Beispiel #1
0
        /// <summary>
        /// Get
        /// <see cref="Org.Apache.Hadoop.Security.UserGroupInformation"/>
        /// and possibly the delegation token out of
        /// the request.
        /// </summary>
        /// <param name="context">the ServletContext that is serving this request.</param>
        /// <param name="request">the http request</param>
        /// <param name="conf">configuration</param>
        /// <param name="secureAuthMethod">the AuthenticationMethod used in secure mode.</param>
        /// <param name="tryUgiParameter">Should it try the ugi parameter?</param>
        /// <returns>a new user from the request</returns>
        /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if the request has no token
        ///     </exception>
        /// <exception cref="System.IO.IOException"/>
        public static UserGroupInformation GetUGI(ServletContext context, HttpServletRequest
                                                  request, Configuration conf, UserGroupInformation.AuthenticationMethod secureAuthMethod
                                                  , bool tryUgiParameter)
        {
            UserGroupInformation ugi = null;
            string usernameFromQuery = GetUsernameFromQuery(request, tryUgiParameter);
            string doAsUserFromQuery = request.GetParameter(DoAsParam.Name);
            string remoteUser;

            if (UserGroupInformation.IsSecurityEnabled())
            {
                remoteUser = request.GetRemoteUser();
                string tokenString = request.GetParameter(DelegationParameterName);
                if (tokenString != null)
                {
                    // Token-based connections need only verify the effective user, and
                    // disallow proxying to different user.  Proxy authorization checks
                    // are not required since the checks apply to issuing a token.
                    ugi = GetTokenUGI(context, request, tokenString, conf);
                    CheckUsername(ugi.GetShortUserName(), usernameFromQuery);
                    CheckUsername(ugi.GetShortUserName(), doAsUserFromQuery);
                }
                else
                {
                    if (remoteUser == null)
                    {
                        throw new IOException("Security enabled but user not authenticated by filter");
                    }
                }
            }
            else
            {
                // Security's not on, pull from url or use default web user
                remoteUser = (usernameFromQuery == null) ? GetDefaultWebUserName(conf) : usernameFromQuery;
            }
            // not specified in request
            if (ugi == null)
            {
                // security is off, or there's no token
                ugi = UserGroupInformation.CreateRemoteUser(remoteUser);
                CheckUsername(ugi.GetShortUserName(), usernameFromQuery);
                if (UserGroupInformation.IsSecurityEnabled())
                {
                    // This is not necessarily true, could have been auth'ed by user-facing
                    // filter
                    ugi.SetAuthenticationMethod(secureAuthMethod);
                }
                if (doAsUserFromQuery != null)
                {
                    // create and attempt to authorize a proxy user
                    ugi = UserGroupInformation.CreateProxyUser(doAsUserFromQuery, ugi);
                    ProxyUsers.Authorize(ugi, GetRemoteAddr(request));
                }
            }
            if (Log.IsDebugEnabled())
            {
                Log.Debug("getUGI is returning: " + ugi.GetShortUserName());
            }
            return(ugi);
        }
Beispiel #2
0
        /// <summary>
        /// Enforces the content-type to be application/octet-stream for
        /// POST and PUT requests.
        /// </summary>
        /// <param name="request">servlet request.</param>
        /// <param name="response">servlet response.</param>
        /// <param name="chain">filter chain.</param>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurrs.</exception>
        /// <exception cref="Javax.Servlet.ServletException">thrown if a servet error occurrs.
        ///     </exception>
        public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain
                                     chain)
        {
            bool contentTypeOK          = true;
            HttpServletRequest  httpReq = (HttpServletRequest)request;
            HttpServletResponse httpRes = (HttpServletResponse)response;
            string method = httpReq.GetMethod();

            if (method.Equals("PUT") || method.Equals("POST"))
            {
                string op = httpReq.GetParameter(HttpFSFileSystem.OpParam);
                if (op != null && UploadOperations.Contains(StringUtils.ToUpperCase(op)))
                {
                    if (Sharpen.Runtime.EqualsIgnoreCase("true", httpReq.GetParameter(HttpFSParametersProvider.DataParam
                                                                                      .Name)))
                    {
                        string contentType = httpReq.GetContentType();
                        contentTypeOK = Sharpen.Runtime.EqualsIgnoreCase(HttpFSFileSystem.UploadContentType
                                                                         , contentType);
                    }
                }
            }
            if (contentTypeOK)
            {
                chain.DoFilter(httpReq, httpRes);
            }
            else
            {
                httpRes.SendError(HttpServletResponse.ScBadRequest, "Data upload requests must have content-type set to '"
                                  + HttpFSFileSystem.UploadContentType + "'");
            }
        }
Beispiel #3
0
        /// <exception cref="System.Exception"/>
        private void TestNonManagementOperation()
        {
            HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();

