예제 #1
0
        /// <summary>Create a redirection URL</summary>
        /// <exception cref="System.IO.IOException"/>
        private Uri CreateRedirectURL(string path, string encodedPath, HdfsFileStatus status
                                      , UserGroupInformation ugi, ClientProtocol nnproxy, HttpServletRequest request,
                                      string dt)
        {
            string        scheme = request.GetScheme();
            LocatedBlocks blks   = nnproxy.GetBlockLocations(status.GetFullPath(new Path(path))
                                                             .ToUri().GetPath(), 0, 1);
            Configuration conf = NameNodeHttpServer.GetConfFromContext(GetServletContext());
            DatanodeID    host = PickSrcDatanode(blks, status, conf);
            string        hostname;

            if (host is DatanodeInfo)
            {
                hostname = host.GetHostName();
            }
            else
            {
                hostname = host.GetIpAddr();
            }
            int    port    = "https".Equals(scheme) ? host.GetInfoSecurePort() : host.GetInfoPort();
            string dtParam = string.Empty;

            if (dt != null)
            {
                dtParam = JspHelper.GetDelegationTokenUrlParam(dt);
            }
            // Add namenode address to the url params
            NameNode nn        = NameNodeHttpServer.GetNameNodeFromContext(GetServletContext());
            string   addr      = nn.GetNameNodeAddressHostPortString();
            string   addrParam = JspHelper.GetUrlParam(JspHelper.NamenodeAddress, addr);

            return(new Uri(scheme, hostname, port, "/streamFile" + encodedPath + '?' + "ugi="
                           + ServletUtil.EncodeQueryValue(ugi.GetShortUserName()) + dtParam + addrParam));
        }
예제 #2
0
            /// <summary>Create a redirection URL</summary>
            /// <exception cref="System.IO.IOException"/>
            private Uri CreateRedirectURL(UserGroupInformation ugi, DatanodeID host, HttpServletRequest
                                          request, NameNode nn)
            {
                string hostname = host is DatanodeInfo?host.GetHostName() : host.GetIpAddr();

                string scheme = request.GetScheme();
                int    port   = host.GetInfoPort();

                if ("https".Equals(scheme))
                {
                    int portObject = (int)GetServletContext().GetAttribute(DFSConfigKeys.DfsDatanodeHttpsPortKey
                                                                           );
                    if (portObject != null)
                    {
                        port = portObject;
                    }
                }
                string encodedPath = ServletUtil.GetRawPath(request, "/fileChecksum");
                string dtParam     = string.Empty;

                if (UserGroupInformation.IsSecurityEnabled())
                {
                    string tokenString = ugi.GetTokens().GetEnumerator().Next().EncodeToUrlString();
                    dtParam = JspHelper.GetDelegationTokenUrlParam(tokenString);
                }
                string addr      = nn.GetNameNodeAddressHostPortString();
                string addrParam = JspHelper.GetUrlParam(JspHelper.NamenodeAddress, addr);

                return(new Uri(scheme, hostname, port, "/getFileChecksum" + encodedPath + '?' + "ugi="
                               + ServletUtil.EncodeQueryValue(ugi.GetShortUserName()) + dtParam + addrParam));
            }
예제 #3
0
        /// <summary>
        /// If the request has a valid authentication token it allows the request to continue to the target resource,
        /// otherwise it triggers an authentication sequence using the configured
        /// <see cref="AuthenticationHandler"/>
        /// .
        /// </summary>
        /// <param name="request">the request object.</param>
        /// <param name="response">the response object.</param>
        /// <param name="filterChain">the filter chain object.</param>
        /// <exception cref="System.IO.IOException">thrown if an IO error occurred.</exception>
        /// <exception cref="Javax.Servlet.ServletException">thrown if a processing error occurred.
        ///     </exception>
        public virtual void DoFilter(ServletRequest request, ServletResponse response, FilterChain
                                     filterChain)
        {
            bool unauthorizedResponse = true;
            int  errCode = HttpServletResponse.ScUnauthorized;
            AuthenticationException authenticationEx = null;
            HttpServletRequest      httpRequest      = (HttpServletRequest)request;
            HttpServletResponse     httpResponse     = (HttpServletResponse)response;
            bool isHttps = "https".Equals(httpRequest.GetScheme());

            try
            {
                bool newToken = false;
                AuthenticationToken token;
                try
                {
                    token = GetToken(httpRequest);
                }
                catch (AuthenticationException ex)
                {
                    Log.Warn("AuthenticationToken ignored: " + ex.Message);
                    // will be sent back in a 401 unless filter authenticates
                    authenticationEx = ex;
                    token            = null;
                }
                if (authHandler.ManagementOperation(token, httpRequest, httpResponse))
                {
                    if (token == null)
                    {
                        if (Log.IsDebugEnabled())
                        {
                            Log.Debug("Request [{}] triggering authentication", GetRequestURL(httpRequest));
                        }
                        token = authHandler.Authenticate(httpRequest, httpResponse);
                        if (token != null && token.GetExpires() != 0 && token != AuthenticationToken.Anonymous)
                        {
                            token.SetExpires(Runtime.CurrentTimeMillis() + GetValidity() * 1000);
                        }
                        newToken = true;
                    }
                    if (token != null)
                    {
                        unauthorizedResponse = false;
                        if (Log.IsDebugEnabled())
                        {
                            Log.Debug("Request [{}] user [{}] authenticated", GetRequestURL(httpRequest), token
                                      .GetUserName());
                        }
                        AuthenticationToken authToken = token;
                        httpRequest = new _HttpServletRequestWrapper_532(authToken, httpRequest);
                        if (newToken && !token.IsExpired() && token != AuthenticationToken.Anonymous)
                        {
                            string signedToken = signer.Sign(token.ToString());
                            CreateAuthCookie(httpResponse, signedToken, GetCookieDomain(), GetCookiePath(), token
                                             .GetExpires(), isHttps);
                        }
                        DoFilter(filterChain, httpRequest, httpResponse);
                    }
                }
                else
                {
                    unauthorizedResponse = false;
                }
            }
            catch (AuthenticationException ex)
            {
                // exception from the filter itself is fatal
                errCode          = HttpServletResponse.ScForbidden;
                authenticationEx = ex;
                if (Log.IsDebugEnabled())
                {
                    Log.Debug("Authentication exception: " + ex.Message, ex);
                }
                else
                {
                    Log.Warn("Authentication exception: " + ex.Message);
                }
            }
            if (unauthorizedResponse)
            {
                if (!httpResponse.IsCommitted())
                {
                    CreateAuthCookie(httpResponse, string.Empty, GetCookieDomain(), GetCookiePath(),
                                     0, isHttps);
                    // If response code is 401. Then WWW-Authenticate Header should be
                    // present.. reset to 403 if not found..
                    if ((errCode == HttpServletResponse.ScUnauthorized) && (!httpResponse.ContainsHeader
                                                                                (KerberosAuthenticator.WwwAuthenticate)))
                    {
                        errCode = HttpServletResponse.ScForbidden;
                    }
                    if (authenticationEx == null)
                    {
                        httpResponse.SendError(errCode, "Authentication required");
                    }
                    else
                    {
                        httpResponse.SendError(errCode, authenticationEx.Message);
                    }
                }
            }
        }