Ejemplo n.º 1
0
        public virtual Response RolloverKey(string name, IDictionary jsonMaterial)
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();

            AssertAccess(KMSACLs.Type.Rollover, user, KMS.KMSOp.RollNewVersion, name);
            KMSClientProvider.CheckNotEmpty(name, "name");
            string material = (string)jsonMaterial[KMSRESTConstants.MaterialField];

            if (material != null)
            {
                AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.RollNewVersion, name);
            }
            KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_200(
                                                              this, material, name));
            kmsAudit.Ok(user, KMS.KMSOp.RollNewVersion, name, "UserProvidedMaterial:" + (material
                                                                                         != null) + " NewVersion:" + keyVersion.GetVersionName());
            if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user))
            {
                keyVersion = RemoveKeyMaterial(keyVersion);
            }
            IDictionary json = KMSServerJSONUtils.ToJSON(keyVersion);

            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build());
        }
Ejemplo n.º 2
0
        public virtual Response DecryptEncryptedKey(string versionName, string eekOp, IDictionary
                                                    jsonPayload)
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();

            KMSClientProvider.CheckNotEmpty(versionName, "versionName");
            KMSClientProvider.CheckNotNull(eekOp, "eekOp");
            string keyName        = (string)jsonPayload[KMSRESTConstants.NameField];
            string ivStr          = (string)jsonPayload[KMSRESTConstants.IvField];
            string encMaterialStr = (string)jsonPayload[KMSRESTConstants.MaterialField];
            object retJSON;

            if (eekOp.Equals(KMSRESTConstants.EekDecrypt))
            {
                AssertAccess(KMSACLs.Type.DecryptEek, user, KMS.KMSOp.DecryptEek, keyName);
                KMSClientProvider.CheckNotNull(ivStr, KMSRESTConstants.IvField);
                byte[] iv = Base64.DecodeBase64(ivStr);
                KMSClientProvider.CheckNotNull(encMaterialStr, KMSRESTConstants.MaterialField);
                byte[] encMaterial = Base64.DecodeBase64(encMaterialStr);
                KeyProvider.KeyVersion retKeyVersion = user.DoAs(new _PrivilegedExceptionAction_433
                                                                     (this, keyName, versionName, iv, encMaterial));
                retJSON = KMSServerJSONUtils.ToJSON(retKeyVersion);
                kmsAudit.Ok(user, KMS.KMSOp.DecryptEek, keyName, string.Empty);
            }
            else
            {
                throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be "
                                            + KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt);
            }
            KMSWebApp.GetDecryptEEKCallsMeter().Mark();
            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build());
        }
Ejemplo n.º 3
0
        public virtual Response Delete(string path, HttpFSParametersProvider.OperationParam
                                       op, Parameters @params, HttpServletRequest request)
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();
            Response             response;

            path = MakeAbsolute(path);
            MDC.Put(HttpFSFileSystem.OpParam, op.Value().ToString());
            MDC.Put("hostname", request.GetRemoteAddr());
            switch (op.Value())
            {
            case HttpFSFileSystem.Operation.Delete:
            {
                bool recursive = @params.Get <HttpFSParametersProvider.RecursiveParam>(HttpFSParametersProvider.RecursiveParam
                                                                                       .Name);
                AuditLog.Info("[{}] recursive [{}]", path, recursive);
                FSOperations.FSDelete command = new FSOperations.FSDelete(path, recursive);
                JSONObject            json    = FsExecute(user, command);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            default:
            {
                throw new IOException(MessageFormat.Format("Invalid HTTP DELETE operation [{0}]",
                                                           op.Value()));
            }
            }
            return(response);
        }
Ejemplo n.º 4
0
        public virtual Response GetKeyNames()
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();

            AssertAccess(KMSACLs.Type.GetKeys, user, KMS.KMSOp.GetKeys);
            IList <string> json = user.DoAs(new _PrivilegedExceptionAction_256(this));

            kmsAudit.Ok(user, KMS.KMSOp.GetKeys, string.Empty);
            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build());
        }
Ejemplo n.º 5
0
        public virtual Response DeleteKey(string name)
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();