            Org.Mockito.Mockito.When(request.GetParameter(DelegationTokenAuthenticator.OpParam
                                                          )).ThenReturn(null);
            Assert.True(handler.ManagementOperation(null, request, null));
            Org.Mockito.Mockito.When(request.GetParameter(DelegationTokenAuthenticator.OpParam
                                                          )).ThenReturn("CREATE");
            Assert.True(handler.ManagementOperation(null, request, null));
        }
Beispiel #4
0
        private HttpServletRequest GetMockRequest(string remoteUser, string user, string
                                                  doAs)
        {
            HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();

            Org.Mockito.Mockito.When(request.GetParameter(UserParam.Name)).ThenReturn(user);
            if (doAs != null)
            {
                Org.Mockito.Mockito.When(request.GetParameter(DoAsParam.Name)).ThenReturn(doAs);
            }
            Org.Mockito.Mockito.When(request.GetRemoteUser()).ThenReturn(remoteUser);
            return(request);
        }
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                      )
        {
            FileInputStream editFileIn = null;

            try
            {
                ServletContext context = GetServletContext();
                Configuration  conf    = (Configuration)GetServletContext().GetAttribute(JspHelper.CurrentConf
                                                                                         );
                string journalId = request.GetParameter(JournalIdParam);
                QuorumJournalManager.CheckJournalId(journalId);
                JNStorage storage = JournalNodeHttpServer.GetJournalFromContext(context, journalId
                                                                                ).GetStorage();
                // Check security
                if (!CheckRequestorOrSendError(conf, request, response))
                {
                    return;
                }
                // Check that the namespace info is correct
                if (!CheckStorageInfoOrSendError(storage, request, response))
                {
                    return;
                }
                long segmentTxId       = ServletUtil.ParseLongParam(request, SegmentTxidParam);
                FileJournalManager fjm = storage.GetJournalManager();
                FilePath           editFile;
                lock (fjm)
                {
                    // Synchronize on the FJM so that the file doesn't get finalized
                    // out from underneath us while we're in the process of opening
                    // it up.
                    FileJournalManager.EditLogFile elf = fjm.GetLogFile(segmentTxId);
                    if (elf == null)
                    {
                        response.SendError(HttpServletResponse.ScNotFound, "No edit log found starting at txid "
                                           + segmentTxId);
                        return;
                    }
                    editFile = elf.GetFile();
                    ImageServlet.SetVerificationHeadersForGet(response, editFile);
                    ImageServlet.SetFileNameHeaders(response, editFile);
                    editFileIn = new FileInputStream(editFile);
                }
                DataTransferThrottler throttler = ImageServlet.GetThrottler(conf);
                // send edits
                TransferFsImage.CopyFileToStream(response.GetOutputStream(), editFile, editFileIn
                                                 , throttler);
            }
            catch (Exception t)
            {
                string errMsg = "getedit failed. " + StringUtils.StringifyException(t);
                response.SendError(HttpServletResponse.ScInternalServerError, errMsg);
                throw new IOException(errMsg);
            }
            finally
            {
                IOUtils.CloseStream(editFileIn);
            }
        }
Beispiel #6
0
        private static string GetUsernameFromQuery(HttpServletRequest request, bool tryUgiParameter
                                                   )
        {
            string username = request.GetParameter(UserParam.Name);

            if (username == null && tryUgiParameter)
            {
                //try ugi parameter
                string ugiStr = request.GetParameter("ugi");
                if (ugiStr != null)
                {
                    username = ugiStr.Split(",")[0];
                }
            }
            return(username);
        }
        /// <exception cref="System.IO.IOException"/>
        private bool CheckStorageInfoOrSendError(JNStorage storage, HttpServletRequest request
                                                 , HttpServletResponse response)
        {
            int    myNsId                 = storage.GetNamespaceID();
            string myClusterId            = storage.GetClusterID();
            string theirStorageInfoString = StringEscapeUtils.EscapeHtml(request.GetParameter
                                                                             (StorageinfoParam));

            if (theirStorageInfoString != null)
            {
                int theirNsId = StorageInfo.GetNsIdFromColonSeparatedString(theirStorageInfoString
                                                                            );
                string theirClusterId = StorageInfo.GetClusterIdFromColonSeparatedString(theirStorageInfoString
                                                                                         );
                if (myNsId != theirNsId || !myClusterId.Equals(theirClusterId))
                {
                    string msg = "This node has namespaceId '" + myNsId + " and clusterId '" + myClusterId
                                 + "' but the requesting node expected '" + theirNsId + "' and '" + theirClusterId
                                 + "'";
                    response.SendError(HttpServletResponse.ScForbidden, msg);
                    Log.Warn("Received an invalid request file transfer request from " + request.GetRemoteAddr
                                 () + ": " + msg);
                    return(false);
                }
            }
            return(true);
        }
        /// <summary>Get DFSClient for a namenode corresponding to the BPID from a datanode</summary>
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="System.Exception"/>
        public static DFSClient GetDFSClient(HttpServletRequest request, DataNode datanode
                                             , Configuration conf, UserGroupInformation ugi)
        {
            string nnAddr = request.GetParameter(JspHelper.NamenodeAddress);

