/// <summary>Set headers for content length, and, if available, md5.</summary>
/// <exception cref="System.IO.IOException"></exception>
public static void SetVerificationHeadersForGet(HttpServletResponse response, FilePath
file)
{
response.SetHeader(TransferFsImage.ContentLength, file.Length().ToString());
MD5Hash hash = MD5FileUtils.ReadStoredMd5ForFile(file);
if (hash != null)
{
response.SetHeader(TransferFsImage.Md5Header, hash.ToString());
}
}
private void DoCrossFilter(HttpServletRequest req, HttpServletResponse res)
{
string originsList = EncodeHeader(req.GetHeader(Origin));
if (!IsCrossOrigin(originsList))
{
if (Log.IsDebugEnabled())
{
Log.Debug("Header origin is null. Returning");
}
return;
}
if (!AreOriginsAllowed(originsList))
{
if (Log.IsDebugEnabled())
{
Log.Debug("Header origins '" + originsList + "' not allowed. Returning");
}
return;
}
string accessControlRequestMethod = req.GetHeader(AccessControlRequestMethod);
if (!IsMethodAllowed(accessControlRequestMethod))
{
if (Log.IsDebugEnabled())
{
Log.Debug("Access control method '" + accessControlRequestMethod + "' not allowed. Returning"
);
}
return;
}
string accessControlRequestHeaders = req.GetHeader(AccessControlRequestHeaders);
if (!AreHeadersAllowed(accessControlRequestHeaders))
{
if (Log.IsDebugEnabled())
{
Log.Debug("Access control headers '" + accessControlRequestHeaders + "' not allowed. Returning"
);
}
return;
}
if (Log.IsDebugEnabled())
{
Log.Debug("Completed cross origin filter checks. Populating " + "HttpServletResponse"
);
}
res.SetHeader(AccessControlAllowOrigin, originsList);
res.SetHeader(AccessControlAllowCredentials, true.ToString());
res.SetHeader(AccessControlAllowMethods, GetAllowedMethodsHeader());
res.SetHeader(AccessControlAllowHeaders, GetAllowedHeadersHeader());
res.SetHeader(AccessControlMaxAge, maxAge);
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
{
resp.SetStatus(HttpServletResponse.ScOk);
resp.GetWriter().Write("ping");
if (req.GetHeader(DelegationTokenAuthenticator.DelegationTokenHeader) != null)
{
resp.SetHeader("UsingHeader", "true");
}
if (req.GetQueryString() != null && req.GetQueryString().Contains(DelegationTokenAuthenticator
.DelegationParam + "="))
{
resp.SetHeader("UsingQueryString", "true");
}
}
/// <summary>Authenticates an HTTP client request.</summary>
/// <remarks>
/// Authenticates an HTTP client request.
/// <p>
/// It extracts the
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.PseudoAuthenticator.UserName
/// "/>
/// parameter from the query string and creates
/// an
/// <see cref="AuthenticationToken"/>
/// with it.
/// <p>
/// If the HTTP client request does not contain the
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.PseudoAuthenticator.UserName
/// "/>
/// parameter and
/// the handler is configured to allow anonymous users it returns the
/// <see cref="AuthenticationToken.Anonymous"/>
/// token.
/// <p>
/// If the HTTP client request does not contain the
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.PseudoAuthenticator.UserName
/// "/>
/// parameter and
/// the handler is configured to disallow anonymous users it throws an
/// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
/// .
/// </remarks>
/// <param name="request">the HTTP client request.</param>
/// <param name="response">the HTTP client response.</param>
/// <returns>an authentication token if the HTTP client request is accepted and credentials are valid.