            AssertAccess(KMSACLs.Type.Delete, user, KMS.KMSOp.DeleteKey, name);
            KMSClientProvider.CheckNotEmpty(name, "name");
            user.DoAs(new _PrivilegedExceptionAction_168(this, name));
            kmsAudit.Ok(user, KMS.KMSOp.DeleteKey, name, string.Empty);
            return(Response.Ok().Build());
        }
Ejemplo n.º 6
0
        public virtual Response CreateKey(IDictionary jsonKey)
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();
            string name = (string)jsonKey[KMSRESTConstants.NameField];

            KMSClientProvider.CheckNotEmpty(name, KMSRESTConstants.NameField);
            AssertAccess(KMSACLs.Type.Create, user, KMS.KMSOp.CreateKey, name);
            string cipher   = (string)jsonKey[KMSRESTConstants.CipherField];
            string material = (string)jsonKey[KMSRESTConstants.MaterialField];
            int    length   = (jsonKey.Contains(KMSRESTConstants.LengthField)) ? (int)jsonKey[KMSRESTConstants
                                                                                              .LengthField] : 0;
            string description = (string)jsonKey[KMSRESTConstants.DescriptionField];
            IDictionary <string, string> attributes = (IDictionary <string, string>)jsonKey[KMSRESTConstants
                                                                                            .AttributesField];

            if (material != null)
            {
                AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.CreateKey, name);
            }
            KeyProvider.Options options = new KeyProvider.Options(KMSWebApp.GetConfiguration(
                                                                      ));
            if (cipher != null)
            {
                options.SetCipher(cipher);
            }
            if (length != 0)
            {
                options.SetBitLength(length);
            }
            options.SetDescription(description);
            options.SetAttributes(attributes);
            KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_132(
                                                              this, material, name, options));
            kmsAudit.Ok(user, KMS.KMSOp.CreateKey, name, "UserProvidedMaterial:" + (material
                                                                                    != null) + " Description:" + description);
            if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user))
            {
                keyVersion = RemoveKeyMaterial(keyVersion);
            }
            IDictionary json       = KMSServerJSONUtils.ToJSON(keyVersion);
            string      requestURL = KMSMDCFilter.GetURL();
            int         idx        = requestURL.LastIndexOf(KMSRESTConstants.KeysResource);

            requestURL = Runtime.Substring(requestURL, 0, idx);
            string keyURL = requestURL + KMSRESTConstants.KeyResource + "/" + name;

            return(Response.Created(GetKeyURI(name)).Type(MediaType.ApplicationJson).Header("Location"
                                                                                            , keyURL).Entity(json).Build());
        }
Ejemplo n.º 7
0
        public virtual Response GetKeyVersions(string name)
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();

            KMSClientProvider.CheckNotEmpty(name, "name");
            KMSWebApp.GetKeyCallsMeter().Mark();
            AssertAccess(KMSACLs.Type.Get, user, KMS.KMSOp.GetKeyVersions, name);
            IList <KeyProvider.KeyVersion> ret = user.DoAs(new _PrivilegedExceptionAction_469(
                                                               this, name));
            object json = KMSServerJSONUtils.ToJSON(ret);

            kmsAudit.Ok(user, KMS.KMSOp.GetKeyVersions, name, string.Empty);
            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build());
        }
Ejemplo n.º 8
0
        public virtual Response GetKeysMetadata(IList <string> keyNamesList)
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();

            string[] keyNames = Collections.ToArray(keyNamesList, new string[keyNamesList
                                                                             .Count]);
            AssertAccess(KMSACLs.Type.GetMetadata, user, KMS.KMSOp.GetKeysMetadata);
            KeyProvider.Metadata[] keysMeta = user.DoAs(new _PrivilegedExceptionAction_234(this
                                                                                           , keyNames));
            object json = KMSServerJSONUtils.ToJSON(keyNames, keysMeta);

            kmsAudit.Ok(user, KMS.KMSOp.GetKeysMetadata, string.Empty);
            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build());
        }
Ejemplo n.º 9
0
        public virtual Response GetKeyVersion(string versionName)
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();

            KMSClientProvider.CheckNotEmpty(versionName, "versionName");
            KMSWebApp.GetKeyCallsMeter().Mark();
            AssertAccess(KMSACLs.Type.Get, user, KMS.KMSOp.GetKeyVersion);
            KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_336(
                                                              this, versionName));
            if (keyVersion != null)
            {
                kmsAudit.Ok(user, KMS.KMSOp.GetKeyVersion, keyVersion.GetName(), string.Empty);
            }
            object json = KMSServerJSONUtils.ToJSON(keyVersion);

