/// <summary> /// Get /// <see cref="Org.Apache.Hadoop.Security.UserGroupInformation"/> /// and possibly the delegation token out of /// the request. /// </summary> /// <param name="context">the ServletContext that is serving this request.</param> /// <param name="request">the http request</param> /// <param name="conf">configuration</param> /// <param name="secureAuthMethod">the AuthenticationMethod used in secure mode.</param> /// <param name="tryUgiParameter">Should it try the ugi parameter?</param> /// <returns>a new user from the request</returns> /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if the request has no token /// </exception> /// <exception cref="System.IO.IOException"/> public static UserGroupInformation GetUGI(ServletContext context, HttpServletRequest request, Configuration conf, UserGroupInformation.AuthenticationMethod secureAuthMethod , bool tryUgiParameter) { UserGroupInformation ugi = null; string usernameFromQuery = GetUsernameFromQuery(request, tryUgiParameter); string doAsUserFromQuery = request.GetParameter(DoAsParam.Name); string remoteUser; if (UserGroupInformation.IsSecurityEnabled()) { remoteUser = request.GetRemoteUser(); string tokenString = request.GetParameter(DelegationParameterName); if (tokenString != null) { // Token-based connections need only verify the effective user, and // disallow proxying to different user. Proxy authorization checks // are not required since the checks apply to issuing a token. ugi = GetTokenUGI(context, request, tokenString, conf); CheckUsername(ugi.GetShortUserName(), usernameFromQuery); CheckUsername(ugi.GetShortUserName(), doAsUserFromQuery); } else { if (remoteUser == null) { throw new IOException("Security enabled but user not authenticated by filter"); } } } else { // Security's not on, pull from url or use default web user remoteUser = (usernameFromQuery == null) ? GetDefaultWebUserName(conf) : usernameFromQuery; } // not specified in request if (ugi == null) { // security is off, or there's no token ugi = UserGroupInformation.CreateRemoteUser(remoteUser); CheckUsername(ugi.GetShortUserName(), usernameFromQuery); if (UserGroupInformation.IsSecurityEnabled()) { // This is not necessarily true, could have been auth'ed by user-facing // filter ugi.SetAuthenticationMethod(secureAuthMethod); } if (doAsUserFromQuery != null) { // create and attempt to authorize a proxy user ugi = UserGroupInformation.CreateProxyUser(doAsUserFromQuery, ugi); ProxyUsers.Authorize(ugi, GetRemoteAddr(request)); } } if (Log.IsDebugEnabled()) { Log.Debug("getUGI is returning: " + ugi.GetShortUserName()); } return(ugi); }
/// <summary> /// Enforces the content-type to be application/octet-stream for /// POST and PUT requests. /// </summary> /// <param name="request">servlet request.</param> /// <param name="response">servlet response.</param> /// <param name="chain">filter chain.</param> /// <exception cref="System.IO.IOException">thrown if an IO error occurrs.</exception> /// <exception cref="Javax.Servlet.ServletException">thrown if a servet error occurrs. /// </exception> public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain chain) { bool contentTypeOK = true; HttpServletRequest httpReq = (HttpServletRequest)request; HttpServletResponse httpRes = (HttpServletResponse)response; string method = httpReq.GetMethod(); if (method.Equals("PUT") || method.Equals("POST")) { string op = httpReq.GetParameter(HttpFSFileSystem.OpParam); if (op != null && UploadOperations.Contains(StringUtils.ToUpperCase(op))) { if (Sharpen.Runtime.EqualsIgnoreCase("true", httpReq.GetParameter(HttpFSParametersProvider.DataParam .Name))) { string contentType = httpReq.GetContentType(); contentTypeOK = Sharpen.Runtime.EqualsIgnoreCase(HttpFSFileSystem.UploadContentType , contentType); } } } if (contentTypeOK) { chain.DoFilter(httpReq, httpRes); } else { httpRes.SendError(HttpServletResponse.ScBadRequest, "Data upload requests must have content-type set to '" + HttpFSFileSystem.UploadContentType + "'"); } }
