Author: cmccabe
Date: Fri Apr 18 16:32:35 2014
New Revision: 1588509
URL: http://svn.apache.org/r1588509
Log:
Merge trunk into the HADOOP-10388 branch
Added:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/HarFs.java
- copied unchanged from r1588387,
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/HarFs.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password
- copied unchanged from r1588387,
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password
Removed:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/BinaryRecordInput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/BinaryRecordOutput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Buffer.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/CsvRecordInput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/CsvRecordOutput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Index.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Record.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/RecordComparator.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/RecordInput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/RecordOutput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/Utils.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/XmlRecordInput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/XmlRecordOutput.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CGenerator.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CodeBuffer.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CodeGenerator.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/Consts.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/CppGenerator.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JBoolean.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JBuffer.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JByte.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JCompType.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JDouble.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JField.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JFile.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JFloat.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JInt.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JLong.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JMap.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JRecord.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JString.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JType.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JVector.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/JavaGenerator.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/ant/RccTask.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/ParseException.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/Rcc.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/RccConstants.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/RccTokenManager.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/SimpleCharStream.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/Token.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/TokenMgrError.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/package.html
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/generated/rcc.jj
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/compiler/package.html
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/FieldTypeInfo.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/MapTypeID.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/RecordTypeInfo.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/StructTypeID.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/TypeID.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/Utils.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/meta/VectorTypeID.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/record/package.html
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt
(contents, props changed)
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/docs/
(props changed)
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/docs/releasenotes.html
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/
(props changed)
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyProvider.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/KeyShell.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/UserProvider.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/DF.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/io/MapFile.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/RetryCache.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/MetricsSink.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/impl/MetricsConfig.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/impl/MetricsSinkAdapter.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/metrics2/sink/FileSink.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/LdapGroupsMapping.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/NetgroupCache.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/StringUtils.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/native/native.vcxproj
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/io/compress/zlib/ZlibCompressor.c
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/native/src/org/apache/hadoop/security/hadoop_user_info.c
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProvider.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyShell.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FSMainOperationsBaseTest.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileContextTestHelper.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/FileSystemTestHelper.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/TestDFVariations.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/fs/TestFileUtil.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/io/TestBloomMapFile.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/io/TestMapFile.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestCallQueueManager.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/metrics2/impl/TestGangliaMetrics.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/metrics2/impl/TestMetricsSystemImpl.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/metrics2/sink/TestFileSink.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestDoAsEffectiveUser.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestStringUtils.java
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestWinUtils.java
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java?rev=1588509&r1=1588508&r2=1588509&view=diff
==============================================================================
---
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
(original)
+++
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
Fri Apr 18 16:32:35 2014
@@ -332,7 +332,8 @@ public class AuthenticationFilter implem
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain)
throws IOException, ServletException {
boolean unauthorizedResponse = true;
