public virtual void Mdc()
{
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
Org.Mockito.Mockito.When(request.GetUserPrincipal()).ThenReturn(null);
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn("METHOD");
Org.Mockito.Mockito.When(request.GetPathInfo()).ThenReturn("/pathinfo");
ServletResponse response = Org.Mockito.Mockito.Mock <ServletResponse>();
AtomicBoolean invoked = new AtomicBoolean();
FilterChain chain = new _FilterChain_55(invoked);
MDC.Clear();
Filter filter = new MDCFilter();
filter.Init(null);
filter.DoFilter(request, response, chain);
NUnit.Framework.Assert.IsTrue(invoked.Get());
NUnit.Framework.Assert.IsNull(MDC.Get("hostname"));
NUnit.Framework.Assert.IsNull(MDC.Get("user"));
NUnit.Framework.Assert.IsNull(MDC.Get("method"));
NUnit.Framework.Assert.IsNull(MDC.Get("path"));
Org.Mockito.Mockito.When(request.GetUserPrincipal()).ThenReturn(new _Principal_78
());
invoked.Set(false);
chain = new _FilterChain_86(invoked);
filter.DoFilter(request, response, chain);
NUnit.Framework.Assert.IsTrue(invoked.Get());
HostnameFilter.HostnameTl.Set("HOST");
invoked.Set(false);
chain = new _FilterChain_103(invoked);
filter.DoFilter(request, response, chain);
NUnit.Framework.Assert.IsTrue(invoked.Get());
HostnameFilter.HostnameTl.Remove();
filter.Destroy();
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
{
resp.SetContentType("text/plain");
resp.SetStatus(HttpServletResponse.ScOk);
string user = req.GetRemoteUser();
string principal = (req.GetUserPrincipal() != null) ? req.GetUserPrincipal().GetName
() : null;
TextWriter writer = resp.GetWriter();
writer.Write(MessageFormat.Format("You are: user[{0}] principal[{1}]\n", user, principal
));
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Javax.Servlet.ServletException"/>
protected override void DoFilter(FilterChain filterChain, HttpServletRequest request
, HttpServletResponse response)
{
bool requestCompleted = false;
UserGroupInformation ugi = null;
AuthenticationToken authToken = (AuthenticationToken)request.GetUserPrincipal();
if (authToken != null && authToken != AuthenticationToken.Anonymous)
{
// if the request was authenticated because of a delegation token,
// then we ignore proxyuser (this is the same as the RPC behavior).
ugi = (UserGroupInformation)request.GetAttribute(DelegationTokenAuthenticationHandler
.DelegationTokenUgiAttribute);
if (ugi == null)
{
string realUser = request.GetUserPrincipal().GetName();
ugi = UserGroupInformation.CreateRemoteUser(realUser, handlerAuthMethod);
string doAsUser = GetDoAs(request);
if (doAsUser != null)
{
ugi = UserGroupInformation.CreateProxyUser(doAsUser, ugi);
try
{
ProxyUsers.Authorize(ugi, request.GetRemoteHost());
}
catch (AuthorizationException ex)
{
HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden
, ex);
requestCompleted = true;
}
}
}
UgiTl.Set(ugi);
}
if (!requestCompleted)
{
UserGroupInformation ugiF = ugi;
try
{
request = new _HttpServletRequestWrapper_269(this, ugiF, request);
base.DoFilter(filterChain, request, response);
}
finally
{
UgiTl.Remove();
}
}
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
{
UserGroupInformation ugi;
ServletContext context = GetServletContext();
Configuration conf = NameNodeHttpServer.GetConfFromContext(context);
try
{
ugi = GetUGI(req, conf);
}
catch (IOException ioe)
{
Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr
(), ioe);
resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user"
);
return;
}
Log.Info("Sending token: {" + ugi.GetUserName() + "," + req.GetRemoteAddr() + "}"
);
NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context);
string renewer = req.GetParameter(Renewer);
string renewerFinal = (renewer == null) ? req.GetUserPrincipal().GetName() : renewer;
DataOutputStream dos = null;
try
{
dos = new DataOutputStream(resp.GetOutputStream());
DataOutputStream dosFinal = dos;
// for doAs block
ugi.DoAs(new _PrivilegedExceptionAction_69(nn, ugi, renewerFinal, dosFinal));
}
catch (Exception e)
{
Log.Info("Exception while sending token. Re-throwing ", e);
resp.SendError(HttpServletResponse.ScInternalServerError);
}
finally
{
if (dos != null)
{
dos.Close();
}
}
}
/// <exception cref="System.IO.IOException"/>
protected internal virtual bool IsValidRequestor(HttpServletRequest request, Configuration
conf)
{
string remotePrincipal = request.GetUserPrincipal().GetName();
string remoteShortName = request.GetRemoteUser();
if (remotePrincipal == null)
{
// This really shouldn't happen...
