Example #1
0
        /// <summary>Set headers for content length, and, if available, md5.</summary>
        /// <exception cref="System.IO.IOException"></exception>
        public static void SetVerificationHeadersForGet(HttpServletResponse response, FilePath
                                                        file)
        {
            response.SetHeader(TransferFsImage.ContentLength, file.Length().ToString());
            MD5Hash hash = MD5FileUtils.ReadStoredMd5ForFile(file);

            if (hash != null)
            {
                response.SetHeader(TransferFsImage.Md5Header, hash.ToString());
            }
        }
Example #2
0
        private void DoCrossFilter(HttpServletRequest req, HttpServletResponse res)
        {
            string originsList = EncodeHeader(req.GetHeader(Origin));

            if (!IsCrossOrigin(originsList))
            {
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("Header origin is null. Returning");
                }
                return;
            }
            if (!AreOriginsAllowed(originsList))
            {
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("Header origins '" + originsList + "' not allowed. Returning");
                }
                return;
            }
            string accessControlRequestMethod = req.GetHeader(AccessControlRequestMethod);

            if (!IsMethodAllowed(accessControlRequestMethod))
            {
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("Access control method '" + accessControlRequestMethod + "' not allowed. Returning"
                              );
                }
                return;
            }
            string accessControlRequestHeaders = req.GetHeader(AccessControlRequestHeaders);

            if (!AreHeadersAllowed(accessControlRequestHeaders))
            {
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("Access control headers '" + accessControlRequestHeaders + "' not allowed. Returning"
                              );
                }
                return;
            }
            if (Log.IsDebugEnabled())
            {
                Log.Debug("Completed cross origin filter checks. Populating " + "HttpServletResponse"
                          );
            }
            res.SetHeader(AccessControlAllowOrigin, originsList);
            res.SetHeader(AccessControlAllowCredentials, true.ToString());
            res.SetHeader(AccessControlAllowMethods, GetAllowedMethodsHeader());
            res.SetHeader(AccessControlAllowHeaders, GetAllowedHeadersHeader());
            res.SetHeader(AccessControlMaxAge, maxAge);
        }
Example #3
0
 /// <exception cref="Javax.Servlet.ServletException"/>
 /// <exception cref="System.IO.IOException"/>
 protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
 {
     resp.SetStatus(HttpServletResponse.ScOk);
     resp.GetWriter().Write("ping");
     if (req.GetHeader(DelegationTokenAuthenticator.DelegationTokenHeader) != null)
     {
         resp.SetHeader("UsingHeader", "true");
     }
     if (req.GetQueryString() != null && req.GetQueryString().Contains(DelegationTokenAuthenticator
                                                                       .DelegationParam + "="))
     {
         resp.SetHeader("UsingQueryString", "true");
     }
 }
Example #4
0
        /// <summary>Authenticates an HTTP client request.</summary>
        /// <remarks>
        /// Authenticates an HTTP client request.
        /// <p>
        /// It extracts the
        /// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.PseudoAuthenticator.UserName
        ///     "/>
        /// parameter from the query string and creates
        /// an
        /// <see cref="AuthenticationToken"/>
        /// with it.
        /// <p>
        /// If the HTTP client request does not contain the
        /// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.PseudoAuthenticator.UserName
        ///     "/>
        /// parameter and
        /// the handler is configured to allow anonymous users it returns the
        /// <see cref="AuthenticationToken.Anonymous"/>
        /// token.
        /// <p>
        /// If the HTTP client request does not contain the
        /// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.PseudoAuthenticator.UserName
        ///     "/>
        /// parameter and
        /// the handler is configured to disallow anonymous users it throws an
        /// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     "/>
        /// .
        /// </remarks>
        /// <param name="request">the HTTP client request.</param>
        /// <param name="response">the HTTP client response.</param>
        /// <returns>an authentication token if the HTTP client request is accepted and credentials are valid.
        ///     </returns>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     ">thrown if HTTP client request was not accepted as an authentication request.</exception>
        public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                         response)
        {
            AuthenticationToken token;
            string userName = GetUserName(request);

