/// <exception cref="System.IO.IOException"/>
/// <exception cref="Javax.Servlet.ServletException"/>
public override void DoFilter(ServletRequest request, ServletResponse response, FilterChain
filterChain)
{
KMSAuthenticationFilter.KMSResponse kmsResponse = new KMSAuthenticationFilter.KMSResponse
(response);
base.DoFilter(request, kmsResponse, filterChain);
if (kmsResponse.statusCode != HttpServletResponse.ScOk && kmsResponse.statusCode
!= HttpServletResponse.ScCreated && kmsResponse.statusCode != HttpServletResponse
.ScUnauthorized)
{
KMSWebApp.GetInvalidCallsMeter().Mark();
}
// HttpServletResponse.SC_UNAUTHORIZED is because the request does not
// belong to an authenticated user.
if (kmsResponse.statusCode == HttpServletResponse.ScUnauthorized)
{
KMSWebApp.GetUnauthenticatedCallsMeter().Mark();
string method = ((HttpServletRequest)request).GetMethod();
StringBuilder requestURL = ((HttpServletRequest)request).GetRequestURL();
string queryString = ((HttpServletRequest)request).GetQueryString();
if (queryString != null)
{
requestURL.Append("?").Append(queryString);
}
KMSWebApp.GetKMSAudit().Unauthenticated(request.GetRemoteHost(), method, requestURL
.ToString(), kmsResponse.msg);
}
}
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
public virtual void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi,
KMS.KMSOp operation, string key)
{
if (!KMSWebApp.GetACLs().HasAccess(aclType, ugi))
{
KMSWebApp.GetUnauthorizedCallsMeter().Mark();
KMSWebApp.GetKMSAudit().Unauthorized(ugi, operation, key);
throw new AuthorizationException(string.Format((key != null) ? UnauthorizedMsgWithKey
: UnauthorizedMsgWithoutKey, ugi.GetShortUserName(), operation, key));
}
}
/// <summary>Maps different exceptions thrown by KMS to HTTP status codes.</summary>
public virtual Response ToResponse(Exception exception)
{
Response.Status status;
bool doAudit = true;
Exception throwable = exception;
if (exception is ContainerException)
{
throwable = exception.InnerException;
}
if (throwable is SecurityException)
{
status = Response.Status.Forbidden;
}
else
{
if (throwable is AuthenticationException)
{
status = Response.Status.Forbidden;
// we don't audit here because we did it already when checking access
doAudit = false;
}
else
{
if (throwable is AuthorizationException)
{
status = Response.Status.Forbidden;
// we don't audit here because we did it already when checking access
doAudit = false;
}
else
{
if (throwable is AccessControlException)
{
status = Response.Status.Forbidden;
}
else
{
if (exception is IOException)
{
status = Response.Status.InternalServerError;
}
else
{
if (exception is NotSupportedException)
{
status = Response.Status.BadRequest;
}
else
{
if (exception is ArgumentException)
{
status = Response.Status.BadRequest;
}
else
{
status = Response.Status.InternalServerError;
}
}
}
}
}
}
}
if (doAudit)
{
KMSWebApp.GetKMSAudit().Error(KMSMDCFilter.GetUgi(), KMSMDCFilter.GetMethod(), KMSMDCFilter
.GetURL(), GetOneLineMessage(exception));
}
return(CreateResponse(status, throwable));
}
/// <exception cref="System.Exception"/>
public KMS()
{
provider = KMSWebApp.GetKeyProvider();
kmsAudit = KMSWebApp.GetKMSAudit();
}