            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build());
        }
Ejemplo n.º 10
0
 /// <exception cref="System.IO.IOException"/>
 /// <exception cref="Javax.Servlet.ServletException"/>
 public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain
                              chain)
 {
     try
     {
         DataTl.Remove();
         UserGroupInformation ugi  = HttpUserGroupInformation.Get();
         string        method      = ((HttpServletRequest)request).GetMethod();
         StringBuilder requestURL  = ((HttpServletRequest)request).GetRequestURL();
         string        queryString = ((HttpServletRequest)request).GetQueryString();
         if (queryString != null)
         {
             requestURL.Append("?").Append(queryString);
         }
         DataTl.Set(new KMSMDCFilter.Data(ugi, method, requestURL));
         chain.DoFilter(request, response);
     }
     finally
     {
         DataTl.Remove();
     }
 }
Ejemplo n.º 11
0
        public virtual Response GenerateEncryptedKeys(string name, string edekOp, int numKeys
                                                      )
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();

            KMSClientProvider.CheckNotEmpty(name, "name");
            KMSClientProvider.CheckNotNull(edekOp, "eekOp");
            object retJSON;

            if (edekOp.Equals(KMSRESTConstants.EekGenerate))
            {
                AssertAccess(KMSACLs.Type.GenerateEek, user, KMS.KMSOp.GenerateEek, name);
                IList <KeyProviderCryptoExtension.EncryptedKeyVersion> retEdeks = new List <KeyProviderCryptoExtension.EncryptedKeyVersion
                                                                                            >();
                try
                {
                    user.DoAs(new _PrivilegedExceptionAction_375(this, numKeys, retEdeks, name));
                }
                catch (Exception e)
                {
                    throw new IOException(e);
                }
                kmsAudit.Ok(user, KMS.KMSOp.GenerateEek, name, string.Empty);
                retJSON = new ArrayList();
                foreach (KeyProviderCryptoExtension.EncryptedKeyVersion edek in retEdeks)
                {
                    ((ArrayList)retJSON).AddItem(KMSServerJSONUtils.ToJSON(edek));
                }
            }
            else
            {
                throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be "
                                            + KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt);
            }
            KMSWebApp.GetGenerateEEKCallsMeter().Mark();
            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build());
        }
Ejemplo n.º 12
0
        public virtual Response Put(InputStream @is, UriInfo uriInfo, string path, HttpFSParametersProvider.OperationParam
                                    op, Parameters @params, HttpServletRequest request)
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();
            Response             response;

            path = MakeAbsolute(path);
            MDC.Put(HttpFSFileSystem.OpParam, op.Value().ToString());
            MDC.Put("hostname", request.GetRemoteAddr());
            switch (op.Value())
            {
            case HttpFSFileSystem.Operation.Create:
            {
                bool hasData = @params.Get <HttpFSParametersProvider.DataParam>(HttpFSParametersProvider.DataParam
                                                                                .Name);
                if (!hasData)
                {
                    response = Response.TemporaryRedirect(CreateUploadRedirectionURL(uriInfo, HttpFSFileSystem.Operation
                                                                                     .Create)).Build();
                }
                else
                {
                    short permission = @params.Get <HttpFSParametersProvider.PermissionParam>(HttpFSParametersProvider.PermissionParam
                                                                                              .Name);
                    bool @override = @params.Get <HttpFSParametersProvider.OverwriteParam>(HttpFSParametersProvider.OverwriteParam
                                                                                           .Name);
                    short replication = @params.Get <HttpFSParametersProvider.ReplicationParam>(HttpFSParametersProvider.ReplicationParam
                                                                                                .Name);
                    long blockSize = @params.Get <HttpFSParametersProvider.BlockSizeParam>(HttpFSParametersProvider.BlockSizeParam
                                                                                           .Name);
                    FSOperations.FSCreate command = new FSOperations.FSCreate(@is, path, permission,
                                                                              @override, replication, blockSize);
                    FsExecute(user, command);
                    AuditLog.Info("[{}] permission [{}] override [{}] replication [{}] blockSize [{}]"
                                  , new object[] { path, permission, @override, replication, blockSize });
                    response = Response.Status(Response.Status.Created).Build();
                }
                break;
            }