            if (userName == null)
            {
                if (GetAcceptAnonymous())
                {
                    token = AuthenticationToken.Anonymous;
                }
                else
                {
                    response.SetStatus(HttpServletResponse.ScForbidden);
                    response.SetHeader(WwwAuthenticate, PseudoAuth);
                    token = null;
                }
            }
            else
            {
                token = new AuthenticationToken(userName, userName, GetType());
            }
            return(token);
        }
Example #5
0
 /// <exception cref="System.IO.IOException"/>
 /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
 ///     "/>
 public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                  response)
 {
     response.SetStatus(HttpServletResponse.ScUnauthorized);
     response.SetHeader(KerberosAuthenticator.WwwAuthenticate, "mock");
     return(null);
 }
Example #6
0
 /// <summary>Send a partial content response with the given range.</summary>
 /// <remarks>
 /// Send a partial content response with the given range. If there are
 /// no satisfiable ranges, or if multiple ranges are requested, which
 /// is unsupported, respond with range not satisfiable.
 /// </remarks>
 /// <param name="in">stream to read from</param>
 /// <param name="out">stream to write to</param>
 /// <param name="response">http response to use</param>
 /// <param name="contentLength">for the response header</param>
 /// <param name="ranges">to write to respond with</param>
 /// <exception cref="System.IO.IOException">on error sending the response</exception>
 internal static void SendPartialData(FSDataInputStream @in, OutputStream @out, HttpServletResponse
                                      response, long contentLength, IList <InclusiveByteRange> ranges)
 {
     if (ranges == null || ranges.Count != 1)
     {
         response.SetContentLength(0);
         response.SetStatus(HttpServletResponse.ScRequestedRangeNotSatisfiable);
         response.SetHeader("Content-Range", InclusiveByteRange.To416HeaderRangeString(contentLength
                                                                                       ));
     }
     else
     {
         InclusiveByteRange singleSatisfiableRange = ranges[0];
         long singleLength = singleSatisfiableRange.GetSize(contentLength);
         response.SetStatus(HttpServletResponse.ScPartialContent);
         response.SetHeader("Content-Range", singleSatisfiableRange.ToHeaderRangeString(contentLength
                                                                                        ));
         CopyFromOffset(@in, @out, singleSatisfiableRange.GetFirst(contentLength), singleLength
                        );
     }
 }
Example #7
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Javax.Servlet.ServletException"/>
        public virtual void DoFilter(ServletRequest req, ServletResponse res, FilterChain
                                     chain)
        {
            HttpServletResponse httpRes = (HttpServletResponse)res;

            httpRes.SetHeader("Cache-Control", "no-cache");
            long now = Runtime.CurrentTimeMillis();

            httpRes.AddDateHeader("Expires", now);
            httpRes.AddDateHeader("Date", now);
            httpRes.AddHeader("Pragma", "no-cache");
            chain.DoFilter(req, res);
        }
Example #8
0
        public static void RedirectToErrorPage(HttpServletResponse res, Exception e, string
                                               path, bool devMode)
        {
            string st = devMode ? ErrorPage.ToStackTrace(e, 1024 * 3) : "See logs for stack trace";

            // spec: min 4KB
            res.SetStatus(res.ScFound);
            Cookie cookie = new Cookie(StatusCookie, 500.ToString());

            cookie.SetPath(path);
            res.AddCookie(cookie);
            cookie = new Cookie(ErrorCookie, st);
            cookie.SetPath(path);
            res.AddCookie(cookie);
            res.SetHeader("Location", path);
        }
        /// <summary>
        /// It enforces the the Kerberos SPNEGO authentication sequence returning an
        /// <see cref="AuthenticationToken"/>
        /// only
        /// after the Kerberos SPNEGO sequence has completed successfully.
        /// </summary>
        /// <param name="request">the HTTP client request.</param>
        /// <param name="response">the HTTP client response.</param>
        /// <returns>
        /// an authentication token if the Kerberos SPNEGO sequence is complete and valid,
        /// <code>null</code> if it is in progress (in this case the handler handles the response to the client).
        /// </returns>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
        /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
        ///     ">thrown if Kerberos SPNEGO sequence failed.</exception>
        public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                         response)
        {
            AuthenticationToken token = null;
            string authorization      = request.GetHeader(KerberosAuthenticator.Authorization);