/// <exception cref="System.Exception"/> private void TestNonManagementOperation() { HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); Org.Mockito.Mockito.When(request.GetParameter(DelegationTokenAuthenticator.OpParam )).ThenReturn(null); Assert.True(handler.ManagementOperation(null, request, null)); Org.Mockito.Mockito.When(request.GetParameter(DelegationTokenAuthenticator.OpParam )).ThenReturn("CREATE"); Assert.True(handler.ManagementOperation(null, request, null)); }
private HttpServletRequest GetMockRequest(string remoteUser, string user, string doAs) { HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); Org.Mockito.Mockito.When(request.GetParameter(UserParam.Name)).ThenReturn(user); if (doAs != null) { Org.Mockito.Mockito.When(request.GetParameter(DoAsParam.Name)).ThenReturn(doAs); } Org.Mockito.Mockito.When(request.GetRemoteUser()).ThenReturn(remoteUser); return(request); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { FileInputStream editFileIn = null; try { ServletContext context = GetServletContext(); Configuration conf = (Configuration)GetServletContext().GetAttribute(JspHelper.CurrentConf ); string journalId = request.GetParameter(JournalIdParam); QuorumJournalManager.CheckJournalId(journalId); JNStorage storage = JournalNodeHttpServer.GetJournalFromContext(context, journalId ).GetStorage(); // Check security if (!CheckRequestorOrSendError(conf, request, response)) { return; } // Check that the namespace info is correct if (!CheckStorageInfoOrSendError(storage, request, response)) { return; } long segmentTxId = ServletUtil.ParseLongParam(request, SegmentTxidParam); FileJournalManager fjm = storage.GetJournalManager(); FilePath editFile; lock (fjm) { // Synchronize on the FJM so that the file doesn't get finalized // out from underneath us while we're in the process of opening // it up. FileJournalManager.EditLogFile elf = fjm.GetLogFile(segmentTxId); if (elf == null) { response.SendError(HttpServletResponse.ScNotFound, "No edit log found starting at txid " + segmentTxId); return; } editFile = elf.GetFile(); ImageServlet.SetVerificationHeadersForGet(response, editFile); ImageServlet.SetFileNameHeaders(response, editFile); editFileIn = new FileInputStream(editFile); } DataTransferThrottler throttler = ImageServlet.GetThrottler(conf); // send edits TransferFsImage.CopyFileToStream(response.GetOutputStream(), editFile, editFileIn , throttler); } catch (Exception t) { string errMsg = "getedit failed. " + StringUtils.StringifyException(t); response.SendError(HttpServletResponse.ScInternalServerError, errMsg); throw new IOException(errMsg); } finally { IOUtils.CloseStream(editFileIn); } }
private static string GetUsernameFromQuery(HttpServletRequest request, bool tryUgiParameter ) { string username = request.GetParameter(UserParam.Name); if (username == null && tryUgiParameter) { //try ugi parameter string ugiStr = request.GetParameter("ugi"); if (ugiStr != null) { username = ugiStr.Split(",")[0]; } } return(username); }
/// <exception cref="System.IO.IOException"/> private bool CheckStorageInfoOrSendError(JNStorage storage, HttpServletRequest request , HttpServletResponse response) { int myNsId = storage.GetNamespaceID(); string myClusterId = storage.GetClusterID(); string theirStorageInfoString = StringEscapeUtils.EscapeHtml(request.GetParameter (StorageinfoParam)); if (theirStorageInfoString != null) { int theirNsId = StorageInfo.GetNsIdFromColonSeparatedString(theirStorageInfoString ); string theirClusterId = StorageInfo.GetClusterIdFromColonSeparatedString(theirStorageInfoString ); if (myNsId != theirNsId || !myClusterId.Equals(theirClusterId)) { string msg = "This node has namespaceId '" + myNsId + " and clusterId '" + myClusterId + "' but the requesting node expected '" + theirNsId + "' and '" + theirClusterId + "'"; response.SendError(HttpServletResponse.ScForbidden, msg); Log.Warn("Received an invalid request file transfer request from " + request.GetRemoteAddr () + ": " + msg); return(false); } } return(true); }
