/// <exception cref="System.IO.IOException"/> private void ValidateRequest(ServletContext context, Configuration conf, HttpServletRequest request, HttpServletResponse response, FSImage nnImage, string theirStorageInfoString ) { if (UserGroupInformation.IsSecurityEnabled() && !IsValidRequestor(context, request .GetUserPrincipal().GetName(), conf)) { string errorMsg = "Only Namenode, Secondary Namenode, and administrators may access " + "this servlet"; response.SendError(HttpServletResponse.ScForbidden, errorMsg); Log.Warn("Received non-NN/SNN/administrator request for image or edits from " + request .GetUserPrincipal().GetName() + " at " + request.GetRemoteHost()); throw new IOException(errorMsg); } string myStorageInfoString = nnImage.GetStorage().ToColonSeparatedString(); if (theirStorageInfoString != null && !myStorageInfoString.Equals(theirStorageInfoString )) { string errorMsg = "This namenode has storage info " + myStorageInfoString + " but the secondary expected " + theirStorageInfoString; response.SendError(HttpServletResponse.ScForbidden, errorMsg); Log.Warn("Received an invalid request file transfer request " + "from a secondary with storage info " + theirStorageInfoString); throw new IOException(errorMsg); } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { FileInputStream editFileIn = null; try { ServletContext context = GetServletContext(); Configuration conf = (Configuration)GetServletContext().GetAttribute(JspHelper.CurrentConf ); string journalId = request.GetParameter(JournalIdParam); QuorumJournalManager.CheckJournalId(journalId); JNStorage storage = JournalNodeHttpServer.GetJournalFromContext(context, journalId ).GetStorage(); // Check security if (!CheckRequestorOrSendError(conf, request, response)) { return; } // Check that the namespace info is correct if (!CheckStorageInfoOrSendError(storage, request, response)) { return; } long segmentTxId = ServletUtil.ParseLongParam(request, SegmentTxidParam); FileJournalManager fjm = storage.GetJournalManager(); FilePath editFile; lock (fjm) { // Synchronize on the FJM so that the file doesn't get finalized // out from underneath us while we're in the process of opening // it up. FileJournalManager.EditLogFile elf = fjm.GetLogFile(segmentTxId); if (elf == null) { response.SendError(HttpServletResponse.ScNotFound, "No edit log found starting at txid " + segmentTxId); return; } editFile = elf.GetFile(); ImageServlet.SetVerificationHeadersForGet(response, editFile); ImageServlet.SetFileNameHeaders(response, editFile); editFileIn = new FileInputStream(editFile); } DataTransferThrottler throttler = ImageServlet.GetThrottler(conf); // send edits TransferFsImage.CopyFileToStream(response.GetOutputStream(), editFile, editFileIn , throttler); } catch (Exception t) { string errMsg = "getedit failed. " + StringUtils.StringifyException(t); response.SendError(HttpServletResponse.ScInternalServerError, errMsg); throw new IOException(errMsg); } finally { IOUtils.CloseStream(editFileIn); } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse res) { string queryString = req.GetQueryString(); switch (counter) { case 0: { VerifyQuery(queryString, "SUCCEEDED"); break; } case 2: { VerifyQuery(queryString, "KILLED"); break; } case 4: { VerifyQuery(queryString, "FAILED"); break; } } if (counter % 2 == 0) { res.SendError(HttpServletResponse.ScBadRequest, "forcing error"); } else { res.SetStatus(HttpServletResponse.ScOk); } counter++; }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoPut(HttpServletRequest request, HttpServletResponse response ) { try { ServletContext context = GetServletContext(); FSImage nnImage = NameNodeHttpServer.GetFsImageFromContext(context); Configuration conf = (Configuration)GetServletContext().GetAttribute(JspHelper.CurrentConf ); ImageServlet.PutImageParams parsedParams = new ImageServlet.PutImageParams(request , response, conf); NameNodeMetrics metrics = NameNode.GetNameNodeMetrics(); ValidateRequest(context, conf, request, response, nnImage, parsedParams.GetStorageInfoString ()); UserGroupInformation.GetCurrentUser().DoAs(new _PrivilegedExceptionAction_458(parsedParams , nnImage, response, request, conf, metrics)); } catch (Exception t) { // Metrics non-null only when used inside name node // Now that we have a new checkpoint, we might be able to // remove some old ones. string errMsg = "PutImage failed. " + StringUtils.StringifyException(t); response.SendError(HttpServletResponse.ScGone, errMsg); throw new IOException(errMsg); } }