            if (authorization == null || !authorization.StartsWith(KerberosAuthenticator.Negotiate
                                                                   ))
            {
                response.SetHeader(WwwAuthenticate, KerberosAuthenticator.Negotiate);
                response.SetStatus(HttpServletResponse.ScUnauthorized);
                if (authorization == null)
                {
                    Log.Trace("SPNEGO starting");
                }
                else
                {
                    Log.Warn("'" + KerberosAuthenticator.Authorization + "' does not start with '" +
                             KerberosAuthenticator.Negotiate + "' :  {}", authorization);
                }
            }
            else
            {
                authorization = Runtime.Substring(authorization, KerberosAuthenticator.Negotiate
                                                  .Length).Trim();
                Base64 base64      = new Base64(0);
                byte[] clientToken = base64.Decode(authorization);
                string serverName  = request.GetServerName();
                try
                {
                    token = Subject.DoAs(serverSubject, new _PrivilegedExceptionAction_347(this, serverName
                                                                                           , clientToken, base64, response));
                }
                catch (PrivilegedActionException ex)
                {
                    if (ex.GetException() is IOException)
                    {
                        throw (IOException)ex.GetException();
                    }
                    else
                    {
                        throw new AuthenticationException(ex.GetException());
                    }
                }
            }
            return(token);
        }
Example #10
0
            /// <exception cref="System.IO.IOException"/>
            /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
            ///     "/>
            public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse
                                                             response)
            {
                AuthenticationToken token = null;

                if (request.GetParameter("authenticated") != null)
                {
                    token = new AuthenticationToken(request.GetParameter("authenticated"), "U", "test"
                                                    );
                }
                else
                {
                    response.SetStatus(HttpServletResponse.ScUnauthorized);
                    response.SetHeader(KerberosAuthenticator.WwwAuthenticate, "dummy");
                }
                return(token);
            }
Example #11
0
        /// <summary>
        /// Handle redirects with a status code that can in future support verbs other
        /// than GET, thus supporting full REST functionality.
        /// </summary>
        /// <remarks>
        /// Handle redirects with a status code that can in future support verbs other
        /// than GET, thus supporting full REST functionality.
        /// <p>
        /// The target URL is included in the redirect text returned
        /// <p>
        /// At the end of this method, the output stream is closed.
        /// </remarks>
        /// <param name="request">
        /// request (hence: the verb and any other information
        /// relevant to a redirect)
        /// </param>
        /// <param name="response">the response</param>
        /// <param name="target">the target URL -unencoded</param>
        /// <exception cref="System.IO.IOException"/>
        public static void SendRedirect(HttpServletRequest request, HttpServletResponse response
                                        , string target)
        {
            if (Log.IsDebugEnabled())
            {
                Log.Debug("Redirecting {} {} to {}", request.GetMethod(), request.GetRequestURI()
                          , target);
            }
            string location = response.EncodeRedirectURL(target);

            response.SetStatus(HttpServletResponse.ScFound);
            response.SetHeader(Location, location);
            response.SetContentType(MimeType.Html);
            PrintWriter writer = response.GetWriter();

            ProxyUtils.Page p = new ProxyUtils.Page(writer);
            p.Html().Head().Title("Moved").().Body().H1("Moved").Div().("Content has moved ")
            .A(location, "here").().().();
            writer.Close();
        }
Example #12
0
 protected override void DoOptions(HttpServletRequest req, HttpServletResponse res
                                   )
 {
     // for simplicity
     res.SetHeader("Allow", "GET, POST");
 }
Example #13
0
        /// <summary>Process a GET request for the specified resource.</summary>
        /// <param name="request">The servlet request we are processing</param>
        /// <param name="response">The servlet response we are creating</param>
        protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                      )
        {
            string      jsonpcb = null;
            PrintWriter writer  = null;