/// <summary>Get DFSClient for a namenode corresponding to the BPID from a datanode</summary> /// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> public static DFSClient GetDFSClient(HttpServletRequest request, DataNode datanode , Configuration conf, UserGroupInformation ugi) { string nnAddr = request.GetParameter(JspHelper.NamenodeAddress); return(GetDFSClient(ugi, nnAddr, conf)); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// "/> public override AuthenticationToken Authenticate(HttpServletRequest request, HttpServletResponse response) { AuthenticationToken token = null; if (request.GetParameter("authenticated") != null) { token = new AuthenticationToken(request.GetParameter("authenticated"), "U", "test" ); } else { response.SetStatus(HttpServletResponse.ScUnauthorized); response.SetHeader(KerberosAuthenticator.WwwAuthenticate, "dummy"); } return(token); }
public virtual string Get(string key, string defaultValue) { string value = MoreParams()[key]; if (value == null) { value = request.GetParameter(key); } return(value == null ? defaultValue : value); }
public virtual void TestGetUgi() { conf.Set(DFSConfigKeys.FsDefaultNameKey, "hdfs://localhost:4321/"); HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); ServletContext context = Org.Mockito.Mockito.Mock <ServletContext>(); string user = "******"; Text userText = new Text(user); DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText, userText , null); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(dtId, new TestJspHelper.DummySecretManager(0, 0, 0, 0)); string tokenString = token.EncodeToUrlString(); Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName)) .ThenReturn(tokenString); Org.Mockito.Mockito.When(request.GetRemoteUser()).ThenReturn(user); //Test attribute in the url to be used as service in the token. Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn ("1.1.1.1:1111"); conf.Set(DFSConfigKeys.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); VerifyServiceInToken(context, request, "1.1.1.1:1111"); //Test attribute name.node.address //Set the nnaddr url parameter to null. Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn (null); IPEndPoint addr = new IPEndPoint("localhost", 2222); Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey )).ThenReturn(addr); VerifyServiceInToken(context, request, addr.Address.GetHostAddress() + ":2222"); //Test service already set in the token token.SetService(new Text("3.3.3.3:3333")); tokenString = token.EncodeToUrlString(); //Set the name.node.address attribute in Servlet context to null Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey )).ThenReturn(null); Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName)) .ThenReturn(tokenString); VerifyServiceInToken(context, request, "3.3.3.3:3333"); }
/// <param name="request">the object from which this servlet reads the url contents</param> /// <param name="response">the object into which this servlet writes the url contents /// </param> /// <exception cref="System.IO.IOException">if the request is bad</exception> public GetImageParams(HttpServletRequest request, HttpServletResponse response) { IDictionary <string, string[]> pmap = request.GetParameterMap(); isGetImage = isGetEdit = fetchLatest = false; foreach (KeyValuePair <string, string[]> entry in pmap) { string key = entry.Key; string[] val = entry.Value; if (key.Equals("getimage")) { isGetImage = true; try { txId = ServletUtil.ParseLongParam(request, TxidParam); string imageType = ServletUtil.GetParameter(request, ImageFileType); nnf = imageType == null ? NNStorage.NameNodeFile.Image : NNStorage.NameNodeFile.ValueOf (imageType); } catch (FormatException nfe) { if (request.GetParameter(TxidParam).Equals(LatestFsimageValue)) { fetchLatest = true; } else { throw; } } } else { if (key.Equals("getedit")) { isGetEdit = true; startTxId = ServletUtil.ParseLongParam(request, StartTxidParam); endTxId = ServletUtil.ParseLongParam(request, EndTxidParam); } else { if (key.Equals(StorageinfoParam)) { storageInfoString = val[0]; } } } } int numGets = (isGetImage ? 