/// </returns>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">thrown if HTTP client request was not accepted as an authentication request.</exception>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
AuthenticationToken token;
string userName = GetUserName(request);
if (userName == null)
{
if (GetAcceptAnonymous())
{
token = AuthenticationToken.Anonymous;
}
else
{
response.SetStatus(HttpServletResponse.ScForbidden);
response.SetHeader(WwwAuthenticate, PseudoAuth);
token = null;
}
}
else
{
token = new AuthenticationToken(userName, userName, GetType());
}
return(token);
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
response.SetStatus(HttpServletResponse.ScUnauthorized);
response.SetHeader(KerberosAuthenticator.WwwAuthenticate, "mock");
return(null);
}
/// <summary>Send a partial content response with the given range.</summary>
/// <remarks>
/// Send a partial content response with the given range. If there are
/// no satisfiable ranges, or if multiple ranges are requested, which
/// is unsupported, respond with range not satisfiable.
/// </remarks>
/// <param name="in">stream to read from</param>
/// <param name="out">stream to write to</param>
/// <param name="response">http response to use</param>
/// <param name="contentLength">for the response header</param>
/// <param name="ranges">to write to respond with</param>
/// <exception cref="System.IO.IOException">on error sending the response</exception>
internal static void SendPartialData(FSDataInputStream @in, OutputStream @out, HttpServletResponse
response, long contentLength, IList <InclusiveByteRange> ranges)
{
if (ranges == null || ranges.Count != 1)
{
response.SetContentLength(0);
response.SetStatus(HttpServletResponse.ScRequestedRangeNotSatisfiable);
response.SetHeader("Content-Range", InclusiveByteRange.To416HeaderRangeString(contentLength
));
}
else
{
InclusiveByteRange singleSatisfiableRange = ranges[0];
long singleLength = singleSatisfiableRange.GetSize(contentLength);
response.SetStatus(HttpServletResponse.ScPartialContent);
response.SetHeader("Content-Range", singleSatisfiableRange.ToHeaderRangeString(contentLength
));
CopyFromOffset(@in, @out, singleSatisfiableRange.GetFirst(contentLength), singleLength
);
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Javax.Servlet.ServletException"/>
public virtual void DoFilter(ServletRequest req, ServletResponse res, FilterChain
chain)
{
HttpServletResponse httpRes = (HttpServletResponse)res;
httpRes.SetHeader("Cache-Control", "no-cache");
long now = Runtime.CurrentTimeMillis();
httpRes.AddDateHeader("Expires", now);
httpRes.AddDateHeader("Date", now);
httpRes.AddHeader("Pragma", "no-cache");
chain.DoFilter(req, res);
}
public static void RedirectToErrorPage(HttpServletResponse res, Exception e, string
path, bool devMode)
{
string st = devMode ? ErrorPage.ToStackTrace(e, 1024 * 3) : "See logs for stack trace";
// spec: min 4KB
res.SetStatus(res.ScFound);
Cookie cookie = new Cookie(StatusCookie, 500.ToString());
cookie.SetPath(path);
res.AddCookie(cookie);
cookie = new Cookie(ErrorCookie, st);
cookie.SetPath(path);
res.AddCookie(cookie);
res.SetHeader("Location", path);
}
/// <summary>
/// It enforces the the Kerberos SPNEGO authentication sequence returning an
/// <see cref="AuthenticationToken"/>
/// only
/// after the Kerberos SPNEGO sequence has completed successfully.
/// </summary>
/// <param name="request">the HTTP client request.</param>
/// <param name="response">the HTTP client response.</param>
/// <returns>
/// an authentication token if the Kerberos SPNEGO sequence is complete and valid,
/// <code>null</code> if it is in progress (in this case the handler handles the response to the client).
