public virtual void Mdc() { HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); Org.Mockito.Mockito.When(request.GetUserPrincipal()).ThenReturn(null); Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn("METHOD"); Org.Mockito.Mockito.When(request.GetPathInfo()).ThenReturn("/pathinfo"); ServletResponse response = Org.Mockito.Mockito.Mock <ServletResponse>(); AtomicBoolean invoked = new AtomicBoolean(); FilterChain chain = new _FilterChain_55(invoked); MDC.Clear(); Filter filter = new MDCFilter(); filter.Init(null); filter.DoFilter(request, response, chain); NUnit.Framework.Assert.IsTrue(invoked.Get()); NUnit.Framework.Assert.IsNull(MDC.Get("hostname")); NUnit.Framework.Assert.IsNull(MDC.Get("user")); NUnit.Framework.Assert.IsNull(MDC.Get("method")); NUnit.Framework.Assert.IsNull(MDC.Get("path")); Org.Mockito.Mockito.When(request.GetUserPrincipal()).ThenReturn(new _Principal_78 ()); invoked.Set(false); chain = new _FilterChain_86(invoked); filter.DoFilter(request, response, chain); NUnit.Framework.Assert.IsTrue(invoked.Get()); HostnameFilter.HostnameTl.Set("HOST"); invoked.Set(false); chain = new _FilterChain_103(invoked); filter.DoFilter(request, response, chain); NUnit.Framework.Assert.IsTrue(invoked.Get()); HostnameFilter.HostnameTl.Remove(); filter.Destroy(); }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { resp.SetContentType("text/plain"); resp.SetStatus(HttpServletResponse.ScOk); string user = req.GetRemoteUser(); string principal = (req.GetUserPrincipal() != null) ? req.GetUserPrincipal().GetName () : null; TextWriter writer = resp.GetWriter(); writer.Write(MessageFormat.Format("You are: user[{0}] principal[{1}]\n", user, principal )); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Servlet.ServletException"/> protected override void DoFilter(FilterChain filterChain, HttpServletRequest request , HttpServletResponse response) { bool requestCompleted = false; UserGroupInformation ugi = null; AuthenticationToken authToken = (AuthenticationToken)request.GetUserPrincipal(); if (authToken != null && authToken != AuthenticationToken.Anonymous) { // if the request was authenticated because of a delegation token, // then we ignore proxyuser (this is the same as the RPC behavior). ugi = (UserGroupInformation)request.GetAttribute(DelegationTokenAuthenticationHandler .DelegationTokenUgiAttribute); if (ugi == null) { string realUser = request.GetUserPrincipal().GetName(); ugi = UserGroupInformation.CreateRemoteUser(realUser, handlerAuthMethod); string doAsUser = GetDoAs(request); if (doAsUser != null) { ugi = UserGroupInformation.CreateProxyUser(doAsUser, ugi); try { ProxyUsers.Authorize(ugi, request.GetRemoteHost()); } catch (AuthorizationException ex) { HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden , ex); requestCompleted = true; } } } UgiTl.Set(ugi); } if (!requestCompleted) { UserGroupInformation ugiF = ugi; try { request = new _HttpServletRequestWrapper_269(this, ugiF, request); base.DoFilter(filterChain, request, response); } finally { UgiTl.Remove(); } } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { UserGroupInformation ugi; ServletContext context = GetServletContext(); Configuration conf = NameNodeHttpServer.GetConfFromContext(context); try { ugi = GetUGI(req, conf); } catch (IOException ioe) { Log.Info("Request for token received with no authentication from " + req.GetRemoteAddr (), ioe); resp.SendError(HttpServletResponse.ScForbidden, "Unable to identify or authenticate user" ); return; } Log.Info("Sending token: {" + ugi.GetUserName() + "," + req.GetRemoteAddr() + "}" ); NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context); string renewer = req.GetParameter(Renewer); string renewerFinal = (renewer == null) ? req.GetUserPrincipal().GetName() : renewer; DataOutputStream dos = null; try { dos = new DataOutputStream(resp.GetOutputStream()); DataOutputStream dosFinal = dos; // for doAs block ugi.DoAs(new _PrivilegedExceptionAction_69(nn, ugi, renewerFinal, dosFinal)); } catch (Exception e) { Log.Info("Exception while sending token. Re-throwing ", e); resp.SendError(HttpServletResponse.ScInternalServerError); } finally { if (dos != null) { dos.Close(); } } }