1 : 0) + (isGetEdit ? 1 : 0); if ((numGets > 1) || (numGets == 0)) { throw new IOException("Illegal parameters to TransferFsImage"); } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Servlet.ServletException"/> public override void DoFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) { HttpServletRequest httpRequest = ToLowerCase((HttpServletRequest)request); string tokenString = httpRequest.GetParameter(DelegationParam.Name); if (tokenString != null) { //Token is present in the url, therefore token will be used for //authentication, bypass kerberos authentication. filterChain.DoFilter(httpRequest, response); return; } base.DoFilter(httpRequest, response, filterChain); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { UserGroupInformation ugi; ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); try { ugi = GetUGI(req, conf); } catch (IOException ioe) { Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr (), ioe); resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user" ); return; } NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); string tokenString = req.GetParameter(Token); if (tokenString == null) { resp.SendError(HttpServletResponse.ScMultipleChoices, "Token to renew not specified" ); } Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token.DecodeFromUrlString(tokenString); try { long result = ugi.DoAs(new _PrivilegedExceptionAction_73(nn, token)); PrintWriter os = new PrintWriter(new OutputStreamWriter(resp.GetOutputStream(), Charsets .Utf8)); os.WriteLine(result); os.Close(); } catch (Exception e) { // transfer exception over the http string exceptionClass = e.GetType().FullName; string exceptionMsg = e.GetLocalizedMessage(); string strException = exceptionClass + ";" + exceptionMsg; Log.Info("Exception while renewing token. Re-throwing. s=" + strException, e); resp.SendError(HttpServletResponse.ScInternalServerError, strException); } }
public virtual void TestInstances() { Injector injector = WebAppTests.CreateMockInjector(this); HttpServletRequest req = injector.GetInstance <HttpServletRequest>(); HttpServletResponse res = injector.GetInstance <HttpServletResponse>(); string val = req.GetParameter("foo"); PrintWriter @out = res.GetWriter(); @out.WriteLine("Hello world!"); LogInstances(req, res, @out); NUnit.Framework.Assert.AreSame(req, injector.GetInstance <HttpServletRequest>()); NUnit.Framework.Assert.AreSame(res, injector.GetInstance <HttpServletResponse>()); NUnit.Framework.Assert.AreSame(this, injector.GetInstance <TestWebAppTests>()); Org.Mockito.Mockito.Verify(req).GetParameter("foo"); Org.Mockito.Mockito.Verify(res).GetWriter(); Org.Mockito.Mockito.Verify(@out).WriteLine("Hello world!"); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { UserGroupInformation ugi; ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); try { ugi = GetUGI(req, conf); } catch (IOException ioe) { Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr (), ioe); resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user" ); return; } Log.Info("Sending token: {" + ugi.GetUserName() + "," + req.GetRemoteAddr() + "}" ); NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); string renewer = req.GetParameter(Renewer); string renewerFinal = (renewer == null) ? req.GetUserPrincipal().GetName() : renewer; DataOutputStream dos = null; try { dos = new DataOutputStream(resp.GetOutputStream()); DataOutputStream dosFinal = dos; // for doAs block ugi.DoAs(new _PrivilegedExceptionAction_69(nn, ugi, renewerFinal, dosFinal)); } catch (Exception e) { Log.Info("Exception while sending token. Re-throwing ", e); resp.SendError(HttpServletResponse.ScInternalServerError); } finally { if (dos != null) { dos.Close(); } } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { InputStreamReader @in = new InputStreamReader(request.GetInputStream()); TextWriter @out = new TextWriter(response.GetOutputStream()); calledTimes++; try { requestUri = new