/// </returns>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">thrown if Kerberos SPNEGO sequence failed.</exception>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
AuthenticationToken token = null;
string authorization = request.GetHeader(KerberosAuthenticator.Authorization);
if (authorization == null || !authorization.StartsWith(KerberosAuthenticator.Negotiate
))
{
response.SetHeader(WwwAuthenticate, KerberosAuthenticator.Negotiate);
response.SetStatus(HttpServletResponse.ScUnauthorized);
if (authorization == null)
{
Log.Trace("SPNEGO starting");
}
else
{
Log.Warn("'" + KerberosAuthenticator.Authorization + "' does not start with '" +
KerberosAuthenticator.Negotiate + "' : {}", authorization);
}
}
else
{
authorization = Runtime.Substring(authorization, KerberosAuthenticator.Negotiate
.Length).Trim();
Base64 base64 = new Base64(0);
byte[] clientToken = base64.Decode(authorization);
string serverName = request.GetServerName();
try
{
token = Subject.DoAs(serverSubject, new _PrivilegedExceptionAction_347(this, serverName
, clientToken, base64, response));
}
catch (PrivilegedActionException ex)
{
if (ex.GetException() is IOException)
{
throw (IOException)ex.GetException();
}
else
{
throw new AuthenticationException(ex.GetException());
}
}
}
return(token);
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
response)
{
AuthenticationToken token = null;
if (request.GetParameter("authenticated") != null)
{
token = new AuthenticationToken(request.GetParameter("authenticated"), "U", "test"
);
}
else
{
response.SetStatus(HttpServletResponse.ScUnauthorized);
response.SetHeader(KerberosAuthenticator.WwwAuthenticate, "dummy");
}
return(token);
}
/// <summary>
/// Handle redirects with a status code that can in future support verbs other
/// than GET, thus supporting full REST functionality.
/// </summary>
/// <remarks>
/// Handle redirects with a status code that can in future support verbs other
/// than GET, thus supporting full REST functionality.
/// <p>
/// The target URL is included in the redirect text returned
/// <p>
/// At the end of this method, the output stream is closed.
/// </remarks>
/// <param name="request">
/// request (hence: the verb and any other information
/// relevant to a redirect)
/// </param>
/// <param name="response">the response</param>
/// <param name="target">the target URL -unencoded</param>
/// <exception cref="System.IO.IOException"/>
public static void SendRedirect(HttpServletRequest request, HttpServletResponse response
, string target)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Redirecting {} {} to {}", request.GetMethod(), request.GetRequestURI()
, target);
}
string location = response.EncodeRedirectURL(target);
response.SetStatus(HttpServletResponse.ScFound);
response.SetHeader(Location, location);
response.SetContentType(MimeType.Html);
PrintWriter writer = response.GetWriter();
ProxyUtils.Page p = new ProxyUtils.Page(writer);
p.Html().Head().Title("Moved").().Body().H1("Moved").Div().("Content has moved ")
.A(location, "here").().().();
writer.Close();
}
protected override void DoOptions(HttpServletRequest req, HttpServletResponse res
)
{
// for simplicity
res.SetHeader("Allow", "GET, POST");
}
/// <summary>Process a GET request for the specified resource.</summary>
/// <param name="request">The servlet request we are processing</param>
/// <param name="response">The servlet response we are creating</param>
protected override void DoGet(HttpServletRequest request, HttpServletResponse response
)
{
string jsonpcb = null;
PrintWriter writer = null;
try
{
if (!IsInstrumentationAccessAllowed(request, response))
{
return;
}
JsonGenerator jg = null;
try
{
writer = response.GetWriter();
response.SetContentType("application/json; charset=utf8");
