lang.management.ThreadMXBean;
+import java.lang.reflect.InvocationTargetException;
+import java.util.Arrays;
+import java.util.Random;
+import java.util.Set;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.regex.Pattern;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.impl.Log4JLogger;
+import org.apache.hadoop.fs.FileUtil;
+import org.apache.hadoop.util.StringUtils;
+import org.apache.hadoop.util.Time;
+import org.apache.log4j.Layout;
+import org.apache.log4j.Logger;
+import org.apache.log4j.WriterAppender;
+import org.junit.Assert;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+
+import com.google.common.base.Joiner;
+import com.google.common.base.Supplier;
+import com.google.common.collect.Sets;
+
+/**
+ * Test provides some very generic helpers which might be used across the tests
+ */
+public abstract class GenericTestUtils {
+
+ private static final AtomicInteger sequence = new AtomicInteger();
+
+ /**
+ * Extracts the name of the method where the invocation has happened
+ * @return String name of the invoking method
+ */
+ public static String getMethodName() {
+ return Thread.currentThread().getStackTrace()[2].getMethodName();
+ }
+
+ /**
+ * Generates a process-wide unique sequence number.
+ * @return an unique sequence number
+ */
+ public static int uniqueSequenceId() {
+ return sequence.incrementAndGet();
+ }
+
+ /**
+ * Assert that a given file exists.
+ */
+ public static void assertExists(File f) {
+ Assert.assertTrue("File " + f + " should exist", f.exists());
+ }
+
+ /**
+ * List all of the files in 'dir' that match the regex 'pattern'.
+ * Then check that this list is identical to 'expectedMatches'.
+ * @throws IOException if the dir is inaccessible
+ */
+ public static void assertGlobEquals(File dir, String pattern,
+ String ... expectedMatches) throws IOException {
+
+ Set found = Sets.newTreeSet();
+ for (File f : FileUtil.listFiles(dir)) {
+ if (f.getName().matches(pattern)) {
+ found.add(f.getName());
+ }
+ }
+ Set expectedSet = Sets.newTreeSet(
+ Arrays.asList(expectedMatches));
+ Assert.assertEquals("Bad files matching " + pattern + " in " + dir,
+ Joiner.on(",").join(expectedSet),
+ Joiner.on(",").join(found));
+ }
+
+ public static void assertExceptionContains(String string, Throwable t) {
+ String msg = t.getMessage();
+ Assert.assertTrue(
+ "Expected to find '" + string + "' but got unexpected exception:"
+ + StringUtils.stringifyException(t), msg.contains(string));
+ }
+
+ public static void waitFor(Supplier check,
+ int checkEveryMillis, int waitForMillis)
+ throws TimeoutException, InterruptedException
+ {
+ long st = Time.now();
+ do {
+ boolean result = check.get();
+ if (result) {
+ return;
+ }
+
+ Thread.sleep(checkEveryMillis);
+ } while (Time.now() - st < waitForMillis);
+
+ throw new TimeoutException("Timed out waiting for condition. " +
+ "Thread diagnostics:\n" +
+ TimedOutTestsListener.buildThreadDiagnosticString());
+ }
+
+ public static class LogCapturer {
+ private StringWriter sw = new StringWriter();
+ private WriterAppender appender;
+ private Logger logger;
+
+ public static LogCapturer captureLogs(Log l) {
+ Logger logger = ((Log4JLogger)l).getLogger();
+ LogCapturer c = new LogCapturer(logger);
+ return c;
+ }
+
+
+ private LogCapturer(Logger logger) {
+ this.logger = logger;
+ Layout layout = Logger.getRootLogger().getAppender("stdout").getLayout();
+ WriterAppender wa = new WriterAppender(layout, sw);
+ logger.addAppender(wa);
+ }
+
+ public String getOutput() {
+ return sw.toString();
+ }
+
+ public void stopCapturing() {
+ logger.removeAppender(appender);
+
+ }
+ }
+
+
+ /**
+ * Mockito answer helper that triggers one latch as soon as the
+ * method is called, then waits on another before continuing.
+ */
+ public static class DelayAnswer implements Answer