URI(null, null, request.GetRequestURI(), request.GetQueryString( ), null); foundJobState = request.GetParameter("status"); } catch (URISyntaxException) { } @in.Close(); @out.Close(); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { PrintWriter @out = response.GetWriter(); ICollection <string> sortedKeys = new TreeSet <string>(); Enumeration <string> keys = request.GetParameterNames(); while (keys.MoveNext()) { sortedKeys.AddItem(keys.Current); } foreach (string key in sortedKeys) { @out.Write(key); @out.Write(':'); @out.Write(request.GetParameter(key)); @out.Write('\n'); } @out.Close(); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { if (!HttpServer2.IsInstrumentationAccessAllowed(GetServletContext(), request, response )) { return; } string format = request.GetParameter("format"); ICollection <MetricsContext> allContexts = ContextFactory.GetFactory().GetAllContexts (); if ("json".Equals(format)) { response.SetContentType("application/json; charset=utf-8"); PrintWriter @out = response.GetWriter(); try { // Uses Jetty's built-in JSON support to convert the map into JSON. @out.Write(new JSON().ToJSON(MakeMap(allContexts))); } finally { @out.Close(); } } else { PrintWriter @out = response.GetWriter(); try { PrintMap(@out, MakeMap(allContexts)); } finally { @out.Close(); } } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { UserGroupInformation ugi; ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); try { ugi = GetUGI(req, conf); } catch (IOException ioe) { Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr (), ioe); resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user" ); return; } NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); string tokenString = req.GetParameter(Token); if (tokenString == null) { resp.SendError(HttpServletResponse.ScMultipleChoices, "Token to renew not specified" ); } Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); token.DecodeFromUrlString(tokenString); try { ugi.DoAs(new _PrivilegedExceptionAction_70(nn, token)); } catch (Exception e) { Log.Info("Exception while cancelling token. Re-throwing. ", e); resp.SendError(HttpServletResponse.ScInternalServerError, e.Message); } }
private static IPEndPoint GetNNServiceAddress(ServletContext context, HttpServletRequest request) { string namenodeAddressInUrl = request.GetParameter(NamenodeAddress); IPEndPoint namenodeAddress = null; if (namenodeAddressInUrl != null) { namenodeAddress = NetUtils.CreateSocketAddr(namenodeAddressInUrl); } else { if (context != null) { namenodeAddress = NameNodeHttpServer.GetNameNodeAddressFromContext(context); } } if (namenodeAddress != null) { return(namenodeAddress); } return(null); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { if (!HttpServer2.IsInstrumentationAccessAllowed(GetServletContext(), request, response )) { return; } string format = request.GetParameter(FormatParam); if (null == format) { format = FormatXml; } if (FormatXml.Equals(format)) { response.SetContentType("text/xml; charset=utf-8"); } else { if (FormatJson.Equals(format)) { response.SetContentType("application/json; charset=utf-8"); } } TextWriter @out = response.GetWriter(); try { WriteResponse(GetConfFromContext(), @out, format); } catch (ConfServlet.BadFormatException bfe) { response.SendError(HttpServletResponse.ScBadRequest, bfe.Message); } @out.Close(); }
/// <summary>Build a map from the query string, setting values and defaults.</summary> protected internal virtual IDictionary <string, string> BuildRoot(HttpServletRequest request, XMLOutputter doc) { string path = ServletUtil.GetDecodedPath(request, "/listPaths"); string exclude = request.GetParameter("exclude") != null?request.GetParameter("exclude" ) : string.Empty; string filter = request.GetParameter("filter") != null?request.GetParameter("filter" ) : ".*"; bool recur = request.GetParameter("recursive") != null && "yes".Equals(request.GetParameter ("recursive")); IDictionary <string, string> root = new Dictionary <string, string>(); root["path"] = path; root["recursive"] = recur ? "yes" : "no"; root["filter"] = filter; root["exclude"] = exclude; root["time"] = df.Get().Format(new DateTime()); root["version"] = VersionInfo.GetVersion(); return(root); }