            case HttpFSFileSystem.Operation.Setxattr:
            {
                string xattrName = @params.Get <HttpFSParametersProvider.XAttrNameParam>(HttpFSParametersProvider.XAttrNameParam
                                                                                         .Name);
                string xattrValue = @params.Get <HttpFSParametersProvider.XAttrValueParam>(HttpFSParametersProvider.XAttrValueParam
                                                                                           .Name);
                EnumSet <XAttrSetFlag> flag = @params.Get <HttpFSParametersProvider.XAttrSetFlagParam
                                                           >(HttpFSParametersProvider.XAttrSetFlagParam.Name);
                FSOperations.FSSetXAttr command = new FSOperations.FSSetXAttr(path, xattrName, xattrValue
                                                                              , flag);
                FsExecute(user, command);
                AuditLog.Info("[{}] to xAttr [{}]", path, xattrName);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Removexattr:
            {
                string xattrName = @params.Get <HttpFSParametersProvider.XAttrNameParam>(HttpFSParametersProvider.XAttrNameParam
                                                                                         .Name);
                FSOperations.FSRemoveXAttr command = new FSOperations.FSRemoveXAttr(path, xattrName
                                                                                    );
                FsExecute(user, command);
                AuditLog.Info("[{}] removed xAttr [{}]", path, xattrName);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Mkdirs:
            {
                short permission = @params.Get <HttpFSParametersProvider.PermissionParam>(HttpFSParametersProvider.PermissionParam
                                                                                          .Name);
                FSOperations.FSMkdirs command = new FSOperations.FSMkdirs(path, permission);
                JSONObject            json    = FsExecute(user, command);
                AuditLog.Info("[{}] permission [{}]", path, permission);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Rename:
            {
                string toPath = @params.Get <HttpFSParametersProvider.DestinationParam>(HttpFSParametersProvider.DestinationParam
                                                                                        .Name);
                FSOperations.FSRename command = new FSOperations.FSRename(path, toPath);
                JSONObject            json    = FsExecute(user, command);
                AuditLog.Info("[{}] to [{}]", path, toPath);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Setowner:
            {
                string owner = @params.Get <HttpFSParametersProvider.OwnerParam>(HttpFSParametersProvider.OwnerParam
                                                                                 .Name);
                string group = @params.Get <HttpFSParametersProvider.GroupParam>(HttpFSParametersProvider.GroupParam
                                                                                 .Name);
                FSOperations.FSSetOwner command = new FSOperations.FSSetOwner(path, owner, group);
                FsExecute(user, command);
                AuditLog.Info("[{}] to (O/G)[{}]", path, owner + ":" + group);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Setpermission:
            {
                short permission = @params.Get <HttpFSParametersProvider.PermissionParam>(HttpFSParametersProvider.PermissionParam
                                                                                          .Name);
                FSOperations.FSSetPermission command = new FSOperations.FSSetPermission(path, permission
                                                                                        );
                FsExecute(user, command);
                AuditLog.Info("[{}] to [{}]", path, permission);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Setreplication:
            {
                short replication = @params.Get <HttpFSParametersProvider.ReplicationParam>(HttpFSParametersProvider.ReplicationParam
                                                                                            .Name);
                FSOperations.FSSetReplication command = new FSOperations.FSSetReplication(path, replication
                                                                                          );
                JSONObject json = FsExecute(user, command);
                AuditLog.Info("[{}] to [{}]", path, replication);
                response = Response.Ok(json).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Settimes:
            {
                long modifiedTime = @params.Get <HttpFSParametersProvider.ModifiedTimeParam>(HttpFSParametersProvider.ModifiedTimeParam
                                                                                             .Name);
                long accessTime = @params.Get <HttpFSParametersProvider.AccessTimeParam>(HttpFSParametersProvider.AccessTimeParam
                                                                                         .Name);
                FSOperations.FSSetTimes command = new FSOperations.FSSetTimes(path, modifiedTime,
                                                                              accessTime);
                FsExecute(user, command);
                AuditLog.Info("[{}] to (M/A)[{}]", path, modifiedTime + ":" + accessTime);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Setacl:
            {
                string aclSpec = @params.Get <HttpFSParametersProvider.AclPermissionParam>(HttpFSParametersProvider.AclPermissionParam
                                                                                           .Name);
                FSOperations.FSSetAcl command = new FSOperations.FSSetAcl(path, aclSpec);
                FsExecute(user, command);
                AuditLog.Info("[{}] to acl [{}]", path, aclSpec);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Removeacl:
            {
                FSOperations.FSRemoveAcl command = new FSOperations.FSRemoveAcl(path);
                FsExecute(user, command);
                AuditLog.Info("[{}] removed acl", path);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Modifyaclentries:
            {
                string aclSpec = @params.Get <HttpFSParametersProvider.AclPermissionParam>(HttpFSParametersProvider.AclPermissionParam
                                                                                           .Name);
                FSOperations.FSModifyAclEntries command = new FSOperations.FSModifyAclEntries(path
                                                                                              , aclSpec);
                FsExecute(user, command);
                AuditLog.Info("[{}] modify acl entry with [{}]", path, aclSpec);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Removeaclentries:
            {
                string aclSpec = @params.Get <HttpFSParametersProvider.AclPermissionParam>(HttpFSParametersProvider.AclPermissionParam
                                                                                           .Name);
                FSOperations.FSRemoveAclEntries command = new FSOperations.FSRemoveAclEntries(path
                                                                                              , aclSpec);
                FsExecute(user, command);
                AuditLog.Info("[{}] remove acl entry [{}]", path, aclSpec);
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Removedefaultacl:
            {
                FSOperations.FSRemoveDefaultAcl command = new FSOperations.FSRemoveDefaultAcl(path
                                                                                              );
                FsExecute(user, command);
                AuditLog.Info("[{}] remove default acl", path);
                response = Response.Ok().Build();
                break;
            }