            try
            {
                if (!IsInstrumentationAccessAllowed(request, response))
                {
                    return;
                }
                JsonGenerator jg = null;
                try
                {
                    writer = response.GetWriter();
                    response.SetContentType("application/json; charset=utf8");
                    response.SetHeader(AccessControlAllowMethods, "GET");
                    response.SetHeader(AccessControlAllowOrigin, "*");
                    JsonFactory jsonFactory = new JsonFactory();
                    jg = jsonFactory.CreateJsonGenerator(writer);
                    jg.Disable(JsonGenerator.Feature.AutoCloseTarget);
                    jg.UseDefaultPrettyPrinter();
                    jg.WriteStartObject();
                    if (mBeanServer == null)
                    {
                        jg.WriteStringField("result", "ERROR");
                        jg.WriteStringField("message", "No MBeanServer could be found");
                        jg.Close();
                        Log.Error("No MBeanServer could be found.");
                        response.SetStatus(HttpServletResponse.ScNotFound);
                        return;
                    }
                    // query per mbean attribute
                    string getmethod = request.GetParameter("get");
                    if (getmethod != null)
                    {
                        string[] splitStrings = getmethod.Split("\\:\\:");
                        if (splitStrings.Length != 2)
                        {
                            jg.WriteStringField("result", "ERROR");
                            jg.WriteStringField("message", "query format is not as expected.");
                            jg.Close();
                            response.SetStatus(HttpServletResponse.ScBadRequest);
                            return;
                        }
                        ListBeans(jg, new ObjectName(splitStrings[0]), splitStrings[1], response);
                        jg.Close();
                        return;
                    }
                    // query per mbean
                    string qry = request.GetParameter("qry");
                    if (qry == null)
                    {
                        qry = "*:*";
                    }
                    ListBeans(jg, new ObjectName(qry), null, response);
                }
                finally
                {
                    if (jg != null)
                    {
                        jg.Close();
                    }
                    if (writer != null)
                    {
                        writer.Close();
                    }
                }
            }
            catch (IOException e)
            {
                Log.Error("Caught an exception while processing JMX request", e);
                response.SetStatus(HttpServletResponse.ScInternalServerError);
            }
            catch (MalformedObjectNameException e)
            {
                Log.Error("Caught an exception while processing JMX request", e);
                response.SetStatus(HttpServletResponse.ScBadRequest);
            }
            finally
            {
                if (writer != null)
                {
                    writer.Close();
                }
            }
        }
Example #14
0
 public static void SetFileNameHeaders(HttpServletResponse response, FilePath file
                                       )
 {
     response.SetHeader(ContentDisposition, "attachment; filename=" + file.GetName());
     response.SetHeader(HadoopImageEditsHeader, file.GetName());
 }
Example #15
0
        /// <summary>Download link and have it be the response.</summary>
        /// <param name="req">the http request</param>
        /// <param name="resp">the http response</param>
        /// <param name="link">the link to download</param>
        /// <param name="c">the cookie to set if any</param>
        /// <exception cref="System.IO.IOException">on any error.</exception>
        private static void ProxyLink(HttpServletRequest req, HttpServletResponse resp, URI
                                      link, Cookie c, string proxyHost)
        {
            DefaultHttpClient client = new DefaultHttpClient();

            client.GetParams().SetParameter(ClientPNames.CookiePolicy, CookiePolicy.BrowserCompatibility
                                            ).SetBooleanParameter(ClientPNames.AllowCircularRedirects, true);
            // Make sure we send the request from the proxy address in the config
            // since that is what the AM filter checks against. IP aliasing or
            // similar could cause issues otherwise.
            IPAddress localAddress = Sharpen.Extensions.GetAddressByName(proxyHost);

            if (Log.IsDebugEnabled())
            {
                Log.Debug("local InetAddress for proxy host: {}", localAddress);
            }
            client.GetParams().SetParameter(ConnRoutePNames.LocalAddress, localAddress);
            HttpGet httpGet            = new HttpGet(link);
            Enumeration <string> names = req.GetHeaderNames();

            while (names.MoveNext())
            {
                string name = names.Current;
                if (passThroughHeaders.Contains(name))
                {
                    string value = req.GetHeader(name);
                    if (Log.IsDebugEnabled())
                    {
                        Log.Debug("REQ HEADER: {} : {}", name, value);
                    }
                    httpGet.SetHeader(name, value);
                }
            }
            string user = req.GetRemoteUser();

            if (user != null && !user.IsEmpty())
            {
                httpGet.SetHeader("Cookie", ProxyUserCookieName + "=" + URLEncoder.Encode(user, "ASCII"
                                                                                          ));
            }
            OutputStream @out = resp.GetOutputStream();

            try
            {
                HttpResponse httpResp = client.Execute(httpGet);
                resp.SetStatus(httpResp.GetStatusLine().GetStatusCode());
                foreach (Header header in httpResp.GetAllHeaders())
                {
                    resp.SetHeader(header.GetName(), header.GetValue());
                }
                if (c != null)
                {
                    resp.AddCookie(c);
                }
                InputStream @in = httpResp.GetEntity().GetContent();
                if (@in != null)
                {
                    IOUtils.CopyBytes(@in, @out, 4096, true);
                }
            }
            finally
            {
                httpGet.ReleaseConnection();
            }
        }
Example #16
0
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <exception cref="System.IO.IOException"/>
        protected override void DoGet(HttpServletRequest request, HttpServletResponse response
                                      )
        {
            string path        = ServletUtil.GetDecodedPath(request, "/streamFile");
            string rawPath     = ServletUtil.GetRawPath(request, "/streamFile");
            string filename    = JspHelper.ValidatePath(path);
            string rawFilename = JspHelper.ValidatePath(rawPath);

