//Empty /// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Servlet.ServletException"/> public virtual void DoFilter(ServletRequest req, ServletResponse resp, FilterChain chain) { ProxyUtils.RejectNonHttpRequests(req); HttpServletRequest httpReq = (HttpServletRequest)req; HttpServletResponse httpResp = (HttpServletResponse)resp; if (Log.IsDebugEnabled()) { Log.Debug("Remote address for request is: {}", httpReq.GetRemoteAddr()); } if (!GetProxyAddresses().Contains(httpReq.GetRemoteAddr())) { string redirectUrl = FindRedirectUrl(); string target = redirectUrl + httpReq.GetRequestURI(); ProxyUtils.SendRedirect(httpReq, httpResp, target); return; } string user = null; if (httpReq.GetCookies() != null) { foreach (Cookie c in httpReq.GetCookies()) { if (WebAppProxyServlet.ProxyUserCookieName.Equals(c.GetName())) { user = c.GetValue(); break; } } } if (user == null) { if (Log.IsDebugEnabled()) { Log.Debug("Could not find " + WebAppProxyServlet.ProxyUserCookieName + " cookie, so user will not be set" ); } chain.DoFilter(req, resp); } else { AmIpPrincipal principal = new AmIpPrincipal(user); ServletRequest requestWrapper = new AmIpServletRequestWrapper(httpReq, principal); chain.DoFilter(requestWrapper, resp); } }
/// <summary>Test AmIpFilter</summary> /// <exception cref="System.Exception"/> public virtual void TestFilter() { IDictionary <string, string> @params = new Dictionary <string, string>(); @params[AmIpFilter.ProxyHost] = proxyHost; @params[AmIpFilter.ProxyUriBase] = proxyUri; FilterConfig config = new TestAmFilter.DummyFilterConfig(@params); // dummy filter FilterChain chain = new _FilterChain_135(this); AmIpFilter testFilter = new AmIpFilter(); testFilter.Init(config); TestAmFilter.HttpServletResponseForTest response = new TestAmFilter.HttpServletResponseForTest (this); // Test request should implements HttpServletRequest ServletRequest failRequest = Org.Mockito.Mockito.Mock <ServletRequest>(); try { testFilter.DoFilter(failRequest, response, chain); NUnit.Framework.Assert.Fail(); } catch (ServletException e) { NUnit.Framework.Assert.AreEqual(ProxyUtils.EHttpHttpsOnly, e.Message); } // request with HttpServletRequest HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); Org.Mockito.Mockito.When(request.GetRemoteAddr()).ThenReturn("redirect"); Org.Mockito.Mockito.When(request.GetRequestURI()).ThenReturn("/redirect"); testFilter.DoFilter(request, response, chain); // address "redirect" is not in host list NUnit.Framework.Assert.AreEqual(302, response.status); string redirect = response.GetHeader(ProxyUtils.Location); NUnit.Framework.Assert.AreEqual("http://bogus/redirect", redirect); // "127.0.0.1" contains in host list. Without cookie Org.Mockito.Mockito.When(request.GetRemoteAddr()).ThenReturn("127.0.0.1"); testFilter.DoFilter(request, response, chain); NUnit.Framework.Assert.IsTrue(doFilterRequest.Contains("javax.servlet.http.HttpServletRequest" )); // cookie added Cookie[] cookies = new Cookie[1]; cookies[0] = new Cookie(WebAppProxyServlet.ProxyUserCookieName, "user"); Org.Mockito.Mockito.When(request.GetCookies()).ThenReturn(cookies); testFilter.DoFilter(request, response, chain); NUnit.Framework.Assert.AreEqual("org.apache.hadoop.yarn.server.webproxy.amfilter.AmIpServletRequestWrapper" , doFilterRequest); // request contains principal from cookie NUnit.Framework.Assert.AreEqual("user", servletWrapper.GetUserPrincipal().GetName ()); NUnit.Framework.Assert.AreEqual("user", servletWrapper.GetRemoteUser()); NUnit.Framework.Assert.IsFalse(servletWrapper.IsUserInRole(string.Empty)); }
private int SetCookieParams(Controller.RequestContext rc, HttpServletRequest req) { Cookie[] cookies = req.GetCookies(); if (cookies != null) { foreach (Cookie cookie in cookies) { rc.Cookies()[cookie.GetName()] = cookie; } return(cookies.Length); } return(0); }
// OK public virtual IDictionary <string, Cookie> Cookies() { if (cookies == null) { cookies = Maps.NewHashMap(); Cookie[] rcookies = request.GetCookies(); if (rcookies != null) { foreach (Cookie cookie in rcookies) { cookies[cookie.GetName()] = cookie; } } } return(cookies); }
/// <exception cref="System.Exception"/> public virtual void FilterNullCookies() { HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); Org.Mockito.Mockito.When(request.GetCookies()).ThenReturn(null); Org.Mockito.Mockito.When(request.GetRemoteAddr()).ThenReturn(proxyHost); HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>(); AtomicBoolean invoked = new AtomicBoolean(); FilterChain chain = new _FilterChain_104(invoked); IDictionary <string, string> @params = new Dictionary <string, string>(); @params[AmIpFilter.ProxyHost] = proxyHost; @params[AmIpFilter.ProxyUriBase] = proxyUri; FilterConfig conf = new TestAmFilter.DummyFilterConfig(@params); Filter filter = new TestAmFilter.TestAmIpFilter(this); filter.Init(conf); filter.DoFilter(request, response, chain); NUnit.Framework.Assert.IsTrue(invoked.Get()); filter.Destroy(); }