            default:
            {
                throw new IOException(MessageFormat.Format("Invalid HTTP PUT operation [{0}]", op
                                                           .Value()));
            }
            }
            return(response);
        }
Ejemplo n.º 13
0
        public virtual Response Post(InputStream @is, UriInfo uriInfo, string path, HttpFSParametersProvider.OperationParam
                                     op, Parameters @params, HttpServletRequest request)
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();
            Response             response;

            path = MakeAbsolute(path);
            MDC.Put(HttpFSFileSystem.OpParam, op.Value().ToString());
            MDC.Put("hostname", request.GetRemoteAddr());
            switch (op.Value())
            {
            case HttpFSFileSystem.Operation.Append:
            {
                bool hasData = @params.Get <HttpFSParametersProvider.DataParam>(HttpFSParametersProvider.DataParam
                                                                                .Name);
                if (!hasData)
                {
                    response = Response.TemporaryRedirect(CreateUploadRedirectionURL(uriInfo, HttpFSFileSystem.Operation
                                                                                     .Append)).Build();
                }
                else
                {
                    FSOperations.FSAppend command = new FSOperations.FSAppend(@is, path);
                    FsExecute(user, command);
                    AuditLog.Info("[{}]", path);
                    response = Response.Ok().Type(MediaType.ApplicationJson).Build();
                }
                break;
            }

            case HttpFSFileSystem.Operation.Concat:
            {
                System.Console.Out.WriteLine("HTTPFS SERVER CONCAT");
                string sources = @params.Get <HttpFSParametersProvider.SourcesParam>(HttpFSParametersProvider.SourcesParam
                                                                                     .Name);
                FSOperations.FSConcat command = new FSOperations.FSConcat(path, sources.Split(","
                                                                                              ));
                FsExecute(user, command);
                AuditLog.Info("[{}]", path);
                System.Console.Out.WriteLine("SENT RESPONSE");
                response = Response.Ok().Build();
                break;
            }

            case HttpFSFileSystem.Operation.Truncate:
            {
                long newLength = @params.Get <HttpFSParametersProvider.NewLengthParam>(HttpFSParametersProvider.NewLengthParam
                                                                                       .Name);
                FSOperations.FSTruncate command = new FSOperations.FSTruncate(path, newLength);
                JSONObject json = FsExecute(user, command);
                AuditLog.Info("Truncate [{}] to length [{}]", path, newLength);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            default:
            {
                throw new IOException(MessageFormat.Format("Invalid HTTP POST operation [{0}]", op
                                                           .Value()));
            }
            }
            return(response);
        }
Ejemplo n.º 14
0
        public virtual Response Get(string path, HttpFSParametersProvider.OperationParam
                                    op, Parameters @params, HttpServletRequest request)
        {
            UserGroupInformation user = HttpUserGroupInformation.Get();
            Response             response;