/// <exception cref="System.IO.IOException"/> private bool CheckStorageInfoOrSendError(JNStorage storage, HttpServletRequest request , HttpServletResponse response) { int myNsId = storage.GetNamespaceID(); string myClusterId = storage.GetClusterID(); string theirStorageInfoString = StringEscapeUtils.EscapeHtml(request.GetParameter (StorageinfoParam)); if (theirStorageInfoString != null) { int theirNsId = StorageInfo.GetNsIdFromColonSeparatedString(theirStorageInfoString ); string theirClusterId = StorageInfo.GetClusterIdFromColonSeparatedString(theirStorageInfoString ); if (myNsId != theirNsId || !myClusterId.Equals(theirClusterId)) { string msg = "This node has namespaceId '" + myNsId + " and clusterId '" + myClusterId + "' but the requesting node expected '" + theirNsId + "' and '" + theirClusterId + "'"; response.SendError(HttpServletResponse.ScForbidden, msg); Log.Warn("Received an invalid request file transfer request from " + request.GetRemoteAddr () + ": " + msg); return(false); } } return(true); }
/// <summary> /// Enforces the content-type to be application/octet-stream for /// POST and PUT requests. /// </summary> /// <param name="request">servlet request.</param> /// <param name="response">servlet response.</param> /// <param name="chain">filter chain.</param> /// <exception cref="System.IO.IOException">thrown if an IO error occurrs.</exception> /// <exception cref="Javax.Servlet.ServletException">thrown if a servet error occurrs. /// </exception> public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain chain) { bool contentTypeOK = true; HttpServletRequest httpReq = (HttpServletRequest)request; HttpServletResponse httpRes = (HttpServletResponse)response; string method = httpReq.GetMethod(); if (method.Equals("PUT") || method.Equals("POST")) { string op = httpReq.GetParameter(HttpFSFileSystem.OpParam); if (op != null && UploadOperations.Contains(StringUtils.ToUpperCase(op))) { if (Sharpen.Runtime.EqualsIgnoreCase("true", httpReq.GetParameter(HttpFSParametersProvider.DataParam .Name))) { string contentType = httpReq.GetContentType(); contentTypeOK = Sharpen.Runtime.EqualsIgnoreCase(HttpFSFileSystem.UploadContentType , contentType); } } } if (contentTypeOK) { chain.DoFilter(httpReq, httpRes); } else { httpRes.SendError(HttpServletResponse.ScBadRequest, "Data upload requests must have content-type set to '" + HttpFSFileSystem.UploadContentType + "'"); } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { UserGroupInformation ugi; ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); try { ugi = GetUGI(req, conf); } catch (IOException ioe) { Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr (), ioe); resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user" ); return; } NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); string tokenString = req.GetParameter(Token); if (tokenString == null) { resp.SendError(HttpServletResponse.ScMultipleChoices, "Token to renew not specified" ); } Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token.DecodeFromUrlString(tokenString); try { long result = ugi.DoAs(new _PrivilegedExceptionAction_73(nn, token)); PrintWriter os = new PrintWriter(new OutputStreamWriter(resp.GetOutputStream(), Charsets .Utf8)); os.WriteLine(result); os.Close(); } catch (Exception e) { // transfer exception over the http string exceptionClass = e.GetType().FullName; string exceptionMsg = e.GetLocalizedMessage(); string strException = exceptionClass + ";" + exceptionMsg; Log.Info("Exception while renewing token. Re-throwing. s=" + strException, e); resp.SendError(HttpServletResponse.ScInternalServerError, strException); } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { UserGroupInformation ugi; ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); try { ugi = GetUGI(req, conf); } catch (IOException ioe) { Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr (), ioe); resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user" ); return; } Log.Info("Sending token: {" + ugi.GetUserName() + "," + req.GetRemoteAddr() + "}" ); NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); string renewer = req.GetParameter(Renewer); string renewerFinal = (renewer == null) ? req.GetUserPrincipal().GetName() : renewer; DataOutputStream dos = null; try { dos = new DataOutputStream(resp.GetOutputStream()); DataOutputStream dosFinal = dos; // for doAs block ugi.DoAs(new _PrivilegedExceptionAction_69(nn, ugi, renewerFinal, dosFinal)); } catch (Exception e) { Log.Info("Exception while sending token. Re-throwing ", e); resp.SendError(HttpServletResponse.ScInternalServerError); } finally { if (dos != null) { dos.Close(); } } }
/// <summary>Service a GET request as described below.</summary> /// <remarks> /// Service a GET request as described below. /// Request: /// <c>GET http://<nn>:<port>/data[/<path>] HTTP/1.1</c> /// </remarks> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { Configuration conf = NameNodeHttpServer.GetConfFromContext(GetServletContext()); UserGroupInformation ugi = GetUGI(request, conf); try { ugi.DoAs(new _PrivilegedExceptionAction_116(this, request, response, ugi)); } catch (IOException e) { response.SendError(400, e.Message); } catch (Exception e) { response.SendError(400, e.Message); } }
/// <exception cref="System.IO.IOException"/> private bool CheckRequestorOrSendError(Configuration conf, HttpServletRequest request , HttpServletResponse response) { if (UserGroupInformation.IsSecurityEnabled() && !IsValidRequestor(request, conf)) { response.SendError(HttpServletResponse.ScForbidden, "Only Namenode and another JournalNode may access this servlet" ); Log.Warn("Received non-NN/JN request for edits from " + request.GetRemoteHost()); return(false); } return(true); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { UserGroupInformation ugi; ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); try { ugi = GetUGI(req, conf); } catch (IOException ioe) { Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr (), ioe); resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user" ); return; } NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); string tokenString = req.GetParameter(Token); if (tokenString == null) { resp.SendError(HttpServletResponse.ScMultipleChoices, "Token to renew not specified" ); } Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token.DecodeFromUrlString(tokenString); try { ugi.DoAs(new _PrivilegedExceptionAction_70(nn, token)); } catch (Exception e) { Log.Info("Exception while cancelling token. Re-throwing. ", e); resp.SendError(HttpServletResponse.ScInternalServerError, e.Message); } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); UserGroupInformation ugi = GetUGI(request, conf); NameNode namenode = NameNodeHttpServer.GetNameNodeFromContext(context); DatanodeID datanode = NamenodeJspHelper.GetRandomDatanode(namenode); try { response.SendRedirect(CreateRedirectURL(ugi, datanode, request, namenode).ToString ()); } catch (IOException e) { response.SendError(400, e.Message); } }
/// <summary>Handle fsck request</summary> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { IDictionary <string, string[]> pmap = request.GetParameterMap(); PrintWriter @out = response.GetWriter(); IPAddress remoteAddress = Sharpen.Extensions.GetAddressByName(request.GetRemoteAddr ()); ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); UserGroupInformation ugi = GetUGI(request, conf); try { ugi.DoAs(new _PrivilegedExceptionAction_58(context, conf, pmap, @out, remoteAddress )); } catch (Exception e) { response.SendError(400, e.Message); } }
/// <summary>Service a GET request as described below.</summary> /// <remarks> /// Service a GET request as described below. /// Request: /// <c>GET http://<nn>:<port>/listPaths[/<path>][<?option>[&option]*] HTTP/1.1 /// </c> /// Where <i>option</i> (default) in: /// recursive ("no") /// filter (".*") /// exclude ("\..*\.crc") /// Response: A flat list of files/directories in the following format: /// <c> /// <listing path="..." recursive="(yes|no)" filter="..." /// time="yyyy-MM-dd hh:mm:ss UTC" version="..."> /// <directory path="..." modified="yyyy-MM-dd hh:mm:ss"/> /// <file path="..." modified="yyyy-MM-dd'T'hh:mm:ssZ" accesstime="yyyy-MM-dd'T'hh:mm:ssZ" /// blocksize="..." /// replication="..." size="..."