Author: cmccabe Date: Fri Apr 18 16:32:35 2014 New Revision: 1588509 URL: http://svn.apache.org/r1588509 Log: Merge trunk into the HADOOP-10388 branch
Added: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/HarFs.java - copied unchanged from r1588387, hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/HarFs.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password - copied unchanged from r1588387, hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password Removed: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/BinaryRecordInput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/BinaryRecordOutput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Buffer.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/CsvRecordInput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/CsvRecordOutput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Index.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Record.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/RecordComparator.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/RecordInput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/RecordOutput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Utils.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/XmlRecordInput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/XmlRecordOutput.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CGenerator.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CodeBuffer.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CodeGenerator.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/Consts.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CppGenerator.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JBoolean.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JBuffer.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JByte.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JCompType.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JDouble.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JField.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JFile.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JFloat.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JInt.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JLong.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JMap.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JRecord.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JString.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JType.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JVector.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JavaGenerator.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/ant/RccTask.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/ParseException.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/Rcc.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/RccConstants.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/RccTokenManager.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/SimpleCharStream.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/Token.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/TokenMgrError.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/package.html hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/rcc.jj hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/package.html hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/FieldTypeInfo.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/MapTypeID.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/RecordTypeInfo.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/StructTypeID.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/TypeID.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/Utils.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/VectorTypeID.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/package.html Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt (contents, props changed) hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/docs/ (props changed) hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/docs/releasenotes.html hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/ (props changed) hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/DF.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/io/MapFile.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/RetryCache.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/MetricsSink.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/impl/MetricsConfig.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/impl/MetricsSinkAdapter.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/sink/FileSink.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/NetgroupCache.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/StringUtils.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/native/native.vcxproj hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/io/compress/zlib/ZlibCompressor.c hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/security/hadoop_user_info.c hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FSMainOperationsBaseTest.