/// <summary>Create a redirection URL</summary>
/// <exception cref="System.IO.IOException"/>
private Uri CreateRedirectURL(string path, string encodedPath, HdfsFileStatus status
, UserGroupInformation ugi, ClientProtocol nnproxy, HttpServletRequest request,
string dt)
{
string scheme = request.GetScheme();
LocatedBlocks blks = nnproxy.GetBlockLocations(status.GetFullPath(new Path(path))
.ToUri().GetPath(), 0, 1);
Configuration conf = NameNodeHttpServer.GetConfFromContext(GetServletContext());
DatanodeID host = PickSrcDatanode(blks, status, conf);
string hostname;
if (host is DatanodeInfo)
{
hostname = host.GetHostName();
}
else
{
hostname = host.GetIpAddr();
}
int port = "https".Equals(scheme) ? host.GetInfoSecurePort() : host.GetInfoPort();
string dtParam = string.Empty;
if (dt != null)
{
dtParam = JspHelper.GetDelegationTokenUrlParam(dt);
}
// Add namenode address to the url params
NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(GetServletContext());
string addr = nn.GetNameNodeAddressHostPortString();
string addrParam = JspHelper.GetUrlParam(JspHelper.NamenodeAddress, addr);
return(new Uri(scheme, hostname, port, "/streamFile" + encodedPath + '?' + "ugi="
+ ServletUtil.EncodeQueryValue(ugi.GetShortUserName()) + dtParam + addrParam));
}
/// <summary>Create a redirection URL</summary>
/// <exception cref="System.IO.IOException"/>
private Uri CreateRedirectURL(UserGroupInformation ugi, DatanodeID host, HttpServletRequest
request, NameNode nn)
{
string hostname = host is DatanodeInfo?host.GetHostName() : host.GetIpAddr();
string scheme = request.GetScheme();
int port = host.GetInfoPort();
if ("https".Equals(scheme))
{
int portObject = (int)GetServletContext().GetAttribute(DFSConfigKeys.DfsDatanodeHttpsPortKey
);
if (portObject != null)
{
port = portObject;
}
}
string encodedPath = ServletUtil.GetRawPath(request, "/fileChecksum");
string dtParam = string.Empty;
if (UserGroupInformation.IsSecurityEnabled())
{
string tokenString = ugi.GetTokens().GetEnumerator().Next().EncodeToUrlString();
dtParam = JspHelper.GetDelegationTokenUrlParam(tokenString);
}
string addr = nn.GetNameNodeAddressHostPortString();
string addrParam = JspHelper.GetUrlParam(JspHelper.NamenodeAddress, addr);
return(new Uri(scheme, hostname, port, "/getFileChecksum" + encodedPath + '?' + "ugi="
+ ServletUtil.EncodeQueryValue(ugi.GetShortUserName()) + dtParam + addrParam));
}
/// <summary>
/// If the request has a valid authentication token it allows the request to continue to the target resource,
/// otherwise it triggers an authentication sequence using the configured
/// <see cref="AuthenticationHandler"/>
/// .
/// </summary>
/// <param name="request">the request object.</param>
/// <param name="response">the response object.</param>
/// <param name="filterChain">the filter chain object.</param>
/// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
/// <exception cref="Javax.Servlet.ServletException">thrown if a processing error occurred.
/// </exception>
public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain
filterChain)
{
bool unauthorizedResponse = true;
int errCode = HttpServletResponse.ScUnauthorized;
AuthenticationException authenticationEx = null;
HttpServletRequest httpRequest = (HttpServletRequest)request;
HttpServletResponse httpResponse = (HttpServletResponse)response;
bool isHttps = "https".Equals(httpRequest.GetScheme());
try
{
bool newToken = false;
AuthenticationToken token;
try
{
token = GetToken(httpRequest);
}
catch (AuthenticationException ex)
{
Log.Warn("AuthenticationToken ignored: " + ex.Message);
// will be sent back in a 401 unless filter authenticates
authenticationEx = ex;
token = null;
}
if (authHandler.ManagementOperation(token, httpRequest, httpResponse))
{
if (token == null)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Request [{}] triggering authentication", GetRequestURL(httpRequest));
}
token = authHandler.Authenticate(httpRequest, httpResponse);
if (token != null && token.GetExpires() != 0 && token != AuthenticationToken.Anonymous)
{
token.SetExpires(Runtime.CurrentTimeMillis() + GetValidity() * 1000);
}
newToken = true;
}
if (token != null)
{
unauthorizedResponse = false;
if (Log.IsDebugEnabled())
{
Log.Debug("Request [{}] user [{}] authenticated", GetRequestURL(httpRequest), token
.GetUserName());
}
AuthenticationToken authToken = token;
httpRequest = new _HttpServletRequestWrapper_532(authToken, httpRequest);
if (newToken && !token.IsExpired() && token != AuthenticationToken.Anonymous)
{
string signedToken = signer.Sign(token.ToString());
CreateAuthCookie(httpResponse, signedToken, GetCookieDomain(), GetCookiePath(), token
.GetExpires(), isHttps);
}
DoFilter(filterChain, httpRequest, httpResponse);
}
}
else
{
unauthorizedResponse = false;
}
}
catch (AuthenticationException ex)
{
// exception from the filter itself is fatal
errCode = HttpServletResponse.ScForbidden;
authenticationEx = ex;
if (Log.IsDebugEnabled())
{
Log.Debug("Authentication exception: " + ex.Message, ex);
}
else
{
Log.Warn("Authentication exception: " + ex.Message);
}
}
if (unauthorizedResponse)
{
if (!httpResponse.IsCommitted())
{
CreateAuthCookie(httpResponse, string.Empty, GetCookieDomain(), GetCookiePath(),
0, isHttps);
// If response code is 401. Then WWW-Authenticate Header should be
// present.. reset to 403 if not found..
if ((errCode == HttpServletResponse.ScUnauthorized) && (!httpResponse.ContainsHeader
(KerberosAuthenticator.WwwAuthenticate)))
{
errCode = HttpServletResponse.ScForbidden;
}
if (authenticationEx == null)
{
httpResponse.SendError(errCode, "Authentication required");
}
else
{
httpResponse.SendError(errCode, authenticationEx.Message);
}
}
}
}