            return(GetDFSClient(ugi, nnAddr, conf));
        }
Beispiel #9
0
            /// <exception cref="System.IO.IOException"/>
            /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
            ///     "/>
            public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                             response)
            {
                AuthenticationToken token = null;

                if (request.GetParameter("authenticated") != null)
                {
                    token = new AuthenticationToken(request.GetParameter("authenticated"), "U", "test"
                                                    );
                }
                else
                {
                    response.SetStatus(HttpServletResponse.ScUnauthorized);
                    response.SetHeader(KerberosAuthenticator.WwwAuthenticate, "dummy");
                }
                return(token);
            }
Beispiel #10
0
            public virtual string Get(string key, string defaultValue)
            {
                string value = MoreParams()[key];

                if (value == null)
                {
                    value = request.GetParameter(key);
                }
                return(value == null ? defaultValue : value);
            }
Beispiel #11
0
        public virtual void TestGetUgi()
        {
            conf.Set(DFSConfigKeys.FsDefaultNameKey, "hdfs://localhost:4321/");
            HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
            ServletContext     context = Org.Mockito.Mockito.Mock <ServletContext>();
            string             user    = "******";
            Text userText = new Text(user);
            DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText, userText
                                                                           , null);

            Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                       <DelegationTokenIdentifier>(dtId, new TestJspHelper.DummySecretManager(0, 0, 0,
                                                                                                                                                              0));
            string tokenString = token.EncodeToUrlString();

            Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName))
            .ThenReturn(tokenString);
            Org.Mockito.Mockito.When(request.GetRemoteUser()).ThenReturn(user);
            //Test attribute in the url to be used as service in the token.
            Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn
                ("1.1.1.1:1111");
            conf.Set(DFSConfigKeys.HadoopSecurityAuthentication, "kerberos");
            UserGroupInformation.SetConfiguration(conf);
            VerifyServiceInToken(context, request, "1.1.1.1:1111");
            //Test attribute name.node.address
            //Set the nnaddr url parameter to null.
            Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn
                (null);
            IPEndPoint addr = new IPEndPoint("localhost", 2222);

            Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey
                                                          )).ThenReturn(addr);
            VerifyServiceInToken(context, request, addr.Address.GetHostAddress() + ":2222");
            //Test service already set in the token
            token.SetService(new Text("3.3.3.3:3333"));
            tokenString = token.EncodeToUrlString();
            //Set the name.node.address attribute in Servlet context to null
            Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey
                                                          )).ThenReturn(null);
            Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName))
            .ThenReturn(tokenString);
            VerifyServiceInToken(context, request, "3.3.3.3:3333");
        }
Beispiel #12
0
            /// <param name="request">the object from which this servlet reads the url contents</param>
            /// <param name="response">the object into which this servlet writes the url contents
            ///     </param>
            /// <exception cref="System.IO.IOException">if the request is bad</exception>
            public GetImageParams(HttpServletRequest request, HttpServletResponse response)
            {
                IDictionary <string, string[]> pmap = request.GetParameterMap();

                isGetImage = isGetEdit = fetchLatest = false;
                foreach (KeyValuePair <string, string[]> entry in pmap)
                {
                    string   key = entry.Key;
                    string[] val = entry.Value;
                    if (key.Equals("getimage"))
                    {
                        isGetImage = true;
                        try
                        {
                            txId = ServletUtil.ParseLongParam(request, TxidParam);
                            string imageType = ServletUtil.GetParameter(request, ImageFileType);
                            nnf = imageType == null ? NNStorage.NameNodeFile.Image : NNStorage.NameNodeFile.ValueOf
                                      (imageType);
                        }
                        catch (FormatException nfe)
                        {
                            if (request.GetParameter(TxidParam).Equals(LatestFsimageValue))
                            {
                                fetchLatest = true;
                            }
                            else
                            {
                                throw;
                            }
                        }
                    }
                    else
                    {
                        if (key.Equals("getedit"))
                        {
                            isGetEdit = true;
                            startTxId = ServletUtil.ParseLongParam(request, StartTxidParam);
                            endTxId   = ServletUtil.ParseLongParam(request, EndTxidParam);
                        }
                        else
                        {
                            if (key.Equals(StorageinfoParam))
                            {
                                storageInfoString = val[0];
                            }
                        }
                    }
                }
                int numGets = (isGetImage ? 1 : 0) + (isGetEdit ? 1 : 0);

                if ((numGets > 1) || (numGets == 0))
                {
                    throw new IOException("Illegal parameters to TransferFsImage");
                }
            }
Beispiel #13
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Javax.Servlet.ServletException"/>
        public override void DoFilter(ServletRequest request, ServletResponse response, FilterChain
                                      filterChain)
        {
            HttpServletRequest httpRequest = ToLowerCase((HttpServletRequest)request);
            string             tokenString = httpRequest.GetParameter(DelegationParam.Name);