/// <summary> /// Returns the /// <see cref="AuthenticationToken"/> /// for the request. /// <p> /// It looks at the received HTTP cookies and extracts the value of the /// <see cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticatedURL.AuthCookie /// "/> /// if present. It verifies the signature and if correct it creates the /// <see cref="AuthenticationToken"/> /// and returns /// it. /// <p> /// If this method returns <code>null</code> the filter will invoke the configured /// <see cref="AuthenticationHandler"/> /// to perform user authentication. /// </summary> /// <param name="request">request object.</param> /// <returns>the Authentication token if the request is authenticated, <code>null</code> otherwise. /// </returns> /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// ">thrown if the token is invalid or if it has expired.</exception> protected internal virtual AuthenticationToken GetToken(HttpServletRequest request ) { AuthenticationToken token = null; string tokenStr = null; Cookie[] cookies = request.GetCookies(); if (cookies != null) { foreach (Cookie cookie in cookies) { if (cookie.GetName().Equals(AuthenticatedURL.AuthCookie)) { tokenStr = cookie.GetValue(); try { tokenStr = signer.VerifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = ((AuthenticationToken)AuthenticationToken.Parse(tokenStr)); if (!token.GetType().Equals(authHandler.GetType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.IsExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } return(token); }
/// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { try { string userApprovedParamS = req.GetParameter(ProxyUriUtils.ProxyApprovalParam); bool userWasWarned = false; bool userApproved = Sharpen.Extensions.ValueOf(userApprovedParamS); bool securityEnabled = IsSecurityEnabled(); string remoteUser = req.GetRemoteUser(); string pathInfo = req.GetPathInfo(); string[] parts = pathInfo.Split("/", 3); if (parts.Length < 2) { Log.Warn("{} gave an invalid proxy path {}", remoteUser, pathInfo); NotFound(resp, "Your path appears to be formatted incorrectly."); return; } //parts[0] is empty because path info always starts with a / string appId = parts[1]; string rest = parts.Length > 2 ? parts[2] : string.Empty; ApplicationId id = Apps.ToAppID(appId); if (id == null) { Log.Warn("{} attempting to access {} that is invalid", remoteUser, appId); NotFound(resp, appId + " appears to be formatted incorrectly."); return; } if (securityEnabled) { string cookieName = GetCheckCookieName(id); Cookie[] cookies = req.GetCookies(); if (cookies != null) { foreach (Cookie c in cookies) { if (cookieName.Equals(c.GetName())) { userWasWarned = true; userApproved = userApproved || Sharpen.Extensions.ValueOf(c.GetValue()); break; } } } } bool checkUser = securityEnabled && (!userWasWarned || !userApproved); AppReportFetcher.FetchedAppReport fetchedAppReport = null; ApplicationReport applicationReport = null; try { fetchedAppReport = GetApplicationReport(id); if (fetchedAppReport != null) { if (fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Rm && fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Ahs) { throw new NotSupportedException("Application report not " + "fetched from RM or history server." ); } applicationReport = fetchedAppReport.GetApplicationReport(); } } catch (ApplicationNotFoundException) { applicationReport = null; } if (applicationReport == null) { Log.Warn("{} attempting to access {} that was not found", remoteUser, id); URI toFetch = ProxyUriUtils.GetUriFromTrackingPlugins(id, this.trackingUriPlugins ); if (toFetch != null) { ProxyUtils.SendRedirect(req, resp, toFetch.ToString()); return; } NotFound(resp, "Application " + appId + " could not be found " + "in RM or history server" ); return; } string original = applicationReport.GetOriginalTrackingUrl(); URI trackingUri; if (original == null || original.Equals("N/A") || original.Equals(string.Empty)) { if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Rm) { // fallback to ResourceManager's app page if no tracking URI provided // and Application Report was fetched from RM Log.Debug("Original tracking url is '{}'. Redirecting to RM app page", original == null ? "NULL" : original); ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(rmAppPageUrlBase, id.ToString ())); } else { if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Ahs) { // fallback to Application History Server app page if the application // report was fetched from AHS Log.Debug("Original tracking url is '{}'. Redirecting to AHS app page", original == null ? "NULL" : original); ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(ahsAppPageUrlBase, id.ToString ())); } } return; } else { if (ProxyUriUtils.GetSchemeFromUrl(original).IsEmpty()) { trackingUri = ProxyUriUtils.GetUriFromAMUrl(WebAppUtils.GetHttpSchemePrefix(conf) , original); } else { trackingUri = new URI(original); } } string runningUser = applicationReport.GetUser(); if (checkUser && !runningUser.Equals(remoteUser)) { Log.Info("Asking {} if they want to connect to the " + "app master GUI of {} owned by {}" , remoteUser, appId, runningUser); WarnUserPage(resp, ProxyUriUtils.GetPathAndQuery(id, rest, req.GetQueryString(), true), runningUser, id); return; } // Append the user-provided path and query parameter to the original // tracking url. IList <NameValuePair> queryPairs = URLEncodedUtils.Parse(req.GetQueryString(), null ); UriBuilder builder = UriBuilder.FromUri(trackingUri); foreach (NameValuePair pair in queryPairs) { builder.QueryParam(pair.GetName(), pair.GetValue()); } URI toFetch_1 = builder.Path(rest).Build(); Log.Info("{} is accessing unchecked {}" + " which is the app master GUI of {} owned by {}" , remoteUser, toFetch_1, appId, runningUser); switch (applicationReport.GetYarnApplicationState()) { case YarnApplicationState.Killed: case YarnApplicationState.Finished: case YarnApplicationState.Failed: { ProxyUtils.SendRedirect(req, resp, toFetch_1.ToString()); return; } default: { break; } } // fall out of the switch Cookie c_1 = null; if (userWasWarned && userApproved) { c_1 = MakeCheckCookie(id, true); } ProxyLink(req, resp, toFetch_1, c_1, GetProxyHost()); } catch (Exception e) { throw new IOException(e); } }