/// <summary>Apply configuratio changes after admin has approved them.</summary> /// <exception cref="Org.Apache.Hadoop.Conf.ReconfigurationException"/> private void ApplyChanges(PrintWriter @out, Reconfigurable reconf, HttpServletRequest req) { Configuration oldConf = reconf.GetConf(); Configuration newConf = new Configuration(); Enumeration <string> @params = GetParams(req); lock (oldConf) { while (@params.MoveNext()) { string rawParam = @params.Current; string param = StringEscapeUtils.UnescapeHtml(rawParam); string value = StringEscapeUtils.UnescapeHtml(req.GetParameter(rawParam)); if (value != null) { if (value.Equals(newConf.GetRaw(param)) || value.Equals("default") || value.Equals ("null") || value.IsEmpty()) { if ((value.Equals("default") || value.Equals("null") || value.IsEmpty()) && oldConf .GetRaw(param) != null) { @out.WriteLine("<p>Changed \"" + StringEscapeUtils.EscapeHtml(param) + "\" from \"" + StringEscapeUtils.EscapeHtml(oldConf.GetRaw(param)) + "\" to default</p>"); reconf.ReconfigureProperty(param, null); } else { if (!value.Equals("default") && !value.Equals("null") && !value.IsEmpty() && (oldConf .GetRaw(param) == null || !oldConf.GetRaw(param).Equals(value))) { // change from default or value to different value if (oldConf.GetRaw(param) == null) { @out.WriteLine("<p>Changed \"" + StringEscapeUtils.EscapeHtml(param) + "\" from default to \"" + StringEscapeUtils.EscapeHtml(value) + "\"</p>"); } else { @out.WriteLine("<p>Changed \"" + StringEscapeUtils.EscapeHtml(param) + "\" from \"" + StringEscapeUtils.EscapeHtml(oldConf.GetRaw(param)) + "\" to \"" + StringEscapeUtils .EscapeHtml(value) + "\"</p>"); } reconf.ReconfigureProperty(param, value); } else { Log.Info("property " + param + " unchanged"); } } } else { // parameter value != newConf value @out.WriteLine("<p>\"" + StringEscapeUtils.EscapeHtml(param) + "\" not changed because value has changed from \"" + StringEscapeUtils.EscapeHtml(value) + "\" to \"" + StringEscapeUtils.EscapeHtml (newConf.GetRaw(param)) + "\" since approval</p>"); } } } } }
/// <summary>Process a GET request for the specified resource.</summary> /// <param name="request">The servlet request we are processing</param> /// <param name="response">The servlet response we are creating</param> protected override void DoGet(HttpServletRequest request, HttpServletResponse response ) { string jsonpcb = null; PrintWriter writer = null; try { if (!IsInstrumentationAccessAllowed(request, response)) { return; } JsonGenerator jg = null; try { writer = response.GetWriter(); response.SetContentType("application/json; charset=utf8"); response.SetHeader(AccessControlAllowMethods, "GET"); response.SetHeader(AccessControlAllowOrigin, "*"); JsonFactory jsonFactory = new JsonFactory(); jg = jsonFactory.CreateJsonGenerator(writer); jg.Disable(JsonGenerator.Feature.AutoCloseTarget); jg.UseDefaultPrettyPrinter(); jg.WriteStartObject(); if (mBeanServer == null) { jg.WriteStringField("result", "ERROR"); jg.WriteStringField("message", "No MBeanServer could be found"); jg.Close(); Log.Error("No MBeanServer could be found."); response.SetStatus(HttpServletResponse.ScNotFound); return; } // query per mbean attribute string getmethod = request.GetParameter("get"); if (getmethod != null) { string[] splitStrings = getmethod.Split("\\:\\:"); if (splitStrings.Length != 2) { jg.WriteStringField("result", "ERROR"); jg.WriteStringField("message", "query format is not as expected."); jg.Close(); response.SetStatus(HttpServletResponse.ScBadRequest); return; } ListBeans(jg, new ObjectName(splitStrings[0]), splitStrings[1], response); jg.Close(); return; } // query per mbean string qry = request.GetParameter("qry"); if (qry == null) { qry = "*:*"; } ListBeans(jg, new ObjectName(qry), null, response); } finally { if (jg != null) { jg.Close(); } if (writer != null) { writer.Close(); } } } catch (IOException e) { Log.Error("Caught an exception while processing JMX request", e); response.SetStatus(HttpServletResponse.ScInternalServerError); } catch (MalformedObjectNameException e) { Log.Error("Caught an exception while processing JMX request", e); response.SetStatus(HttpServletResponse.ScBadRequest); } finally { if (writer != null) { writer.Close(); } } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Servlet.ServletException"/> public override void DoFilter(HttpServletRequest request, HttpServletResponse response , FilterChain chain) { response.SetCharacterEncoding("UTF-8"); string uri = HtmlQuoting.QuoteHtmlChars(request.GetRequestURI()); if (uri == null) { uri = "/"; } RMWebApp rmWebApp = injector.GetInstance <RMWebApp>(); rmWebApp.CheckIfStandbyRM(); if (rmWebApp.IsStandby() && ShouldRedirect(rmWebApp, uri)) { string redirectPath = rmWebApp.GetRedirectPath(); if (redirectPath != null && !redirectPath.IsEmpty()) { redirectPath += uri; string redirectMsg = "This is standby RM. The redirect url is: " + redirectPath; PrintWriter @out = response.GetWriter(); @out.WriteLine(redirectMsg); response.SetHeader("Location", redirectPath); response.SetStatus(HttpServletResponse.ScTemporaryRedirect); return; } else { bool doRetry = true; string retryIntervalStr = request.GetParameter(YarnWebParams.NextRefreshInterval); int retryInterval = 0; if (retryIntervalStr != null) { try { retryInterval = System.Convert.ToInt32(retryIntervalStr.Trim()); } catch (FormatException) { doRetry = false; } } int next = CalculateExponentialTime(retryInterval); string redirectUrl = AppendOrReplaceParamter(path + uri, YarnWebParams.NextRefreshInterval + "=" + (retryInterval + 1)); if (redirectUrl == null || next > MaxSleepTime) { doRetry = false; } string redirectMsg = doRetry ? "Can not find any active RM. Will retry in next " + next + " seconds." : "There is no active RM right now."; redirectMsg += "\nHA Zookeeper Connection State: " + rmWebApp.GetHAZookeeperConnectionState (); PrintWriter @out = response.GetWriter(); @out.WriteLine(redirectMsg); if (doRetry) { response.SetHeader("Refresh", next + ";url=" + redirectUrl); response.SetStatus(HttpServletResponse.ScTemporaryRedirect); } } return; } base.DoFilter(request, response, chain); }
/// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { try { string userApprovedParamS = req.GetParameter(ProxyUriUtils.ProxyApprovalParam); bool userWasWarned = false; bool userApproved = Sharpen.Extensions.ValueOf(userApprovedParamS); bool securityEnabled = IsSecurityEnabled(); string remoteUser = req.GetRemoteUser(); string pathInfo = req.GetPathInfo(); string[] parts = pathInfo.Split("/", 3); if (parts.Length < 2) { Log.Warn("{} gave an invalid proxy path {}", remoteUser, pathInfo); NotFound(resp, "Your path appears to be formatted incorrectly."); return; } //parts[0] is empty because path info always starts with a / string appId = parts[1]; string rest = parts.Length > 2 ? parts[2] : string.Empty; ApplicationId id = Apps.ToAppID(appId); if (id == null) { Log.Warn("{} attempting to access {} that is invalid", remoteUser, appId); NotFound(resp, appId + " appears to be formatted incorrectly."); return; } if (securityEnabled) { string cookieName = GetCheckCookieName(id); Cookie[] cookies = req.GetCookies(); if (cookies != null) { foreach (Cookie c in cookies) { if (cookieName.Equals(c.GetName())) { userWasWarned = true; userApproved = userApproved || Sharpen.Extensions.ValueOf(c.GetValue()); break; } } } } bool checkUser = securityEnabled && (!userWasWarned || !userApproved); AppReportFetcher.FetchedAppReport fetchedAppReport = null; ApplicationReport applicationReport = null; try { fetchedAppReport = GetApplicationReport(id); if (fetchedAppReport != null) { if (fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Rm && fetchedAppReport.GetAppReportSource() != AppReportFetcher.AppReportSource.Ahs) { throw new NotSupportedException("Application report