            path = MakeAbsolute(path);
            MDC.Put(HttpFSFileSystem.OpParam, op.Value().ToString());
            MDC.Put("hostname", request.GetRemoteAddr());
            switch (op.Value())
            {
            case HttpFSFileSystem.Operation.Open:
            {
                //Invoking the command directly using an unmanaged FileSystem that is
                // released by the FileSystemReleaseFilter
                FSOperations.FSOpen command = new FSOperations.FSOpen(path);
                FileSystem          fs      = CreateFileSystem(user);
                InputStream         @is     = command.Execute(fs);
                long offset = @params.Get <HttpFSParametersProvider.OffsetParam>(HttpFSParametersProvider.OffsetParam
                                                                                 .Name);
                long len = @params.Get <HttpFSParametersProvider.LenParam>(HttpFSParametersProvider.LenParam
                                                                           .Name);
                AuditLog.Info("[{}] offset [{}] len [{}]", new object[] { path, offset, len });
                InputStreamEntity entity = new InputStreamEntity(@is, offset, len);
                response = Response.Ok(entity).Type(MediaType.ApplicationOctetStream).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Getfilestatus:
            {
                FSOperations.FSFileStatus command = new FSOperations.FSFileStatus(path);
                IDictionary json = FsExecute(user, command);
                AuditLog.Info("[{}]", path);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Liststatus:
            {
                string filter = @params.Get <HttpFSParametersProvider.FilterParam>(HttpFSParametersProvider.FilterParam
                                                                                   .Name);
                FSOperations.FSListStatus command = new FSOperations.FSListStatus(path, filter);
                IDictionary json = FsExecute(user, command);
                AuditLog.Info("[{}] filter [{}]", path, (filter != null) ? filter : "-");
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Gethomedirectory:
            {
                EnforceRootPath(op.Value(), path);
                FSOperations.FSHomeDir command = new FSOperations.FSHomeDir();
                JSONObject             json    = FsExecute(user, command);
                AuditLog.Info(string.Empty);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Instrumentation:
            {
                EnforceRootPath(op.Value(), path);
                Groups         groups     = HttpFSServerWebApp.Get().Get <Groups>();
                IList <string> userGroups = groups.GetGroups(user.GetShortUserName());
                if (!userGroups.Contains(HttpFSServerWebApp.Get().GetAdminGroup()))
                {
                    throw new AccessControlException("User not in HttpFSServer admin group");
                }
                Instrumentation instrumentation = HttpFSServerWebApp.Get().Get <Instrumentation>();
                IDictionary     snapshot        = instrumentation.GetSnapshot();
                response = Response.Ok(snapshot).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Getcontentsummary:
            {
                FSOperations.FSContentSummary command = new FSOperations.FSContentSummary(path);
                IDictionary json = FsExecute(user, command);
                AuditLog.Info("[{}]", path);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Getfilechecksum:
            {
                FSOperations.FSFileChecksum command = new FSOperations.FSFileChecksum(path);
                IDictionary json = FsExecute(user, command);
                AuditLog.Info("[{}]", path);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Getfileblocklocations:
            {
                response = Response.Status(Response.Status.BadRequest).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Getaclstatus:
            {
                FSOperations.FSAclStatus command = new FSOperations.FSAclStatus(path);
                IDictionary json = FsExecute(user, command);
                AuditLog.Info("ACL status for [{}]", path);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Getxattrs:
            {
                IList <string> xattrNames = @params.GetValues <HttpFSParametersProvider.XAttrNameParam
                                                               >(HttpFSParametersProvider.XAttrNameParam.Name);
                XAttrCodec encoding = @params.Get <HttpFSParametersProvider.XAttrEncodingParam>(HttpFSParametersProvider.XAttrEncodingParam
                                                                                                .Name);
                FSOperations.FSGetXAttrs command = new FSOperations.FSGetXAttrs(path, xattrNames,
                                                                                encoding);
                IDictionary json = FsExecute(user, command);
                AuditLog.Info("XAttrs for [{}]", path);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            case HttpFSFileSystem.Operation.Listxattrs:
            {
                FSOperations.FSListXAttrs command = new FSOperations.FSListXAttrs(path);
                IDictionary json = FsExecute(user, command);
                AuditLog.Info("XAttr names for [{}]", path);
                response = Response.Ok(json).Type(MediaType.ApplicationJson).Build();
                break;
            }

            default:
            {
                throw new IOException(MessageFormat.Format("Invalid HTTP GET operation [{0}]", op
                                                           .Value()));
            }
            }
            return(response);
        }