            if (filename == null)
            {
                response.SetContentType("text/plain");
                PrintWriter @out = response.GetWriter();
                @out.Write("Invalid input");
                return;
            }
            Enumeration <string> reqRanges = request.GetHeaders("Range");

            if (reqRanges != null && !reqRanges.MoveNext())
            {
                reqRanges = null;
            }
            DFSClient dfs;

            try
            {
                dfs = GetDFSClient(request);
            }
            catch (Exception e)
            {
                response.SendError(400, e.Message);
                return;
            }
            HdfsDataInputStream @in   = null;
            OutputStream        out_1 = null;

            try
            {
                @in   = dfs.CreateWrappedInputStream(dfs.Open(filename));
                out_1 = response.GetOutputStream();
                long fileLen = @in.GetVisibleLength();
                if (reqRanges != null)
                {
                    IList <InclusiveByteRange> ranges = InclusiveByteRange.SatisfiableRanges(reqRanges
                                                                                             , fileLen);
                    StreamFile.SendPartialData(@in, out_1, response, fileLen, ranges);
                }
                else
                {
                    // No ranges, so send entire file
                    response.SetHeader("Content-Disposition", "attachment; filename=\"" + rawFilename
                                       + "\"");
                    response.SetContentType("application/octet-stream");
                    response.SetHeader(ContentLength, string.Empty + fileLen);
                    StreamFile.CopyFromOffset(@in, out_1, 0L, fileLen);
                }
                @in.Close();
                @in = null;
                out_1.Close();
                out_1 = null;
                dfs.Close();
                dfs = null;
            }
            catch (IOException ioe)
            {
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("response.isCommitted()=" + response.IsCommitted(), ioe);
                }
                throw;
            }
            finally
            {
                IOUtils.Cleanup(Log, @in);
                IOUtils.Cleanup(Log, out_1);
                IOUtils.Cleanup(Log, dfs);
            }
        }
Example #17
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Javax.Servlet.ServletException"/>
        public override void DoFilter(HttpServletRequest request, HttpServletResponse response
                                      , FilterChain chain)
        {
            response.SetCharacterEncoding("UTF-8");
            string uri = HtmlQuoting.QuoteHtmlChars(request.GetRequestURI());

            if (uri == null)
            {
                uri = "/";
            }
            RMWebApp rmWebApp = injector.GetInstance <RMWebApp>();

            rmWebApp.CheckIfStandbyRM();
            if (rmWebApp.IsStandby() && ShouldRedirect(rmWebApp, uri))
            {
                string redirectPath = rmWebApp.GetRedirectPath();
                if (redirectPath != null && !redirectPath.IsEmpty())
                {
                    redirectPath += uri;
                    string      redirectMsg = "This is standby RM. The redirect url is: " + redirectPath;
                    PrintWriter @out        = response.GetWriter();
                    @out.WriteLine(redirectMsg);
                    response.SetHeader("Location", redirectPath);
                    response.SetStatus(HttpServletResponse.ScTemporaryRedirect);
                    return;
                }
                else
                {
                    bool   doRetry          = true;
                    string retryIntervalStr = request.GetParameter(YarnWebParams.NextRefreshInterval);
                    int    retryInterval    = 0;
                    if (retryIntervalStr != null)
                    {
                        try
                        {
                            retryInterval = System.Convert.ToInt32(retryIntervalStr.Trim());
                        }
                        catch (FormatException)
                        {
                            doRetry = false;
                        }
                    }
                    int    next        = CalculateExponentialTime(retryInterval);
                    string redirectUrl = AppendOrReplaceParamter(path + uri, YarnWebParams.NextRefreshInterval
                                                                 + "=" + (retryInterval + 1));
                    if (redirectUrl == null || next > MaxSleepTime)
                    {
                        doRetry = false;
                    }
                    string redirectMsg = doRetry ? "Can not find any active RM. Will retry in next "
                                         + next + " seconds." : "There is no active RM right now.";
                    redirectMsg += "\nHA Zookeeper Connection State: " + rmWebApp.GetHAZookeeperConnectionState
                                       ();
                    PrintWriter @out = response.GetWriter();
                    @out.WriteLine(redirectMsg);
                    if (doRetry)
                    {
                        response.SetHeader("Refresh", next + ";url=" + redirectUrl);
                        response.SetStatus(HttpServletResponse.ScTemporaryRedirect);
                    }
                }
                return;
            }
            base.DoFilter(request, response, chain);
        }