/> /// </listing> /// </c> /// </remarks> /// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { PrintWriter @out = response.GetWriter(); XMLOutputter doc = new XMLOutputter(@out, "UTF-8"); IDictionary <string, string> root = BuildRoot(request, doc); string path = root["path"]; string filePath = ServletUtil.GetDecodedPath(request, "/listPaths"); try { bool recur = "yes".Equals(root["recursive"]); Sharpen.Pattern filter = Sharpen.Pattern.Compile(root["filter"]); Sharpen.Pattern exclude = Sharpen.Pattern.Compile(root["exclude"]); Configuration conf = (Configuration)GetServletContext().GetAttribute(JspHelper.CurrentConf ); GetUGI(request, conf).DoAs(new _PrivilegedExceptionAction_149(this, doc, root, filePath , path, exclude, filter, recur)); } catch (IOException ioe) { WriteXml(ioe, path, doc); } catch (Exception e) { Log.Warn("ListPathServlet encountered InterruptedException", e); response.SendError(400, e.Message); } finally { if (doc != null) { doc.EndDocument(); } if (@out != null) { @out.Close(); } } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoPost(HttpServletRequest req, HttpServletResponse resp) { Log.Info("POST"); resp.SetContentType("text/html"); PrintWriter @out = resp.GetWriter(); Reconfigurable reconf = GetReconfigurable(req); string nodeName = reconf.GetType().GetCanonicalName(); PrintHeader(@out, nodeName); try { ApplyChanges(@out, reconf, req); } catch (ReconfigurationException e) { resp.SendError(HttpServletResponse.ScInternalServerError, StringUtils.StringifyException (e)); return; } @out.WriteLine("<p><a href=\"" + req.GetServletPath() + "\">back</a></p>"); PrintFooter(@out); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { if (!HttpServer2.IsInstrumentationAccessAllowed(GetServletContext(), request, response )) { return; } string format = request.GetParameter(FormatParam); if (null == format) { format = FormatXml; } if (FormatXml.Equals(format)) { response.SetContentType("text/xml; charset=utf-8"); } else { if (FormatJson.Equals(format)) { response.SetContentType("application/json; charset=utf-8"); } } TextWriter @out = response.GetWriter(); try { WriteResponse(GetConfFromContext(), @out, format); } catch (ConfServlet.BadFormatException bfe) { response.SendError(HttpServletResponse.ScBadRequest, bfe.Message); } @out.Close(); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { try { ServletContext context = GetServletContext(); FSImage nnImage = NameNodeHttpServer.GetFsImageFromContext(context); ImageServlet.GetImageParams parsedParams = new ImageServlet.GetImageParams(request , response); Configuration conf = (Configuration)context.GetAttribute(JspHelper.CurrentConf); NameNodeMetrics metrics = NameNode.GetNameNodeMetrics(); ValidateRequest(context, conf, request, response, nnImage, parsedParams.GetStorageInfoString ()); UserGroupInformation.GetCurrentUser().DoAs(new _PrivilegedExceptionAction_98(parsedParams , nnImage, metrics, response, conf)); } catch (Exception t) { // Metrics non-null only when used inside name node // Metrics non-null only when used inside name node // Potential race where the file was deleted while we were in the // process of setting headers! // It's possible the file could be deleted after this point, but // we've already opened the 'fis' stream. // It's also possible length could change, but this would be // detected by the client side as an inaccurate length header. // send file string errMsg = "GetImage failed. " + StringUtils.StringifyException(t); response.SendError(HttpServletResponse.ScGone, errMsg); throw new IOException(errMsg); } finally { response.GetOutputStream().Close(); } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// "/> public override bool ManagementOperation(AuthenticationToken token, HttpServletRequest request, HttpServletResponse response) { bool requestContinues = true; string op = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .OpParam); op = (op != null) ? StringUtils.ToUpperCase(op) : null; if (DelegationTokenOps.Contains(op) && !request.GetMethod().Equals("OPTIONS")) { DelegationTokenAuthenticator.DelegationTokenOperation dtOp = DelegationTokenAuthenticator.DelegationTokenOperation .ValueOf(op); if (dtOp.GetHttpMethod().Equals(request.GetMethod())) { bool