Log.Warn("Received null remoteUser while authorizing access to " + "GetJournalEditServlet"
);
return(false);
}
if (Log.IsDebugEnabled())
{
Log.Debug("Validating request made by " + remotePrincipal + " / " + remoteShortName
+ ". This user is: " + UserGroupInformation.GetLoginUser());
}
ICollection <string> validRequestors = new HashSet <string>();
Sharpen.Collections.AddAll(validRequestors, DFSUtil.GetAllNnPrincipals(conf));
try
{
validRequestors.AddItem(SecurityUtil.GetServerPrincipal(conf.Get(DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey
), SecondaryNameNode.GetHttpAddress(conf).GetHostName()));
}
catch (Exception e)
{
// Don't halt if SecondaryNameNode principal could not be added.
Log.Debug("SecondaryNameNode principal could not be added", e);
string msg = string.Format("SecondaryNameNode principal not considered, %s = %s, %s = %s"
, DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey, conf.Get(DFSConfigKeys
.DfsSecondaryNamenodeKerberosPrincipalKey), DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey
, conf.Get(DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey, DFSConfigKeys.DfsNamenodeSecondaryHttpAddressDefault
));
Log.Warn(msg);
}
// Check the full principal name of all the configured valid requestors.
foreach (string v in validRequestors)
{
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is comparing to valid requestor: " + v);
}
if (v != null && v.Equals(remotePrincipal))
{
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is allowing: " + remotePrincipal);
}
return(true);
}
}
// Additionally, we compare the short name of the requestor to this JN's
// username, because we want to allow requests from other JNs during
// recovery, but we can't enumerate the full list of JNs.
if (remoteShortName.Equals(UserGroupInformation.GetLoginUser().GetShortUserName()
))
{
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is allowing other JN principal: " + remotePrincipal);
}
return(true);
}
if (Log.IsDebugEnabled())
{
Log.Debug("isValidRequestor is rejecting: " + remotePrincipal);
}
return(false);
}
/// <exception cref="System.IO.IOException"/>
private void ValidateRequest(ServletContext context, Configuration conf, HttpServletRequest
request, HttpServletResponse response, FSImage nnImage, string theirStorageInfoString
)
{
if (UserGroupInformation.IsSecurityEnabled() && !IsValidRequestor(context, request
.GetUserPrincipal().GetName(), conf))
{
string errorMsg = "Only Namenode, Secondary Namenode, and administrators may access "
+ "this servlet";
response.SendError(HttpServletResponse.ScForbidden, errorMsg);
Log.Warn("Received non-NN/SNN/administrator request for image or edits from " + request
.GetUserPrincipal().GetName() + " at " + request.GetRemoteHost());
throw new IOException(errorMsg);
}
string myStorageInfoString = nnImage.GetStorage().ToColonSeparatedString();
if (theirStorageInfoString != null && !myStorageInfoString.Equals(theirStorageInfoString
))
{
string errorMsg = "This namenode has storage info " + myStorageInfoString + " but the secondary expected "
+ theirStorageInfoString;
response.SendError(HttpServletResponse.ScForbidden, errorMsg);
Log.Warn("Received an invalid request file transfer request " + "from a secondary with storage info "
+ theirStorageInfoString);
throw new IOException(errorMsg);
}
}
/// <exception cref="Javax.Servlet.ServletException"/>
/// <exception cref="System.IO.IOException"/>
protected override void DoGet(HttpServletRequest req, HttpServletResponse resp)
{
resp.SetStatus(HttpServletResponse.ScOk);
resp.GetWriter().Write(req.GetUserPrincipal().GetName());
}