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileContextTestHelper.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileSystemTestHelper.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/TestDFVariations.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/TestFileUtil.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/io/TestBloomMapFile.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/io/TestMapFile.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestCallQueueManager.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/metrics2/impl/TestGangliaMetrics.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/metrics2/impl/TestMetricsSystemImpl.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/metrics2/sink/TestFileSink.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestStringUtils.java hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestWinUtils.java Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java?rev=1588509&r1=1588508&r2=1588509&view=diff ============================================================================== --- hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java (original) +++ hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java Fri Apr 18 16:32:35 2014 @@ -332,7 +332,8 @@ public class AuthenticationFilter implem public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { boolean unauthorizedResponse = true; - String unauthorizedMsg = ""; + int errCode = HttpServletResponse.SC_UNAUTHORIZED; + AuthenticationException authenticationEx = null; HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; boolean isHttps = "https".equals(httpRequest.getScheme()); @@ -344,6 +345,8 @@ public class AuthenticationFilter implem } catch (AuthenticationException ex) { LOG.warn("AuthenticationToken ignored: " + ex.getMessage()); + // will be sent back in a 401 unless filter authenticates + authenticationEx = ex; token = null; } if (authHandler.managementOperation(token, httpRequest, httpResponse)) { @@ -392,15 +395,20 @@ public class AuthenticationFilter implem unauthorizedResponse = false; } } catch (AuthenticationException ex) { - unauthorizedMsg = ex.toString(); + // exception from the filter itself is fatal + errCode = HttpServletResponse.SC_FORBIDDEN; + authenticationEx = ex; LOG.warn("Authentication exception: " + ex.getMessage(), ex); } if (unauthorizedResponse) { if (!httpResponse.isCommitted()) { createAuthCookie(httpResponse, "", getCookieDomain(), getCookiePath(), 0, isHttps); - httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, - unauthorizedMsg); + if (authenticationEx == null) { + httpResponse.sendError(errCode, "Authentication required"); + } else { + httpResponse.sendError(errCode, authenticationEx.getMessage()); + } } } } Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java?rev=1588509&r1=1588508&r2=1588509&view=diff ============================================================================== --- hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java (original) +++ hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java Fri Apr 18 16:32:35 2014 @@ -63,7 +63,8 @@ public class TestPseudoAuthenticator { URL url = new URL(auth.getBaseURL()); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.connect(); - Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); + Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode()); + Assert.assertEquals("Anonymous requests are disallowed", conn.getResponseMessage()); } finally { auth.stop(); } Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java?rev=1588509&r1=1588508&r2=1588509&view=diff ============================================================================== --- hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java (original) +++ hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java Fri Apr 18 16:32:35 2014 @@ -14,8 +14,10 @@ package org.apache.hadoop.security.authentication.server; import java.io.IOException; +import java.net.HttpCookie; import java.util.Arrays; import java.util.HashMap; +import java.util.List; import java.util.Properties; import java.util.Vector; @@ -130,7 +132,11 @@ public class TestAuthenticationFilter { token = new AuthenticationToken("u", "p", "t"); token.setExpires((expired) ? 