            if (tokenString != null)
            {
                //Token is present in the url, therefore token will be used for
                //authentication, bypass kerberos authentication.
                filterChain.DoFilter(httpRequest, response);
                return;
            }
            base.DoFilter(httpRequest, response, filterChain);
        }
Beispiel #14
0
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
        {
            UserGroupInformation ugi;
            ServletContext       context = GetServletContext();
            Configuration        conf    = NameNodeHttpServer.GetConfFromContext(context);

            try
            {
                ugi = GetUGI(req, conf);
            }
            catch (IOException ioe)
            {
                Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr
                             (), ioe);
                resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user"
                               );
                return;
            }
            NameNode nn          = NameNodeHttpServer.GetNameNodeFromContext(context);
            string   tokenString = req.GetParameter(Token);

            if (tokenString == null)
            {
                resp.SendError(HttpServletResponse.ScMultipleChoices, "Token to renew not specified"
                               );
            }
            Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                       <DelegationTokenIdentifier>();
            token.DecodeFromUrlString(tokenString);
            try
            {
                long        result = ugi.DoAs(new _PrivilegedExceptionAction_73(nn, token));
                PrintWriter os     = new PrintWriter(new OutputStreamWriter(resp.GetOutputStream(), Charsets
                                                                            .Utf8));
                os.WriteLine(result);
                os.Close();
            }
            catch (Exception e)
            {
                // transfer exception over the http
                string exceptionClass = e.GetType().FullName;
                string exceptionMsg   = e.GetLocalizedMessage();
                string strException   = exceptionClass + ";" + exceptionMsg;
                Log.Info("Exception while renewing token. Re-throwing. s=" + strException, e);
                resp.SendError(HttpServletResponse.ScInternalServerError, strException);
            }
        }
Beispiel #15
0
        public virtual void TestInstances()
        {
            Injector            injector = WebAppTests.CreateMockInjector(this);
            HttpServletRequest  req      = injector.GetInstance <HttpServletRequest>();
            HttpServletResponse res      = injector.GetInstance <HttpServletResponse>();
            string      val  = req.GetParameter("foo");
            PrintWriter @out = res.GetWriter();

            @out.WriteLine("Hello world!");
            LogInstances(req, res, @out);
            NUnit.Framework.Assert.AreSame(req, injector.GetInstance <HttpServletRequest>());
            NUnit.Framework.Assert.AreSame(res, injector.GetInstance <HttpServletResponse>());
            NUnit.Framework.Assert.AreSame(this, injector.GetInstance <TestWebAppTests>());
            Org.Mockito.Mockito.Verify(req).GetParameter("foo");
            Org.Mockito.Mockito.Verify(res).GetWriter();
            Org.Mockito.Mockito.Verify(@out).WriteLine("Hello world!");
        }
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
        {
            UserGroupInformation ugi;
            ServletContext       context = GetServletContext();
            Configuration        conf    = NameNodeHttpServer.GetConfFromContext(context);

            try
            {
                ugi = GetUGI(req, conf);
            }
            catch (IOException ioe)
            {
                Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr
                             (), ioe);
                resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user"
                               );
                return;
            }
            Log.Info("Sending token: {" + ugi.GetUserName() + "," + req.GetRemoteAddr() + "}"
                     );
            NameNode         nn           = NameNodeHttpServer.GetNameNodeFromContext(context);
            string           renewer      = req.GetParameter(Renewer);
            string           renewerFinal = (renewer == null) ? req.GetUserPrincipal().GetName() : renewer;
            DataOutputStream dos          = null;

            try
            {
                dos = new DataOutputStream(resp.GetOutputStream());
                DataOutputStream dosFinal = dos;
                // for doAs block
                ugi.DoAs(new _PrivilegedExceptionAction_69(nn, ugi, renewerFinal, dosFinal));
            }
            catch (Exception e)
            {
                Log.Info("Exception while sending token. Re-throwing ", e);
                resp.SendError(HttpServletResponse.ScInternalServerError);
            }
            finally
            {
                if (dos != null)
                {
                    dos.Close();
                }
            }
        }
            /// <exception cref="Javax.Servlet.ServletException"/>
            /// <exception cref="System.IO.IOException"/>
            protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                          )
            {
                InputStreamReader @in  = new InputStreamReader(request.GetInputStream());
                TextWriter        @out = new TextWriter(response.GetOutputStream());

                calledTimes++;
                try
                {
                    requestUri = new URI(null, null, request.GetRequestURI(), request.GetQueryString(
                                             ), null);
                    foundJobState = request.GetParameter("status");
                }
                catch (URISyntaxException)
                {
                }
                @in.Close();
                @out.Close();
            }
Beispiel #18
0
            /// <exception cref="Javax.Servlet.ServletException"/>
            /// <exception cref="System.IO.IOException"/>
            protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                          )
            {
                PrintWriter          @out       = response.GetWriter();
                ICollection <string> sortedKeys = new TreeSet <string>();
                Enumeration <string> keys       = request.GetParameterNames();