response.SetHeader(AccessControlAllowMethods, "GET");
response.SetHeader(AccessControlAllowOrigin, "*");
JsonFactory jsonFactory = new JsonFactory();
jg = jsonFactory.CreateJsonGenerator(writer);
jg.Disable(JsonGenerator.Feature.AutoCloseTarget);
jg.UseDefaultPrettyPrinter();
jg.WriteStartObject();
if (mBeanServer == null)
{
jg.WriteStringField("result", "ERROR");
jg.WriteStringField("message", "No MBeanServer could be found");
jg.Close();
Log.Error("No MBeanServer could be found.");
response.SetStatus(HttpServletResponse.ScNotFound);
return;
}
// query per mbean attribute
string getmethod = request.GetParameter("get");
if (getmethod != null)
{
string[] splitStrings = getmethod.Split("\\:\\:");
if (splitStrings.Length != 2)
{
jg.WriteStringField("result", "ERROR");
jg.WriteStringField("message", "query format is not as expected.");
jg.Close();
response.SetStatus(HttpServletResponse.ScBadRequest);
return;
}
ListBeans(jg, new ObjectName(splitStrings[0]), splitStrings[1], response);
jg.Close();
return;
}
// query per mbean
string qry = request.GetParameter("qry");
if (qry == null)
{
qry = "*:*";
}
ListBeans(jg, new ObjectName(qry), null, response);
}
finally
{
if (jg != null)
{
jg.Close();
}
if (writer != null)
{
writer.Close();
}
}
}
catch (IOException e)
{
Log.Error("Caught an exception while processing JMX request", e);
response.SetStatus(HttpServletResponse.ScInternalServerError);
}
catch (MalformedObjectNameException e)
{
Log.Error("Caught an exception while processing JMX request", e);
response.SetStatus(HttpServletResponse.ScBadRequest);
}
finally
{
if (writer != null)
{
writer.Close();
}
}
}
public static void SetFileNameHeaders(HttpServletResponse response, FilePath file
)
{
response.SetHeader(ContentDisposition, "attachment; filename=" + file.GetName());
response.SetHeader(HadoopImageEditsHeader, file.GetName());
}
/// <summary>Download link and have it be the response.</summary>
/// <param name="req">the http request</param>
/// <param name="resp">the http response</param>
/// <param name="link">the link to download</param>
/// <param name="c">the cookie to set if any</param>
/// <exception cref="System.IO.IOException">on any error.</exception>
private static void ProxyLink(HttpServletRequest req, HttpServletResponse resp, URI
link, Cookie c, string proxyHost)
{
DefaultHttpClient client = new DefaultHttpClient();
client.GetParams().SetParameter(ClientPNames.CookiePolicy, CookiePolicy.BrowserCompatibility
).SetBooleanParameter(ClientPNames.AllowCircularRedirects, true);
// Make sure we send the request from the proxy address in the config
// since that is what the AM filter checks against. IP aliasing or
// similar could cause issues otherwise.
IPAddress localAddress = Sharpen.Extensions.GetAddressByName(proxyHost);
if (Log.IsDebugEnabled())
{
Log.Debug("local InetAddress for proxy host: {}", localAddress);
}
client.GetParams().SetParameter(ConnRoutePNames.LocalAddress, localAddress);
HttpGet httpGet = new HttpGet(link);
Enumeration <string> names = req.GetHeaderNames();
while (names.MoveNext())
{
string name = names.Current;
if (passThroughHeaders.Contains(name))
{
string value = req.GetHeader(name);
if (Log.IsDebugEnabled())
{
Log.Debug("REQ HEADER: {} : {}", name, value);
}
httpGet.SetHeader(name, value);
}
}
string user = req.GetRemoteUser();
if (user != null && !user.IsEmpty())
{
httpGet.SetHeader("Cookie", ProxyUserCookieName + "=" + URLEncoder.Encode(user, "ASCII"
));
}
OutputStream @out = resp.GetOutputStream();
try
{
HttpResponse httpResp = client.Execute(httpGet);
resp.SetStatus(httpResp.GetStatusLine().GetStatusCode());
foreach (Header header in httpResp.GetAllHeaders())
{
resp.SetHeader(header.GetName(), header.GetValue());
}
if (c != null)
{
resp.AddCookie(c);
}
