mirror of https://github.com/apache/lucene.git
SOLR-9762: Remove the workaround implemented for HADOOP-13346 (Kevin Risden)
Signed-off-by: Kevin Risden <krisden@apache.org>
This commit is contained in:
Kevin Risden
parent
9753e00294
commit
8f78c0591c
|
|
@ -107,6 +107,8 @@ Other Changes
|
|||
|
||||
* SOLR-13074: MoveReplicaHDFSTest leaks threads, falls into an endless loop, logging like crazy (Kevin Risden)
|
||||
|
||||
* SOLR-9762: Remove the workaround implemented for HADOOP-13346 (Kevin Risden)
|
||||
|
||||
================== 8.0.0 ==================
|
||||
|
||||
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ import static org.apache.solr.security.RequestContinuesRecorderAuthenticationHan
|
|||
import static org.apache.solr.security.HadoopAuthFilter.DELEGATION_TOKEN_ZK_CLIENT;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
|
@ -37,15 +36,15 @@ import javax.servlet.ServletRequest;
|
|||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpServletResponseWrapper;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonGenerator;
|
||||
import org.apache.commons.collections.iterators.IteratorEnumeration;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler;
|
||||
import org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder;
|
||||
import org.apache.solr.cloud.ZkController;
|
||||
import org.apache.solr.common.SolrException;
|
||||
import org.apache.solr.common.SolrException.ErrorCode;
|
||||
import org.apache.solr.common.util.SuppressForbidden;
|
||||
import org.apache.solr.core.CoreContainer;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
|
@ -189,6 +188,10 @@ public class HadoopAuthPlugin extends AuthenticationPlugin {
|
|||
// Configure proxy user settings.
|
||||
params.putAll(proxyUserConfigs);
|
||||
|
||||
// Needed to work around HADOOP-13346
|
||||
params.put(DelegationTokenAuthenticationHandler.JSON_MAPPER_PREFIX + JsonGenerator.Feature.AUTO_CLOSE_TARGET,
|
||||
"false");
|
||||
|
||||
final ServletContext servletContext = new AttributeOnlyServletContext();
|
||||
log.info("Params: "+params);
|
||||
|
||||
|
|
@ -244,20 +247,7 @@ public class HadoopAuthPlugin extends AuthenticationPlugin {
|
|||
log.info("-------------------------------");
|
||||
}
|
||||
|
||||
// Workaround until HADOOP-13346 is fixed.
|
||||
HttpServletResponse rspCloseShield = new HttpServletResponseWrapper(frsp) {
|
||||
@SuppressForbidden(reason = "Hadoop DelegationTokenAuthenticationFilter uses response writer, this" +
|
||||
"is providing a CloseShield on top of that")
|
||||
@Override
|
||||
public PrintWriter getWriter() throws IOException {
|
||||
final PrintWriter pw = new PrintWriterWrapper(frsp.getWriter()) {
|
||||
@Override
|
||||
public void close() {};
|
||||
};
|
||||
return pw;
|
||||
}
|
||||
};
|
||||
authFilter.doFilter(request, rspCloseShield, filterChain);
|
||||
authFilter.doFilter(request, frsp, filterChain);
|
||||
|
||||
switch (frsp.getStatus()) {
|
||||
case HttpServletResponse.SC_UNAUTHORIZED:
|
||||
|
|
|
|||
|
|
@ -16,8 +16,6 @@
|
|||
*/
|
||||
package org.apache.solr.security;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.util.Enumeration;
|
||||
import java.util.HashMap;
|
||||
|
|
@ -30,11 +28,11 @@ import javax.servlet.ServletContext;
|
|||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpServletResponseWrapper;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonGenerator;
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import org.apache.commons.collections.iterators.IteratorEnumeration;
|
||||
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler;
|
||||
import org.apache.solr.client.solrj.impl.Http2SolrClient;
|
||||
import org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder;
|
||||
import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder;
|
||||
|
|
@ -42,7 +40,6 @@ import org.apache.solr.cloud.ZkController;
|
|||
import org.apache.solr.common.SolrException;
|
||||
import org.apache.solr.common.SolrException.ErrorCode;
|
||||
import org.apache.solr.common.cloud.SecurityAwareZkACLProvider;
|
||||
import org.apache.solr.common.util.SuppressForbidden;
|
||||
import org.apache.solr.core.CoreContainer;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
|
@ -166,6 +163,11 @@ public class KerberosPlugin extends AuthenticationPlugin implements HttpClientBu
|
|||
params.put(key, System.getProperty(key));
|
||||
}
|
||||
}
|
||||
|
||||
// Needed to work around HADOOP-13346
|
||||
params.put(DelegationTokenAuthenticationHandler.JSON_MAPPER_PREFIX + JsonGenerator.Feature.AUTO_CLOSE_TARGET,
|
||||
"false");
|
||||
|
||||
final ServletContext servletContext = new AttributeOnlyServletContext();
|
||||
if (controller != null) {
|
||||
servletContext.setAttribute(DELEGATION_TOKEN_ZK_CLIENT, controller.getZkClient());
|
||||
|
|
@ -223,25 +225,7 @@ public class KerberosPlugin extends AuthenticationPlugin implements HttpClientBu
|
|||
public boolean doAuthenticate(ServletRequest req, ServletResponse rsp,
|
||||
FilterChain chain) throws Exception {
|
||||
log.debug("Request to authenticate using kerberos: "+req);
|
||||
|
||||
final HttpServletResponse frsp = (HttpServletResponse)rsp;
|
||||
|
||||
// kerberosFilter may close the stream and write to closed streams,
|
||||
// see HADOOP-13346. To work around, pass a PrintWriter that ignores
|
||||
// closes
|
||||
HttpServletResponse rspCloseShield = new HttpServletResponseWrapper(frsp) {
|
||||
@SuppressForbidden(reason = "Hadoop DelegationTokenAuthenticationFilter uses response writer, this" +
|
||||
"is providing a CloseShield on top of that")
|
||||
@Override
|
||||
public PrintWriter getWriter() throws IOException {
|
||||
final PrintWriter pw = new PrintWriterWrapper(frsp.getWriter()) {
|
||||
@Override
|
||||
public void close() {};
|
||||
};
|
||||
return pw;
|
||||
}
|
||||
};
|
||||
kerberosFilter.doFilter(req, rspCloseShield, chain);
|
||||
kerberosFilter.doFilter(req, rsp, chain);
|
||||
String requestContinuesAttr = (String)req.getAttribute(RequestContinuesRecorderAuthenticationHandler.REQUEST_CONTINUES_ATTR);
|
||||
if (requestContinuesAttr == null) {
|
||||
log.warn("Could not find " + RequestContinuesRecorderAuthenticationHandler.REQUEST_CONTINUES_ATTR);
|
||||
|
|
|
|||
Loading…
Reference in New Issue