                while (keys.MoveNext())
                {
                    sortedKeys.AddItem(keys.Current);
                }
                foreach (string key in sortedKeys)
                {
                    @out.Write(key);
                    @out.Write(':');
                    @out.Write(request.GetParameter(key));
                    @out.Write('\n');
                }
                @out.Close();
            }
Beispiel #19
0
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                      )
        {
            if (!HttpServer2.IsInstrumentationAccessAllowed(GetServletContext(), request, response
                                                            ))
            {
                return;
            }
            string format = request.GetParameter("format");
            ICollection <MetricsContext> allContexts = ContextFactory.GetFactory().GetAllContexts
                                                           ();

            if ("json".Equals(format))
            {
                response.SetContentType("application/json; charset=utf-8");
                PrintWriter @out = response.GetWriter();
                try
                {
                    // Uses Jetty's built-in JSON support to convert the map into JSON.
                    @out.Write(new JSON().ToJSON(MakeMap(allContexts)));
                }
                finally
                {
                    @out.Close();
                }
            }
            else
            {
                PrintWriter @out = response.GetWriter();
                try
                {
                    PrintMap(@out, MakeMap(allContexts));
                }
                finally
                {
                    @out.Close();
                }
            }
        }
Beispiel #20
0
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
        {
            UserGroupInformation ugi;
            ServletContext       context = GetServletContext();
            Configuration        conf    = NameNodeHttpServer.GetConfFromContext(context);

            try
            {
                ugi = GetUGI(req, conf);
            }
            catch (IOException ioe)
            {
                Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr
                             (), ioe);
                resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user"
                               );
                return;
            }
            NameNode nn          = NameNodeHttpServer.GetNameNodeFromContext(context);
            string   tokenString = req.GetParameter(Token);

            if (tokenString == null)
            {
                resp.SendError(HttpServletResponse.ScMultipleChoices, "Token to renew not specified"
                               );
            }
            Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
                                                                                       <DelegationTokenIdentifier>();
            token.DecodeFromUrlString(tokenString);
            try
            {
                ugi.DoAs(new _PrivilegedExceptionAction_70(nn, token));
            }
            catch (Exception e)
            {
                Log.Info("Exception while cancelling token. Re-throwing. ", e);
                resp.SendError(HttpServletResponse.ScInternalServerError, e.Message);
            }
        }
Beispiel #21
0
        private static IPEndPoint GetNNServiceAddress(ServletContext context, HttpServletRequest
                                                      request)
        {
            string     namenodeAddressInUrl = request.GetParameter(NamenodeAddress);
            IPEndPoint namenodeAddress      = null;

            if (namenodeAddressInUrl != null)
            {
                namenodeAddress = NetUtils.CreateSocketAddr(namenodeAddressInUrl);
            }
            else
            {
                if (context != null)
                {
                    namenodeAddress = NameNodeHttpServer.GetNameNodeAddressFromContext(context);
                }
            }
            if (namenodeAddress != null)
            {
                return(namenodeAddress);
            }
            return(null);
        }
Beispiel #22
0
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                      )
        {
            if (!HttpServer2.IsInstrumentationAccessAllowed(GetServletContext(), request, response
                                                            ))
            {
                return;
            }
            string format = request.GetParameter(FormatParam);

            if (null == format)
            {
                format = FormatXml;
            }
            if (FormatXml.Equals(format))
            {
                response.SetContentType("text/xml; charset=utf-8");
            }
            else
            {
                if (FormatJson.Equals(format))
                {
                    response.SetContentType("application/json; charset=utf-8");
                }
            }
            TextWriter @out = response.GetWriter();

            try
            {
                WriteResponse(GetConfFromContext(), @out, format);
            }
            catch (ConfServlet.BadFormatException bfe)
            {
                response.SendError(HttpServletResponse.ScBadRequest, bfe.Message);
            }
            @out.Close();
        }
Beispiel #23
0
        /// <summary>Build a map from the query string, setting values and defaults.</summary>
        protected internal virtual IDictionary <string, string> BuildRoot(HttpServletRequest
                                                                          request, XMLOutputter doc)
        {
            string path    = ServletUtil.GetDecodedPath(request, "/listPaths");
            string exclude = request.GetParameter("exclude") != null?request.GetParameter("exclude"
                                                                                          ) : string.Empty;

            string filter = request.GetParameter("filter") != null?request.GetParameter("filter"
                                                                                        ) : ".*";

            bool recur = request.GetParameter("recursive") != null && "yes".Equals(request.GetParameter
                                                                                       ("recursive"));
            IDictionary <string, string> root = new Dictionary <string, string>();

            root["path"]      = path;
            root["recursive"] = recur ? "yes" : "no";
            root["filter"]    = filter;
            root["exclude"]   = exclude;
            root["time"]      = df.Get().Format(new DateTime());
            root["version"]   = VersionInfo.GetVersion();
            return(root);
        }
Beispiel #24
0
        /// <summary>Apply configuratio changes after admin has approved them.</summary>
        /// <exception cref="Org.Apache.Hadoop.Conf.ReconfigurationException"/>
        private void ApplyChanges(PrintWriter @out, Reconfigurable reconf, HttpServletRequest
                                  req)
        {
            Configuration        oldConf = reconf.GetConf();
            Configuration        newConf = new Configuration();
            Enumeration <string> @params = GetParams(req);