InputStream @in = httpResp.GetEntity().GetContent();
if (@in != null)
{
IOUtils.CopyBytes(@in, @out, 4096, true);
}
}
finally
{
httpGet.ReleaseConnection();
}
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest request, HttpServletResponse response
)
{
string path = ServletUtil.GetDecodedPath(request, "/streamFile");
string rawPath = ServletUtil.GetRawPath(request, "/streamFile");
string filename = JspHelper.ValidatePath(path);
string rawFilename = JspHelper.ValidatePath(rawPath);
if (filename == null)
{
response.SetContentType("text/plain");
PrintWriter @out = response.GetWriter();
@out.Write("Invalid input");
return;
}
Enumeration <string> reqRanges = request.GetHeaders("Range");
if (reqRanges != null && !reqRanges.MoveNext())
{
reqRanges = null;
}
DFSClient dfs;
try
{
dfs = GetDFSClient(request);
}
catch (Exception e)
{
response.SendError(400, e.Message);
return;
}
HdfsDataInputStream @in = null;
OutputStream out_1 = null;
try
{
@in = dfs.CreateWrappedInputStream(dfs.Open(filename));
out_1 = response.GetOutputStream();
long fileLen = @in.GetVisibleLength();
if (reqRanges != null)
{
IList <InclusiveByteRange> ranges = InclusiveByteRange.SatisfiableRanges(reqRanges
, fileLen);
StreamFile.SendPartialData(@in, out_1, response, fileLen, ranges);
}
else
{
// No ranges, so send entire file
response.SetHeader("Content-Disposition", "attachment; filename=\"" + rawFilename
+ "\"");
response.SetContentType("application/octet-stream");
response.SetHeader(ContentLength, string.Empty + fileLen);
StreamFile.CopyFromOffset(@in, out_1, 0L, fileLen);
}
@in.Close();
@in = null;
out_1.Close();
out_1 = null;
dfs.Close();
dfs = null;
}
catch (IOException ioe)
{
if (Log.IsDebugEnabled())
{
Log.Debug("response.isCommitted()=" + response.IsCommitted(), ioe);
}
throw;
}
finally
{
IOUtils.Cleanup(Log, @in);
IOUtils.Cleanup(Log, out_1);
IOUtils.Cleanup(Log, dfs);
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Javax.Servlet.ServletException"/>
public override void DoFilter(HttpServletRequest request, HttpServletResponse response
, FilterChain chain)
{
response.SetCharacterEncoding("UTF-8");
string uri = HtmlQuoting.QuoteHtmlChars(request.GetRequestURI());
if (uri == null)
{
uri = "/";
}
RMWebApp rmWebApp = injector.GetInstance <RMWebApp>();
rmWebApp.CheckIfStandbyRM();
if (rmWebApp.IsStandby() && ShouldRedirect(rmWebApp, uri))
{
string redirectPath = rmWebApp.GetRedirectPath();
if (redirectPath != null && !redirectPath.IsEmpty())
{
redirectPath += uri;
string redirectMsg = "This is standby RM. The redirect url is: " + redirectPath;
PrintWriter @out = response.GetWriter();
@out.WriteLine(redirectMsg);
response.SetHeader("Location", redirectPath);
response.SetStatus(HttpServletResponse.ScTemporaryRedirect);
return;
}
else
{
bool doRetry = true;
string retryIntervalStr = request.GetParameter(YarnWebParams.NextRefreshInterval);
int retryInterval = 0;
if (retryIntervalStr != null)
{
try
{
retryInterval = System.Convert.ToInt32(retryIntervalStr.Trim());
}
catch (FormatException)
{
doRetry = false;
}
}
int next = CalculateExponentialTime(retryInterval);
string redirectUrl = AppendOrReplaceParamter(path + uri, YarnWebParams.NextRefreshInterval
+ "=" + (retryInterval + 1));
if (redirectUrl == null || next > MaxSleepTime)
{
doRetry = false;
}
string redirectMsg = doRetry ? "Can not find any active RM. Will retry in next "
+ next + " seconds." : "There is no active RM right now.";
redirectMsg += "\nHA Zookeeper Connection State: " + rmWebApp.GetHAZookeeperConnectionState
();
PrintWriter @out = response.GetWriter();
@out.WriteLine(redirectMsg);
if (doRetry)
{
response.SetHeader("Refresh", next + ";url=" + redirectUrl);
response.SetStatus(HttpServletResponse.ScTemporaryRedirect);
}
}
return;
}
base.DoFilter(request, response, chain);
}