/// <exception cref="System.IO.IOException"/> protected internal virtual bool IsValidRequestor(HttpServletRequest request, Configuration conf) { string remotePrincipal = request.GetUserPrincipal().GetName(); string remoteShortName = request.GetRemoteUser(); if (remotePrincipal == null) { // This really shouldn't happen... Log.Warn("Received null remoteUser while authorizing access to " + "GetJournalEditServlet" ); return(false); } if (Log.IsDebugEnabled()) { Log.Debug("Validating request made by " + remotePrincipal + " / " + remoteShortName + ". This user is: " + UserGroupInformation.GetLoginUser()); } ICollection <string> validRequestors = new HashSet <string>(); Sharpen.Collections.AddAll(validRequestors, DFSUtil.GetAllNnPrincipals(conf)); try { validRequestors.AddItem(SecurityUtil.GetServerPrincipal(conf.Get(DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey ), SecondaryNameNode.GetHttpAddress(conf).GetHostName())); } catch (Exception e) { // Don't halt if SecondaryNameNode principal could not be added. Log.Debug("SecondaryNameNode principal could not be added", e); string msg = string.Format("SecondaryNameNode principal not considered, %s = %s, %s = %s" , DFSConfigKeys.DfsSecondaryNamenodeKerberosPrincipalKey, conf.Get(DFSConfigKeys .DfsSecondaryNamenodeKerberosPrincipalKey), DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey , conf.Get(DFSConfigKeys.DfsNamenodeSecondaryHttpAddressKey, DFSConfigKeys.DfsNamenodeSecondaryHttpAddressDefault )); Log.Warn(msg); } // Check the full principal name of all the configured valid requestors. foreach (string v in validRequestors) { if (Log.IsDebugEnabled()) { Log.Debug("isValidRequestor is comparing to valid requestor: " + v); } if (v != null && v.Equals(remotePrincipal)) { if (Log.IsDebugEnabled()) { Log.Debug("isValidRequestor is allowing: " + remotePrincipal); } return(true); } } // Additionally, we compare the short name of the requestor to this JN's // username, because we want to allow requests from other JNs during // recovery, but we can't enumerate the full list of JNs. if (remoteShortName.Equals(UserGroupInformation.GetLoginUser().GetShortUserName() )) { if (Log.IsDebugEnabled()) { Log.Debug("isValidRequestor is allowing other JN principal: " + remotePrincipal); } return(true); } if (Log.IsDebugEnabled()) { Log.Debug("isValidRequestor is rejecting: " + remotePrincipal); } return(false); }
/// <exception cref="System.IO.IOException"/> private void ValidateRequest(ServletContext context, Configuration conf, HttpServletRequest request, HttpServletResponse response, FSImage nnImage, string theirStorageInfoString ) { if (UserGroupInformation.IsSecurityEnabled() && !IsValidRequestor(context, request .GetUserPrincipal().GetName(), conf)) { string errorMsg = "Only Namenode, Secondary Namenode, and administrators may access " + "this servlet"; response.SendError(HttpServletResponse.ScForbidden, errorMsg); Log.Warn("Received non-NN/SNN/administrator request for image or edits from " + request .GetUserPrincipal().GetName() + " at " + request.GetRemoteHost()); throw new IOException(errorMsg); } string myStorageInfoString = nnImage.GetStorage().ToColonSeparatedString(); if (theirStorageInfoString != null && !myStorageInfoString.Equals(theirStorageInfoString )) { string errorMsg = "This namenode has storage info " + myStorageInfoString + " but the secondary expected " + theirStorageInfoString; response.SendError(HttpServletResponse.ScForbidden, errorMsg); Log.Warn("Received an invalid request file transfer request " + "from a secondary with storage info " + theirStorageInfoString); throw new IOException(errorMsg); } }
/// <exception cref="Javax.Servlet.ServletException"/> /// <exception cref="System.IO.IOException"/> protected override void DoGet(HttpServletRequest req, HttpServletResponse resp) { resp.SetStatus(HttpServletResponse.ScOk); resp.GetWriter().Write(req.GetUserPrincipal().GetName()); }