doManagement; if (dtOp.RequiresKerberosCredentials() && token == null) { token = Authenticate(request, response); if (token == null) { requestContinues = false; doManagement = false; } else { doManagement = true; } } else { doManagement = true; } if (doManagement) { UserGroupInformation requestUgi = (token != null) ? UserGroupInformation.CreateRemoteUser (token.GetUserName()) : null; // Create the proxy user if doAsUser exists string doAsUser = DelegationTokenAuthenticationFilter.GetDoAs(request); if (requestUgi != null && doAsUser != null) { requestUgi = UserGroupInformation.CreateProxyUser(doAsUser, requestUgi); try { ProxyUsers.Authorize(requestUgi, request.GetRemoteHost()); } catch (AuthorizationException ex) { HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden , ex); return(false); } } IDictionary map = null; switch (dtOp) { case DelegationTokenAuthenticator.DelegationTokenOperation.Getdelegationtoken: { if (requestUgi == null) { throw new InvalidOperationException("request UGI cannot be NULL"); } string renewer = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .RenewerParam); try { Org.Apache.Hadoop.Security.Token.Token <object> dToken = tokenManager.CreateToken( requestUgi, renewer); map = DelegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.ToString(), ex); } break; } case DelegationTokenAuthenticator.DelegationTokenOperation.Renewdelegationtoken: { if (requestUgi == null) { throw new InvalidOperationException("request UGI cannot be NULL"); } string tokenToRenew = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .TokenParam); if (tokenToRenew == null) { response.SendError(HttpServletResponse.ScBadRequest, MessageFormat.Format("Operation [{0}] requires the parameter [{1}]" , dtOp, KerberosDelegationTokenAuthenticator.TokenParam)); requestContinues = false; } else { Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token(); try { dt.DecodeFromUrlString(tokenToRenew); long expirationTime = tokenManager.RenewToken(dt, requestUgi.GetShortUserName()); map = new Hashtable(); map["long"] = expirationTime; } catch (IOException ex) { throw new AuthenticationException(ex.ToString(), ex); } } break; } case DelegationTokenAuthenticator.DelegationTokenOperation.Canceldelegationtoken: { string tokenToCancel = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .TokenParam); if (tokenToCancel == null) { response.SendError(HttpServletResponse.ScBadRequest, MessageFormat.Format("Operation [{0}] requires the parameter [{1}]" , dtOp, KerberosDelegationTokenAuthenticator.TokenParam)); requestContinues = false; } else { Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token(); try { dt.DecodeFromUrlString(tokenToCancel); tokenManager.CancelToken(dt, (requestUgi != null) ? requestUgi.GetShortUserName() : null); } catch (IOException) { response.SendError(HttpServletResponse.ScNotFound, "Invalid delegation token, cannot cancel" ); requestContinues = false; } } break; } } if (requestContinues) { response.SetStatus(HttpServletResponse.ScOk); if (map != null) { response.SetContentType(MediaType.ApplicationJson); TextWriter writer = response.GetWriter(); ObjectMapper jsonMapper = new ObjectMapper(); jsonMapper.WriteValue(writer, map); writer.Write(Enter); writer.Flush(); } requestContinues = false; } } } else { response.SendError(HttpServletResponse.ScBadRequest, MessageFormat.Format("Wrong HTTP method [{0}] for operation [{1}], it should be " + "[{2}]", request.GetMethod(), dtOp, dtOp.GetHttpMethod())); requestContinues = false; } } return(requestContinues); }
/// <summary> /// If the request has a valid authentication token it allows the request to continue to the target resource, /// otherwise it triggers an authentication sequence using the configured /// <see cref="AuthenticationHandler"/> /// . /// </summary> /// <param name="request">the request object.</param> /// <param name="response">the response object.</param> /// <param name="filterChain">the filter chain object.