/// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Servlet.ServletException"/> public override void DoFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) { KMSAuthenticationFilter.KMSResponse kmsResponse = new KMSAuthenticationFilter.KMSResponse (response); base.DoFilter(request, kmsResponse, filterChain); if (kmsResponse.statusCode != HttpServletResponse.ScOk && kmsResponse.statusCode != HttpServletResponse.ScCreated && kmsResponse.statusCode != HttpServletResponse .ScUnauthorized) { KMSWebApp.GetInvalidCallsMeter().Mark(); } // HttpServletResponse.SC_UNAUTHORIZED is because the request does not // belong to an authenticated user. if (kmsResponse.statusCode == HttpServletResponse.ScUnauthorized) { KMSWebApp.GetUnauthenticatedCallsMeter().Mark(); string method = ((HttpServletRequest)request).GetMethod(); StringBuilder requestURL = ((HttpServletRequest)request).GetRequestURL(); string queryString = ((HttpServletRequest)request).GetQueryString(); if (queryString != null) { requestURL.Append("?").Append(queryString); } KMSWebApp.GetKMSAudit().Unauthenticated(request.GetRemoteHost(), method, requestURL .ToString(), kmsResponse.msg); } }
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> public virtual void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi, KMS.KMSOp operation, string key) { if (!KMSWebApp.GetACLs().HasAccess(aclType, ugi)) { KMSWebApp.GetUnauthorizedCallsMeter().Mark(); KMSWebApp.GetKMSAudit().Unauthorized(ugi, operation, key); throw new AuthorizationException(string.Format((key != null) ? UnauthorizedMsgWithKey : UnauthorizedMsgWithoutKey, ugi.GetShortUserName(), operation, key)); } }
/// <summary>Maps different exceptions thrown by KMS to HTTP status codes.</summary> public virtual Response ToResponse(Exception exception) { Response.Status status; bool doAudit = true; Exception throwable = exception; if (exception is ContainerException) { throwable = exception.InnerException; } if (throwable is SecurityException) { status = Response.Status.Forbidden; } else { if (throwable is AuthenticationException) { status = Response.Status.Forbidden; // we don't audit here because we did it already when checking access doAudit = false; } else { if (throwable is AuthorizationException) { status = Response.Status.Forbidden; // we don't audit here because we did it already when checking access doAudit = false; } else { if (throwable is AccessControlException) { status = Response.Status.Forbidden; } else { if (exception is IOException) { status = Response.Status.InternalServerError; } else { if (exception is NotSupportedException) { status = Response.Status.BadRequest; } else { if (exception is ArgumentException) { status = Response.Status.BadRequest; } else { status = Response.Status.InternalServerError; } } } } } } } if (doAudit) { KMSWebApp.GetKMSAudit().Error(KMSMDCFilter.GetUgi(), KMSMDCFilter.GetMethod(), KMSMDCFilter .GetURL(), GetOneLineMessage(exception)); } return(CreateResponse(status, throwable)); }
/// <exception cref="System.Exception"/> public KMS() { provider = KMSWebApp.GetKeyProvider(); kmsAudit = KMSWebApp.GetKMSAudit(); }