0 : System.currentTimeMillis() + TOKEN_VALIDITY_SEC); } else { - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + if (request.getHeader("WWW-Authenticate") == null) { + response.setHeader("WWW-Authenticate", "dummyauth"); + } else { + throw new AuthenticationException("AUTH FAILED"); + } } return token; } @@ -303,7 +309,8 @@ public class TestAuthenticationFilter { "management.operation.return")).elements()); filter.init(config); - AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype"); + AuthenticationToken token = + new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE); token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC); Signer signer = new Signer("secret".getBytes()); String tokenSigned = signer.sign(token.toString()); @@ -312,13 +319,14 @@ public class TestAuthenticationFilter { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + boolean failed = false; try { filter.getToken(request); - Assert.fail(); } catch (AuthenticationException ex) { - // Expected - } catch (Exception ex) { - Assert.fail(); + Assert.assertEquals("AuthenticationToken expired", ex.getMessage()); + failed = true; + } finally { + Assert.assertTrue("token not expired", failed); } } finally { filter.destroy(); @@ -351,13 +359,14 @@ public class TestAuthenticationFilter { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + boolean failed = false; try { filter.getToken(request); - Assert.fail(); } catch (AuthenticationException ex) { - // Expected - } catch (Exception ex) { - Assert.fail(); + Assert.assertEquals("Invalid AuthenticationToken type", ex.getMessage()); + failed = true; + } finally { + Assert.assertTrue("token not invalid type", failed); } } finally { filter.destroy(); @@ -398,7 +407,9 @@ public class TestAuthenticationFilter { filter.doFilter(request, response, chain); - Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + Mockito.verify(response).sendError( + HttpServletResponse.SC_UNAUTHORIZED, "Authentication required"); + Mockito.verify(response).setHeader("WWW-Authenticate", "dummyauth"); } finally { filter.destroy(); } @@ -468,10 +479,10 @@ public class TestAuthenticationFilter { if (expired) { Mockito.verify(response, Mockito.never()). - addCookie(Mockito.any(Cookie.class)); + addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString()); } else { String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE); - Assert.assertNotNull(v); + Assert.assertNotNull("cookie missing", v); Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains ("t=") && v.contains("e=") && v.contains("s=")); Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class), @@ -586,7 +597,67 @@ public class TestAuthenticationFilter { } @Test + public void testDoFilterAuthenticationFailure() throws Exception { + AuthenticationFilter filter = new AuthenticationFilter(); + try { + FilterConfig config = Mockito.mock(FilterConfig.class); + Mockito.when(config.getInitParameter("management.operation.return")). + thenReturn("true"); + Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn( + DummyAuthenticationHandler.class.getName()); + Mockito.when(config.getInitParameterNames()).thenReturn( + new Vector<String>( + Arrays.asList(AuthenticationFilter.AUTH_TYPE, + "management.operation.return")).elements()); + filter.init(config); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar")); + Mockito.when(request.getCookies()).thenReturn(new Cookie[]{}); + Mockito.when(request.getHeader("WWW-Authenticate")).thenReturn("dummyauth"); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + FilterChain chain = Mockito.mock(FilterChain.class); + + final HashMap<String, String> cookieMap = new HashMap<String, String>(); + Mockito.doAnswer( + new Answer<Object>() { + @Override + public Object answer(InvocationOnMock invocation) throws Throwable { + Object[] args = invocation.getArguments(); + parseCookieMap((String) args[1], cookieMap); + return null; + } + } + ).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString()); + + Mockito.doAnswer( + new Answer<Object>() { + @Override + public Object answer(InvocationOnMock invocation) throws Throwable { + Assert.fail("shouldn't get here"); + return null; + } + } + ).when(chain).doFilter(Mockito.<ServletRequest>anyObject(), Mockito.<ServletResponse>anyObject()); + + filter.doFilter(request, response, chain); + + Mockito.verify(response).sendError( + HttpServletResponse.SC_FORBIDDEN, "AUTH FAILED"); + Mockito.verify(response, Mockito.never()).setHeader(Mockito.eq("WWW-Authenticate"), Mockito.anyString()); + + String value = cookieMap.get(AuthenticatedURL.AUTH_COOKIE); + Assert.assertNotNull("cookie missing", value); + Assert.assertEquals("", value); + } finally { + filter.destroy(); + } + } + + @Test public void testDoFilterAuthenticatedExpired() throws Exception { + String secret = "secret"; AuthenticationFilter filter = new AuthenticationFilter(); try { FilterConfig config = Mockito.mock(FilterConfig.class); @@ -594,9 +665,12 @@ public class TestAuthenticationFilter { thenReturn("true"); Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn( DummyAuthenticationHandler.class.getName()); + Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn( + secret); Mockito.when(config.getInitParameterNames()).thenReturn( new Vector<String>( Arrays.asList(AuthenticationFilter.AUTH_TYPE, + AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements()); filter.init(config); @@ -605,7 +679,7 @@ public class TestAuthenticationFilter { AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE); token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC); - Signer signer = new Signer("secret".getBytes()); + Signer signer = new Signer(secret.getBytes()); String tokenSigned = signer.sign(token.toString()); Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned); @@ -643,12 +717,14 @@ public class TestAuthenticationFilter { Mockito.verify(chain, Mockito.never()).doFilter(Mockito.any (ServletRequest.class), Mockito.any(ServletResponse.class)); - Assert.assertTrue(cookieMap.containsKey(AuthenticatedURL.AUTH_COOKIE)); + Assert.assertTrue("cookie is missing", + cookieMap.containsKey(AuthenticatedURL.AUTH_COOKIE)); Assert.assertEquals("", cookieMap.get(AuthenticatedURL.AUTH_COOKIE)); } @Test public void testDoFilterAuthenticatedInvalidType() throws Exception { + String secret = "secret"; AuthenticationFilter filter = new AuthenticationFilter(); try { FilterConfig config = Mockito.mock(FilterConfig.class); @@ -656,9 +732,12 @@ public class TestAuthenticationFilter { thenReturn("true"); Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn( DummyAuthenticationHandler.class.getName()); + Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn( + secret); Mockito.when(config.getInitParameterNames()).thenReturn( new Vector<String>( Arrays.asList(AuthenticationFilter.AUTH_TYPE, + AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements()); filter.init(config); @@ -667,7 +746,7 @@ public class TestAuthenticationFilter { AuthenticationToken token = new AuthenticationToken("u", "p", "invalidtype"); token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC); - Signer signer = new Signer("secret".getBytes()); + Signer signer = new Signer(secret.getBytes()); String tokenSigned = signer.sign(token.toString()); Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned); Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1588509&r1=1588508&r2=1588509&view=diff ============================================================================== --- hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt Fri Apr 18 16:32:35 2014 @@ -121,7 +121,25 @@ Trunk (Unreleased) HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to build a new UGI. (Larry McCay via omalley) - HADOOP-9968. Makes ProxyUsers to work with NetGroups (Benoy Antony via ddas) + HADOOP-9968. Makes ProxyUsers to work with NetGroups (Benoy Antony via + ddas) + + HADOOP-10237. JavaKeyStoreProvider needs to set keystore permissions + correctly. (Larry McCay via omalley) + + HADOOP-10432. Refactor SSLFactory to expose static method to determine + HostnameVerifier. (tucu) + + HADOOP-10427. KeyProvider implementations should be thread safe. (tucu) + + HADOOP-10429. KeyStores should have methods to generate the materials + themselves, KeyShell should use them. (tucu) + + HADOOP-10428. JavaKeyStoreProvider should accept keystore password via + configuration falling back to ENV VAR. (tucu) + + HADOOP-10430. KeyProvider Metadata should have an optional description, + there should be a method to retrieve the metadata from all keys. (tucu) BUG FIXES @@ -297,6 +315,10 @@ Trunk (Unreleased) HADOOP-10044 Improve the javadoc of rpc code (sanjay Radia) + HADOOP-10488. TestKeyProviderFactory fails randomly. (tucu) + + HADOOP-10431. Change visibility of KeyStore.Options getter methods to public. (tucu) + OPTIMIZATIONS HADOOP-7761. Improve the performance of raw comparisons. (todd) @@ -307,10 +329,27 @@ Release 2.5.0 - UNRELEASED INCOMPATIBLE CHANGES + HADOOP-10474 Move o.a.h.record to hadoop-streaming. (wheat9) + NEW FEATURES + HADOOP-10498. Add support for proxy server. (daryn) + IMPROVEMENTS + HADOOP-10451. Remove unused field and imports from SaslRpcServer. + (Benoy Antony via jing9) + + HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser + configuration. (Benoy Antony via jing9) + + HADOOP-10454. Provide FileContext version of har file system. (Kihwal Lee + via jeagles) + + HADOOP-10104. Update jackson to 1.9.13 (Akira Ajisaka via stevel) + + HADOOP-10485. Remove dead classes in hadoop-streaming. (wheat9) + OPTIMIZATIONS BUG FIXES @@ -325,7 +364,63 @@ Release 2.5.0 - UNRELEASED removes unused FileContext.getFileStatus(..) and fixes various javac warnings. (szetszwo) -Release 2.4.0 - UNRELEASED + HADOOP-10414. Incorrect property name for RefreshUserMappingProtocol in + hadoop-policy.xml. (Joey Echeverria via atm) + + HADOOP-10459. distcp V2 doesn't preserve root dir's attributes when -p is + specified. (Yongjun Zhang via atm) + + HADOOP-10462. DF#getFilesystem is not parsing the command output. + (Akira AJISAKA via umamahesh) + + HADOOP-10468. TestMetricsSystemImpl.testMultiThreadedPublish fails + intermediately. (wheat9) + + HADOOP-10475. ConcurrentModificationException in + AbstractDelegationTokenSelector.selectToken(). (jing9) + + HADOOP-10350. BUILDING.txt should mention openssl dependency required + for hadoop-pipes (Vinayakumar B) + + HADOOP-10495. TestFileUtil fails on Windows due to bad permission + assertions. (cnauroth) + + HADOOP-10496. Metrics system FileSink can leak file descriptor. (cnauroth) + + HADOOP-10500. TestDoAsEffectiveUser fails on JDK7 due to failure to reset + proxy user configuration. (cnauroth) + + HADOOP-10499. Remove unused parameter from