internal static bool IsValidRequestor(ServletContext context, string remoteUser,
Configuration conf)
{
if (remoteUser == null)
{
// This really shouldn't happen...
Log.Warn("Received null remoteUser while authorizing access to getImage servlet");
return(false);
}
ICollection <string> validRequestors = new HashSet <string>();
validRequestors.AddItem(SecurityUtil.GetServerPrincipal(conf.Get(DFSConfigKeys.DfsNamenodeKerberosPrincipalKey
), NameNode.GetAddress(conf).GetHostName()));
try
{
validRequestors.AddItem(SecurityUtil.GetServerPrincipal(conf.Get(DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey
), SecondaryNameNode.GetHttpAddress(conf).GetHostName()));
}
catch (Exception e)
{
// Don't halt if SecondaryNameNode principal could not be added.
Log.Debug("SecondaryNameNode principal could not be added", e);
string msg = string.Format("SecondaryNameNode principal not considered, %s = %s, %s = %s"
, DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey, conf.Get(DFSConfigKeys
.DfsSecondaryNamenodeKerberosPrincipalKey), DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey
, conf.GetTrimmed(DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey, DFSConfigKeys
.DfsNamenodeSecondaryHttpAddressDefault));
Log.Warn(msg);
}
if (HAUtil.IsHAEnabled(conf, DFSUtil.GetNamenodeNameServiceId(conf)))
{
Configuration otherNnConf = HAUtil.GetConfForOtherNode(conf);
validRequestors.AddItem(SecurityUtil.GetServerPrincipal(otherNnConf.Get(DFSConfigKeys
.DfsNamenodeKerberosPrincipalKey), NameNode.GetAddress(otherNnConf).GetHostName(
)));
}
foreach (string v in validRequestors)
{
if (v != null && v.Equals(remoteUser))
{
Log.Info("ImageServlet allowing checkpointer: " + remoteUser);
return(true);
}
}
if (HttpServer2.UserHasAdministratorAccess(context, remoteUser))
{
Log.Info("ImageServlet allowing administrator: " + remoteUser);
return(true);
}
Log.Info("ImageServlet rejecting: " + remoteUser);
return(false);
}