            lock (oldConf)
            {
                while (@params.MoveNext())
                {
                    string rawParam = @params.Current;
                    string param    = StringEscapeUtils.UnescapeHtml(rawParam);
                    string value    = StringEscapeUtils.UnescapeHtml(req.GetParameter(rawParam));
                    if (value != null)
                    {
                        if (value.Equals(newConf.GetRaw(param)) || value.Equals("default") || value.Equals
                                ("null") || value.IsEmpty())
                        {
                            if ((value.Equals("default") || value.Equals("null") || value.IsEmpty()) && oldConf
                                .GetRaw(param) != null)
                            {
                                @out.WriteLine("<p>Changed \"" + StringEscapeUtils.EscapeHtml(param) + "\" from \""
                                               + StringEscapeUtils.EscapeHtml(oldConf.GetRaw(param)) + "\" to default</p>");
                                reconf.ReconfigureProperty(param, null);
                            }
                            else
                            {
                                if (!value.Equals("default") && !value.Equals("null") && !value.IsEmpty() && (oldConf
                                                                                                              .GetRaw(param) == null || !oldConf.GetRaw(param).Equals(value)))
                                {
                                    // change from default or value to different value
                                    if (oldConf.GetRaw(param) == null)
                                    {
                                        @out.WriteLine("<p>Changed \"" + StringEscapeUtils.EscapeHtml(param) + "\" from default to \""
                                                       + StringEscapeUtils.EscapeHtml(value) + "\"</p>");
                                    }
                                    else
                                    {
                                        @out.WriteLine("<p>Changed \"" + StringEscapeUtils.EscapeHtml(param) + "\" from \""
                                                       + StringEscapeUtils.EscapeHtml(oldConf.GetRaw(param)) + "\" to \"" + StringEscapeUtils
                                                       .EscapeHtml(value) + "\"</p>");
                                    }
                                    reconf.ReconfigureProperty(param, value);
                                }
                                else
                                {
                                    Log.Info("property " + param + " unchanged");
                                }
                            }
                        }
                        else
                        {
                            // parameter value != newConf value
                            @out.WriteLine("<p>\"" + StringEscapeUtils.EscapeHtml(param) + "\" not changed because value has changed from \""
                                           + StringEscapeUtils.EscapeHtml(value) + "\" to \"" + StringEscapeUtils.EscapeHtml
                                               (newConf.GetRaw(param)) + "\" since approval</p>");
                        }
                    }
                }
            }
        }
Beispiel #25
0
        /// <summary>Process a GET request for the specified resource.</summary>
        /// <param name="request">The servlet request we are processing</param>
        /// <param name="response">The servlet response we are creating</param>
        protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                      )
        {
            string      jsonpcb = null;
            PrintWriter writer  = null;

            try
            {
                if (!IsInstrumentationAccessAllowed(request, response))
                {
                    return;
                }
                JsonGenerator jg = null;
                try
                {
                    writer = response.GetWriter();
                    response.SetContentType("application/json; charset=utf8");
                    response.SetHeader(AccessControlAllowMethods, "GET");
                    response.SetHeader(AccessControlAllowOrigin, "*");
                    JsonFactory jsonFactory = new JsonFactory();
                    jg = jsonFactory.CreateJsonGenerator(writer);
                    jg.Disable(JsonGenerator.Feature.AutoCloseTarget);
                    jg.UseDefaultPrettyPrinter();
                    jg.WriteStartObject();
                    if (mBeanServer == null)
                    {
                        jg.WriteStringField("result", "ERROR");
                        jg.WriteStringField("message", "No MBeanServer could be found");
                        jg.Close();
                        Log.Error("No MBeanServer could be found.");
                        response.SetStatus(HttpServletResponse.ScNotFound);
                        return;
                    }
                    // query per mbean attribute
                    string getmethod = request.GetParameter("get");
                    if (getmethod != null)
                    {
                        string[] splitStrings = getmethod.Split("\\:\\:");
                        if (splitStrings.Length != 2)
                        {
                            jg.WriteStringField("result", "ERROR");
                            jg.WriteStringField("message", "query format is not as expected.");
                            jg.Close();
                            response.SetStatus(HttpServletResponse.ScBadRequest);
                            return;
                        }
                        ListBeans(jg, new ObjectName(splitStrings[0]), splitStrings[1], response);
                        jg.Close();
                        return;
                    }
                    // query per mbean
                    string qry = request.GetParameter("qry");
                    if (qry == null)
                    {
                        qry = "*:*";
                    }
                    ListBeans(jg, new ObjectName(qry), null, response);
                }
                finally
                {
                    if (jg != null)
                    {
                        jg.Close();
                    }
                    if (writer != null)
                    {
                        writer.Close();
                    }
                }
            }
            catch (IOException e)
            {
                Log.Error("Caught an exception while processing JMX request", e);
                response.SetStatus(HttpServletResponse.ScInternalServerError);
            }
            catch (MalformedObjectNameException e)
            {
                Log.Error("Caught an exception while processing JMX request", e);
                response.SetStatus(HttpServletResponse.ScBadRequest);
            }
            finally
            {
                if (writer != null)
                {
                    writer.Close();
                }
            }
        }
Beispiel #26
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Javax.Servlet.ServletException"/>
        public override void DoFilter(HttpServletRequest request, HttpServletResponse response
                                      , FilterChain chain)
        {
            response.SetCharacterEncoding("UTF-8");
            string uri = HtmlQuoting.QuoteHtmlChars(request.GetRequestURI());