ProxyUsers.authorize(). + (Benoy Antony via cnauroth) + +Release 2.4.1 - UNRELEASED + + INCOMPATIBLE CHANGES + + NEW FEATURES + + IMPROVEMENTS + + HADOOP-10466. Lower the log level in UserGroupInformation. (Nicolas + Liochon via szetszwo) + + OPTIMIZATIONS + + BUG FIXES + + HADOOP-10455. When there is an exception, ipc.Server should first check + whether it is an terse exception. (szetszwo) + + HADOOP-10456. Bug in Configuration.java exposed by Spark + (ConcurrentModificationException). (Nishkam Ravi via cnauroth) + + HADOOP-10473. TestCallQueueManager should interrupt before counting calls. + (szetszwo) + + HADOOP-10490. TestMapFile and TestBloomMapFile leak file descriptors. + (cnauroth) + +Release 2.4.0 - 2014-04-07 INCOMPATIBLE CHANGES @@ -463,6 +558,17 @@ Release 2.4.0 - UNRELEASED HADOOP-10441. Namenode metric "rpc.RetryCache/NameNodeRetryCache.CacheHit" can't be correctly processed by Ganglia. (jing9) + HADOOP-10449. Fix the javac warnings in the security package. (szetszwo) + + HADOOP-10450. Build zlib native code bindings in hadoop.dll for Windows. + (cnauroth) + + HADOOP-10301. AuthenticationFilter should return Forbidden for failed + authentication. (Daryn Sharp via jing9) + + HADOOP-9525. Add tests that validate winutils chmod behavior on folders + (ivanmi) + BREAKDOWN OF HADOOP-10184 SUBTASKS AND RELATED JIRAS HADOOP-10185. FileSystem API for ACLs. (cnauroth) @@ -500,6 +606,9 @@ Release 2.4.0 - UNRELEASED HADOOP-10399. FileContext API for ACLs. (Vinayakumar B via cnauroth) + HADOOP-10442. Group look-up can cause segmentation fault when certain + JNI-based mapping module is used. (Kihwal Lee via jeagles) + Release 2.3.1 - UNRELEASED INCOMPATIBLE CHANGES @@ -2720,6 +2829,9 @@ Release 0.23.11 - UNRELEASED HADOOP-10332. HttpServer's jetty audit log always logs 200 OK (jeagles) + HADOOP-8826. Docs still refer to 0.20.205 as stable line (Mit Desai via + jeagles) + Release 0.23.10 - UNRELEASED INCOMPATIBLE CHANGES Propchange: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt ------------------------------------------------------------------------------ Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt:r1582150-1588387 Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml?rev=1588509&r1=1588508&r2=1588509&view=diff ============================================================================== --- hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml (original) +++ hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml Fri Apr 18 16:32:35 2014 @@ -16,9 +16,6 @@ --> <FindBugsFilter> <Match> - <Package name="org.apache.hadoop.record.compiler.generated" /> - </Match> - <Match> <Package name="org.apache.hadoop.security.proto" /> </Match> <Match> @@ -197,21 +194,6 @@ </Match> <Match> - <Class name="org.apache.hadoop.record.meta.Utils" /> - <Method name="skip" /> - <Bug pattern="BC_UNCONFIRMED_CAST" /> - </Match> - - <!-- - The compareTo method is actually a dummy method that just - throws excpetions. So, no need to override equals. Ignore - --> - <Match> - <Class name="org.apache.hadoop.record.meta.RecordTypeInfo" /> - <Bug pattern="EQ_COMPARETO_USE_OBJECT_EQUALS" /> - </Match> - - <Match> <Class name="org.apache.hadoop.util.ProcfsBasedProcessTree" /> <Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME" /> </Match> Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml?rev=1588509&r1=1588508&r2=1588509&view=diff ============================================================================== --- hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml (original) +++ hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml Fri Apr 18 16:32:35 2014 @@ -202,7 +202,7 @@ <dependency> <groupId>org.apache.ant</groupId> <artifactId>ant</artifactId> - <scope>provided</scope> + <scope>test</scope> </dependency> <dependency> <groupId>com.google.protobuf</groupId> @@ -483,6 +483,7 @@ <exclude>src/test/resources/test.har/_index</exclude> <exclude>src/test/resources/test.har/_masterindex</exclude> <exclude>src/test/resources/test.har/part-0</exclude> + <exclude>src/test/resources/javakeystoreprovider.password</exclude> </excludes> </configuration> </plugin> Modified: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml?rev=1588509&r1=1588508&r2=1588509&view=diff ============================================================================== --- hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml (original) +++ hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml Fri Apr 18 16:32:35 2014 @@ -85,7 +85,7 @@ </property> <property> - <name>security.refresh.usertogroups.mappings.protocol.acl</name> + <name>security.refresh.user.mappings.protocol.acl</name> <value>*</value> <description>ACL for RefreshUserMappingsProtocol. Used to refresh users mappings. The ACL is a comma-separated list of user and Propchange: hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/docs/ ------------------------------------------------------------------------------ Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/docs:r1582150-1588387