not " + "fetched from RM or history server." ); } applicationReport = fetchedAppReport.GetApplicationReport(); } } catch (ApplicationNotFoundException) { applicationReport = null; } if (applicationReport == null) { Log.Warn("{} attempting to access {} that was not found", remoteUser, id); URI toFetch = ProxyUriUtils.GetUriFromTrackingPlugins(id, this.trackingUriPlugins ); if (toFetch != null) { ProxyUtils.SendRedirect(req, resp, toFetch.ToString()); return; } NotFound(resp, "Application " + appId + " could not be found " + "in RM or history server" ); return; } string original = applicationReport.GetOriginalTrackingUrl(); URI trackingUri; if (original == null || original.Equals("N/A") || original.Equals(string.Empty)) { if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Rm) { // fallback to ResourceManager's app page if no tracking URI provided // and Application Report was fetched from RM Log.Debug("Original tracking url is '{}'. Redirecting to RM app page", original == null ? "NULL" : original); ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(rmAppPageUrlBase, id.ToString ())); } else { if (fetchedAppReport.GetAppReportSource() == AppReportFetcher.AppReportSource.Ahs) { // fallback to Application History Server app page if the application // report was fetched from AHS Log.Debug("Original tracking url is '{}'. Redirecting to AHS app page", original == null ? "NULL" : original); ProxyUtils.SendRedirect(req, resp, StringHelper.Pjoin(ahsAppPageUrlBase, id.ToString ())); } } return; } else { if (ProxyUriUtils.GetSchemeFromUrl(original).IsEmpty()) { trackingUri = ProxyUriUtils.GetUriFromAMUrl(WebAppUtils.GetHttpSchemePrefix(conf) , original); } else { trackingUri = new URI(original); } } string runningUser = applicationReport.GetUser(); if (checkUser && !runningUser.Equals(remoteUser)) { Log.Info("Asking {} if they want to connect to the " + "app master GUI of {} owned by {}" , remoteUser, appId, runningUser); WarnUserPage(resp, ProxyUriUtils.GetPathAndQuery(id, rest, req.GetQueryString(), true), runningUser, id); return; } // Append the user-provided path and query parameter to the original // tracking url. IList <NameValuePair> queryPairs = URLEncodedUtils.Parse(req.GetQueryString(), null ); UriBuilder builder = UriBuilder.FromUri(trackingUri); foreach (NameValuePair pair in queryPairs) { builder.QueryParam(pair.GetName(), pair.GetValue()); } URI toFetch_1 = builder.Path(rest).Build(); Log.Info("{} is accessing unchecked {}" + " which is the app master GUI of {} owned by {}" , remoteUser, toFetch_1, appId, runningUser); switch (applicationReport.GetYarnApplicationState()) { case YarnApplicationState.Killed: case YarnApplicationState.Finished: case YarnApplicationState.Failed: { ProxyUtils.SendRedirect(req, resp, toFetch_1.ToString()); return; } default: { break; } } // fall out of the switch Cookie c_1 = null; if (userWasWarned && userApproved) { c_1 = MakeCheckCookie(id, true); } ProxyLink(req, resp, toFetch_1, c_1, GetProxyHost()); } catch (Exception e) { throw new IOException(e); } }
/// <exception cref="System.Exception"/> private void Test(string method, string operation, string contentType, bool upload , bool error) { HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>(); Org.Mockito.Mockito.Reset(request); Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(method); Org.Mockito.Mockito.When(request.GetParameter(HttpFSFileSystem.OpParam)).ThenReturn (operation); Org.Mockito.Mockito.When(request.GetParameter(HttpFSParametersProvider.DataParam. Name)).ThenReturn(bool.ToString(upload)); Org.Mockito.Mockito.When(request.GetContentType()).ThenReturn(contentType); FilterChain chain = Org.Mockito.Mockito.Mock <FilterChain>(); Filter filter = new CheckUploadContentTypeFilter(); filter.DoFilter(request, response, chain); if (error) { Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse .ScBadRequest), Org.Mockito.Mockito.Contains("Data upload")); } else { Org.Mockito.Mockito.Verify(chain).DoFilter(request, response); } }