</param> /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception> /// <exception cref="Javax.Servlet.ServletException">thrown if a processing error occurred. /// </exception> public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) { bool unauthorizedResponse = true; int errCode = HttpServletResponse.ScUnauthorized; AuthenticationException authenticationEx = null; HttpServletRequest httpRequest = (HttpServletRequest)request; HttpServletResponse httpResponse = (HttpServletResponse)response; bool isHttps = "https".Equals(httpRequest.GetScheme()); try { bool newToken = false; AuthenticationToken token; try { token = GetToken(httpRequest); } catch (AuthenticationException ex) { Log.Warn("AuthenticationToken ignored: " + ex.Message); // will be sent back in a 401 unless filter authenticates authenticationEx = ex; token = null; } if (authHandler.ManagementOperation(token, httpRequest, httpResponse)) { if (token == null) { if (Log.IsDebugEnabled()) { Log.Debug("Request [{}] triggering authentication", GetRequestURL(httpRequest)); } token = authHandler.Authenticate(httpRequest, httpResponse); if (token != null && token.GetExpires() != 0 && token != AuthenticationToken.Anonymous) { token.SetExpires(Runtime.CurrentTimeMillis() + GetValidity() * 1000); } newToken = true; } if (token != null) { unauthorizedResponse = false; if (Log.IsDebugEnabled()) { Log.Debug("Request [{}] user [{}] authenticated", GetRequestURL(httpRequest), token .GetUserName()); } AuthenticationToken authToken = token; httpRequest = new _HttpServletRequestWrapper_532(authToken, httpRequest); if (newToken && !token.IsExpired() && token != AuthenticationToken.Anonymous) { string signedToken = signer.Sign(token.ToString()); CreateAuthCookie(httpResponse, signedToken, GetCookieDomain(), GetCookiePath(), token .GetExpires(), isHttps); } DoFilter(filterChain, httpRequest, httpResponse); } } else { unauthorizedResponse = false; } } catch (AuthenticationException ex) { // exception from the filter itself is fatal errCode = HttpServletResponse.ScForbidden; authenticationEx = ex; if (Log.IsDebugEnabled()) { Log.Debug("Authentication exception: " + ex.Message, ex); } else { Log.Warn("Authentication exception: " + ex.Message); } } if (unauthorizedResponse) { if (!httpResponse.IsCommitted()) { CreateAuthCookie(httpResponse, string.Empty, GetCookieDomain(), GetCookiePath(), 0, isHttps); // If response code is 401. Then WWW-Authenticate Header should be // present.. reset to 403 if not found.. if ((errCode == HttpServletResponse.ScUnauthorized) && (!httpResponse.ContainsHeader (KerberosAuthenticator.WwwAuthenticate))) { errCode = HttpServletResponse.ScForbidden; } if (authenticationEx == null) { httpResponse.SendError(errCode, "Authentication required"); } else { httpResponse.SendError(errCode, authenticationEx.Message); } } } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { string path = ServletUtil.GetDecodedPath(request, "/streamFile"); string rawPath = ServletUtil.GetRawPath(request, "/streamFile"); string filename = JspHelper.ValidatePath(path); string rawFilename = JspHelper.ValidatePath(rawPath); if (filename == null) { response.SetContentType("text/plain"); PrintWriter @out = response.GetWriter(); @out.Write("Invalid input"); return; } Enumeration <string> reqRanges = request.GetHeaders("Range"); if (reqRanges != null && !reqRanges.MoveNext()) { reqRanges = null; } DFSClient dfs; try { dfs = GetDFSClient(request); } catch (Exception e) { response.SendError(400, e.Message); return; } HdfsDataInputStream @in = null; OutputStream out_1 = null; try { @in = dfs.CreateWrappedInputStream(dfs.Open(filename)); out_1 = response.GetOutputStream(); long fileLen = @in.GetVisibleLength(); if (reqRanges != null) { IList <InclusiveByteRange> ranges = InclusiveByteRange.SatisfiableRanges(reqRanges , fileLen); StreamFile.SendPartialData(@in, out_1, response, fileLen, ranges); } else { // No ranges, so send entire file response.SetHeader("Content-Disposition", "attachment; filename=\"" + rawFilename + "\""); response.SetContentType("application/octet-stream"); response.SetHeader(ContentLength, string.Empty + fileLen); StreamFile.CopyFromOffset(@in, out_1, 0L, fileLen); } @in.Close(); @in = null; out_1.Close(); out_1 = null; dfs.Close(); dfs = null; } catch (IOException ioe) { if (Log.IsDebugEnabled()) { Log.Debug("response.isCommitted()=" + response.IsCommitted(), ioe); } throw; } finally { IOUtils.Cleanup(Log, @in); IOUtils.Cleanup(Log, out_1); IOUtils.Cleanup(Log, dfs); } }