/// <summary>Create a redirection URL</summary> /// <exception cref="System.IO.IOException"/> private Uri CreateRedirectURL(string path, string encodedPath, HdfsFileStatus status , UserGroupInformation ugi, ClientProtocol nnproxy, HttpServletRequest request, string dt) { string scheme = request.GetScheme(); LocatedBlocks blks = nnproxy.GetBlockLocations(status.GetFullPath(new Path(path)) .ToUri().GetPath(), 0, 1); Configuration conf = NameNodeHttpServer.GetConfFromContext(GetServletContext()); DatanodeID host = PickSrcDatanode(blks, status, conf); string hostname; if (host is DatanodeInfo) { hostname = host.GetHostName(); } else { hostname = host.GetIpAddr(); } int port = "https".Equals(scheme) ? host.GetInfoSecurePort() : host.GetInfoPort(); string dtParam = string.Empty; if (dt != null) { dtParam = JspHelper.GetDelegationTokenUrlParam(dt); } // Add namenode address to the url params NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(GetServletContext()); string addr = nn.GetNameNodeAddressHostPortString(); string addrParam = JspHelper.GetUrlParam(JspHelper.NamenodeAddress, addr); return(new Uri(scheme, hostname, port, "/streamFile" + encodedPath + '?' + "ugi=" + ServletUtil.EncodeQueryValue(ugi.GetShortUserName()) + dtParam + addrParam)); }
/// <summary>Create a redirection URL</summary> /// <exception cref="System.IO.IOException"/> private Uri CreateRedirectURL(UserGroupInformation ugi, DatanodeID host, HttpServletRequest request, NameNode nn) { string hostname = host is DatanodeInfo?host.GetHostName() : host.GetIpAddr(); string scheme = request.GetScheme(); int port = host.GetInfoPort(); if ("https".Equals(scheme)) { int portObject = (int)GetServletContext().GetAttribute(DFSConfigKeys.DfsDatanodeHttpsPortKey ); if (portObject != null) { port = portObject; } } string encodedPath = ServletUtil.GetRawPath(request, "/fileChecksum"); string dtParam = string.Empty; if (UserGroupInformation.IsSecurityEnabled()) { string tokenString = ugi.GetTokens().GetEnumerator().Next().EncodeToUrlString(); dtParam = JspHelper.GetDelegationTokenUrlParam(tokenString); } string addr = nn.GetNameNodeAddressHostPortString(); string addrParam = JspHelper.GetUrlParam(JspHelper.NamenodeAddress, addr); return(new Uri(scheme, hostname, port, "/getFileChecksum" + encodedPath + '?' + "ugi=" + ServletUtil.EncodeQueryValue(ugi.GetShortUserName()) + dtParam + addrParam)); }
/// <summary> /// If the request has a valid authentication token it allows the request to continue to the target resource, /// otherwise it triggers an authentication sequence using the configured /// <see cref="AuthenticationHandler"/> /// . /// </summary> /// <param name="request">the request object.</param> /// <param name="response">the response object.</param> /// <param name="filterChain">the filter chain object.</param> /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception> /// <exception cref="Javax.Servlet.ServletException">thrown if a processing error occurred. /// </exception> public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) { bool unauthorizedResponse = true; int errCode = HttpServletResponse.ScUnauthorized; AuthenticationException authenticationEx = null; HttpServletRequest httpRequest = (HttpServletRequest)request; HttpServletResponse httpResponse = (HttpServletResponse)response; bool isHttps = "https".Equals(httpRequest.GetScheme()); try { bool newToken = false; AuthenticationToken token; try { token = GetToken(httpRequest); } catch (AuthenticationException ex) { Log.Warn("AuthenticationToken ignored: " + ex.Message); // will be sent back in a 401 unless filter authenticates authenticationEx = ex; token = null; } if (authHandler.ManagementOperation(token, httpRequest, httpResponse)) { if (token == null) { if (Log.IsDebugEnabled()) { Log.Debug("Request [{}] triggering authentication", GetRequestURL(httpRequest)); } token = authHandler.Authenticate(httpRequest, httpResponse); if (token != null && token.GetExpires() != 0 && token != AuthenticationToken.Anonymous) { token.SetExpires(Runtime.CurrentTimeMillis() + GetValidity() * 1000); } newToken = true; } if (token != null) { unauthorizedResponse = false; if (Log.IsDebugEnabled()) { Log.Debug("Request [{}] user [{}] authenticated", GetRequestURL(httpRequest), token .GetUserName()); } AuthenticationToken authToken = token; httpRequest = new _HttpServletRequestWrapper_532(authToken, httpRequest); if (newToken && !token.IsExpired() && token != AuthenticationToken.Anonymous) { string signedToken = signer.Sign(token.ToString()); CreateAuthCookie(httpResponse, signedToken, GetCookieDomain(), GetCookiePath(), token .GetExpires(), isHttps); } DoFilter(filterChain, httpRequest, httpResponse); } } else { unauthorizedResponse = false; } } catch (AuthenticationException ex) { // exception from the filter itself is fatal errCode = HttpServletResponse.ScForbidden; authenticationEx = ex; if (Log.IsDebugEnabled()) { Log.Debug("Authentication exception: " + ex.Message, ex); } else { Log.Warn("Authentication exception: " + ex.Message); } } if (unauthorizedResponse) { if (!httpResponse.IsCommitted()) { CreateAuthCookie(httpResponse, string.Empty, GetCookieDomain(), GetCookiePath(), 0, isHttps); // If response code is 401. Then WWW-Authenticate Header should be // present.. reset to 403 if not found.. if ((errCode == HttpServletResponse.ScUnauthorized) && (!httpResponse.ContainsHeader (KerberosAuthenticator.WwwAuthenticate))) { errCode = HttpServletResponse.ScForbidden; } if (authenticationEx == null) { httpResponse.SendError(errCode, "Authentication required"); } else { httpResponse.SendError(errCode, authenticationEx.Message); } } } }