            if (uri == null)
            {
                uri = "/";
            }
            RMWebApp rmWebApp = injector.GetInstance <RMWebApp>();

            rmWebApp.CheckIfStandbyRM();
            if (rmWebApp.IsStandby() && ShouldRedirect(rmWebApp, uri))
            {
                string redirectPath = rmWebApp.GetRedirectPath();
                if (redirectPath != null && !redirectPath.IsEmpty())
                {
                    redirectPath += uri;
                    string      redirectMsg = "This is standby RM. The redirect url is: " + redirectPath;
                    PrintWriter @out        = response.GetWriter();
                    @out.WriteLine(redirectMsg);
                    response.SetHeader("Location", redirectPath);
                    response.SetStatus(HttpServletResponse.ScTemporaryRedirect);
                    return;
                }
                else
                {
                    bool   doRetry          = true;
                    string retryIntervalStr = request.GetParameter(YarnWebParams.NextRefreshInterval);
                    int    retryInterval    = 0;
                    if (retryIntervalStr != null)
                    {
                        try
                        {
                            retryInterval = System.Convert.ToInt32(retryIntervalStr.Trim());
                        }
                        catch (FormatException)
                        {
                            doRetry = false;
                        }
                    }
                    int    next        = CalculateExponentialTime(retryInterval);
                    string redirectUrl = AppendOrReplaceParamter(path + uri, YarnWebParams.NextRefreshInterval
                                                                 + "=" + (retryInterval + 1));
                    if (redirectUrl == null || next > MaxSleepTime)
                    {
                        doRetry = false;
                    }
                    string redirectMsg = doRetry ? "Can not find any active RM. Will retry in next "
                                         + next + " seconds." : "There is no active RM right now.";
                    redirectMsg += "\nHA Zookeeper Connection State: " + rmWebApp.GetHAZookeeperConnectionState
                                       ();
                    PrintWriter @out = response.GetWriter();
                    @out.WriteLine(redirectMsg);
                    if (doRetry)
                    {
                        response.SetHeader("Refresh", next + ";url=" + redirectUrl);
                        response.SetStatus(HttpServletResponse.ScTemporaryRedirect);
                    }
                }
                return;
            }
            base.DoFilter(request, response, chain);
        }
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
        {
            try
            {
                string   userApprovedParamS = req.GetParameter(ProxyUriUtils.ProxyApprovalParam);
                bool     userWasWarned      = false;
                bool     userApproved       = Sharpen.Extensions.ValueOf(userApprovedParamS);
                bool     securityEnabled    = IsSecurityEnabled();
                string   remoteUser         = req.GetRemoteUser();
                string   pathInfo           = req.GetPathInfo();
                string[] parts = pathInfo.Split("/", 3);
                if (parts.Length < 2)
                {
                    Log.Warn("{} gave an invalid proxy path {}", remoteUser, pathInfo);
                    NotFound(resp, "Your path appears to be formatted incorrectly.");
                    return;
                }
                //parts[0] is empty because path info always starts with a /
                string        appId = parts[1];
                string        rest  = parts.Length > 2 ? parts[2] : string.Empty;
                ApplicationId id    = Apps.ToAppID(appId);
                if (id == null)
                {
                    Log.Warn("{} attempting to access {} that is invalid", remoteUser, appId);
                    NotFound(resp, appId + " appears to be formatted incorrectly.");
                    return;
                }
                if (securityEnabled)
                {
                    string   cookieName = GetCheckCookieName(id);
                    Cookie[] cookies    = req.GetCookies();
                    if (cookies != null)
                    {
                        foreach (Cookie c in cookies)
                        {
                            if (cookieName.Equals(c.GetName()))
                            {
                                userWasWarned = true;
                                userApproved  = userApproved || Sharpen.Extensions.ValueOf(c.GetValue());
                                break;
                            }
                        }
                    }
                }
                bool checkUser = securityEnabled && (!userWasWarned || !userApproved);
                AppReportFetcher.FetchedAppReport fetchedAppReport = null;
                ApplicationReport applicationReport = null;
                try
                {
                    fetchedAppReport = GetApplicationReport(id);
                    if (fetchedAppReport != null)
                    {
                        if (fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Rm &&
                            fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Ahs)
                        {
                            throw new NotSupportedException("Application report not " + "fetched from RM or history server."
                                                            );
                        }
                        applicationReport = fetchedAppReport.GetApplicationReport();
                    }
                }
                catch (ApplicationNotFoundException)
                {
                    applicationReport = null;
                }
                if (applicationReport == null)
                {
                    Log.Warn("{} attempting to access {} that was not found", remoteUser, id);
                    URI toFetch = ProxyUriUtils.GetUriFromTrackingPlugins(id, this.trackingUriPlugins
                                                                          );
                    if (toFetch != null)
                    {
                        ProxyUtils.SendRedirect(req, resp, toFetch.ToString());
                        return;
                    }
                    NotFound(resp, "Application " + appId + " could not be found " + "in RM or history server"
                             );
                    return;
                }
                string original = applicationReport.GetOriginalTrackingUrl();
                URI    trackingUri;
                if (original == null || original.Equals("N/A") || original.Equals(string.Empty))
                {
                    if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Rm)
                    {
                        // fallback to ResourceManager's app page if no tracking URI provided
                        // and Application Report was fetched from RM
                        Log.Debug("Original tracking url is '{}'. Redirecting to RM app page", original ==
                                  null ? "NULL" : original);
                        ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(rmAppPageUrlBase, id.ToString
                                                                                  ()));
                    }
                    else
                    {
                        if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Ahs)
                        {
                            // fallback to Application History Server app page if the application
                            // report was fetched from AHS
                            Log.Debug("Original tracking url is '{}'. Redirecting to AHS app page", original
                                      == null ? "NULL" : original);
                            ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(ahsAppPageUrlBase, id.ToString
                                                                                      ()));
                        }
                    }
                    return;
                }
                else
                {
                    if (ProxyUriUtils.GetSchemeFromUrl(original).IsEmpty())
                    {
                        trackingUri = ProxyUriUtils.GetUriFromAMUrl(WebAppUtils.GetHttpSchemePrefix(conf)
                                                                    , original);
                    }
                    else
                    {
                        trackingUri = new URI(original);
                    }
                }
                string runningUser = applicationReport.GetUser();
                if (checkUser && !runningUser.Equals(remoteUser))
                {
                    Log.Info("Asking {} if they want to connect to the " + "app master GUI of {} owned by {}"
                             , remoteUser, appId, runningUser);
                    WarnUserPage(resp, ProxyUriUtils.GetPathAndQuery(id, rest, req.GetQueryString(),
                                                                     true), runningUser, id);
                    return;
                }
                // Append the user-provided path and query parameter to the original
                // tracking url.
                IList <NameValuePair> queryPairs = URLEncodedUtils.Parse(req.GetQueryString(), null
                                                                         );
                UriBuilder builder = UriBuilder.FromUri(trackingUri);
                foreach (NameValuePair pair in queryPairs)
                {
                    builder.QueryParam(pair.GetName(), pair.GetValue());
                }
                URI toFetch_1 = builder.Path(rest).Build();
                Log.Info("{} is accessing unchecked {}" + " which is the app master GUI of {} owned by {}"
                         , remoteUser, toFetch_1, appId, runningUser);
                switch (applicationReport.GetYarnApplicationState())
                {
                case YarnApplicationState.Killed:
                case YarnApplicationState.Finished:
                case YarnApplicationState.Failed:
                {
                    ProxyUtils.SendRedirect(req, resp, toFetch_1.ToString());
                    return;
                }

                default:
                {
                    break;
                }
                }
                // fall out of the switch
                Cookie c_1 = null;
                if (userWasWarned && userApproved)
                {
                    c_1 = MakeCheckCookie(id, true);
                }
                ProxyLink(req, resp, toFetch_1, c_1, GetProxyHost());
            }
            catch (Exception e)
            {
                throw new IOException(e);
            }
        }
Beispiel #28
-2
        /// <exception cref="System.Exception"/>
        private void Test(string method, string operation, string contentType, bool upload
                          , bool error)
        {
            HttpServletRequest  request  = Org.Mockito.Mockito.Mock <HttpServletRequest>();
            HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();

            Org.Mockito.Mockito.Reset(request);
            Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(method);
            Org.Mockito.Mockito.When(request.GetParameter(HttpFSFileSystem.OpParam)).ThenReturn
                (operation);
            Org.Mockito.Mockito.When(request.GetParameter(HttpFSParametersProvider.DataParam.
                                                          Name)).ThenReturn(bool.ToString(upload));
            Org.Mockito.Mockito.When(request.GetContentType()).ThenReturn(contentType);
            FilterChain chain  = Org.Mockito.Mockito.Mock <FilterChain>();
            Filter      filter = new CheckUploadContentTypeFilter();

            filter.DoFilter(request, response, chain);
            if (error)
            {
                Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse
                                                                                      .ScBadRequest), Org.Mockito.Mockito.Contains("Data upload"));
            }
            else
            {
                Org.Mockito.Mockito.Verify(chain).DoFilter(request, response);
            }
        }