- String unauthorizedMsg = "";
+ int errCode = HttpServletResponse.SC_UNAUTHORIZED;
+ AuthenticationException authenticationEx = null;
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
boolean isHttps = "https".equals(httpRequest.getScheme());
@@ -344,6 +345,8 @@ public class AuthenticationFilter implem
}
catch (AuthenticationException ex) {
LOG.warn("AuthenticationToken ignored: " + ex.getMessage());
+ // will be sent back in a 401 unless filter authenticates
+ authenticationEx = ex;
token = null;
}
if (authHandler.managementOperation(token, httpRequest, httpResponse)) {
@@ -392,15 +395,20 @@ public class AuthenticationFilter implem
unauthorizedResponse = false;
}
} catch (AuthenticationException ex) {
- unauthorizedMsg = ex.toString();
+ // exception from the filter itself is fatal
+ errCode = HttpServletResponse.SC_FORBIDDEN;
+ authenticationEx = ex;
LOG.warn("Authentication exception: " + ex.getMessage(), ex);
}
if (unauthorizedResponse) {
if (!httpResponse.isCommitted()) {
createAuthCookie(httpResponse, "", getCookieDomain(),
getCookiePath(), 0, isHttps);
- httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
- unauthorizedMsg);
+ if (authenticationEx == null) {
+ httpResponse.sendError(errCode, "Authentication required");
+ } else {
+ httpResponse.sendError(errCode, authenticationEx.getMessage());
+ }
}
}
}
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java?rev=1588509&r1=1588508&r2=1588509&view=diff
==============================================================================
---
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java
(original)
+++
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestPseudoAuthenticator.java
Fri Apr 18 16:32:35 2014
@@ -63,7 +63,8 @@ public class TestPseudoAuthenticator {
URL url = new URL(auth.getBaseURL());
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.connect();
- Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED,
conn.getResponseCode());
+ Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN,
conn.getResponseCode());
+ Assert.assertEquals("Anonymous requests are disallowed",
conn.getResponseMessage());
} finally {
auth.stop();
}
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java?rev=1588509&r1=1588508&r2=1588509&view=diff
==============================================================================
---
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
(original)
+++
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java
Fri Apr 18 16:32:35 2014
@@ -14,8 +14,10 @@
package org.apache.hadoop.security.authentication.server;
import java.io.IOException;
+import java.net.HttpCookie;
import java.util.Arrays;
import java.util.HashMap;
+import java.util.List;
import java.util.Properties;
import java.util.Vector;
@@ -130,7 +132,11 @@ public class TestAuthenticationFilter {
token = new AuthenticationToken("u", "p", "t");
token.setExpires((expired) ? 0 : System.currentTimeMillis() +
TOKEN_VALIDITY_SEC);
} else {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ if (request.getHeader("WWW-Authenticate") == null) {
+ response.setHeader("WWW-Authenticate", "dummyauth");
+ } else {
+ throw new AuthenticationException("AUTH FAILED");
+ }
}
return token;
}
@@ -303,7 +309,8 @@ public class TestAuthenticationFilter {
"management.operation.return")).elements());
filter.init(config);
- AuthenticationToken token = new AuthenticationToken("u", "p",
"invalidtype");
+ AuthenticationToken token =
+ new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
Signer signer = new Signer("secret".getBytes());
String tokenSigned = signer.sign(token.toString());
@@ -312,13 +319,14 @@ public class TestAuthenticationFilter {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});
+ boolean failed = false;
try {
filter.getToken(request);
- Assert.fail();
} catch (AuthenticationException ex) {
- // Expected
- } catch (Exception ex) {
- Assert.fail();
+ Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
+ failed = true;
+ } finally {
+ Assert.assertTrue("token not expired", failed);
}
} finally {
filter.destroy();
@@ -351,13 +359,14 @@ public class TestAuthenticationFilter {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie});
+ boolean failed = false;
try {
filter.getToken(request);
- Assert.fail();
} catch (AuthenticationException ex) {
- // Expected
- } catch (Exception ex) {
- Assert.fail();
+ Assert.assertEquals("Invalid AuthenticationToken type",
ex.getMessage());
+ failed = true;
+ } finally {
+ Assert.assertTrue("token not invalid type", failed);
}
} finally {
filter.destroy();
@@ -398,7 +407,9 @@ public class TestAuthenticationFilter {
filter.doFilter(request, response, chain);
- Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ Mockito.verify(response).sendError(
+ HttpServletResponse.SC_UNAUTHORIZED, "Authentication required");
+ Mockito.verify(response).setHeader("WWW-Authenticate", "dummyauth");
} finally {
filter.destroy();
}
@@ -468,10 +479,10 @@ public class TestAuthenticationFilter {
if (expired) {
Mockito.verify(response, Mockito.never()).
- addCookie(Mockito.any(Cookie.class));
+ addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
} else {
String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
- Assert.assertNotNull(v);
+ Assert.assertNotNull("cookie missing", v);
Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains
("t=") && v.contains("e=") && v.contains("s="));
Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class),
@@ -586,7 +597,67 @@ public class TestAuthenticationFilter {
}
@Test
+ public void testDoFilterAuthenticationFailure() throws Exception {
+ AuthenticationFilter filter = new AuthenticationFilter();
+ try {
+ FilterConfig config = Mockito.mock(FilterConfig.class);
+ Mockito.when(config.getInitParameter("management.operation.return")).
+ thenReturn("true");
+
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
+ DummyAuthenticationHandler.class.getName());
+ Mockito.when(config.getInitParameterNames()).thenReturn(
+ new Vector<String>(
+ Arrays.asList(AuthenticationFilter.AUTH_TYPE,
+ "management.operation.return")).elements());
+ filter.init(config);
+
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ Mockito.when(request.getRequestURL()).thenReturn(new
StringBuffer("http://foo:8080/bar";));
+ Mockito.when(request.getCookies()).thenReturn(new Cookie[]{});
+
Mockito.when(request.getHeader("WWW-Authenticate")).thenReturn("dummyauth");
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+
+ FilterChain chain = Mockito.mock(FilterChain.class);
+
+ final HashMap<String, String> cookieMap = new HashMap<String, String>();
+ Mockito.doAnswer(
+ new Answer<Object>() {
+ @Override
+ public Object answer(InvocationOnMock invocation) throws Throwable {
+ Object[] args = invocation.getArguments();
+ parseCookieMap((String) args[1], cookieMap);
+ return null;
+ }
+ }
+ ).when(response).addHeader(Mockito.eq("Set-Cookie"),
Mockito.anyString());
+
+ Mockito.doAnswer(
+ new Answer<Object>() {
+ @Override
+ public Object answer(InvocationOnMock invocation) throws Throwable {
+ Assert.fail("shouldn't get here");
+ return null;
+ }
+ }
+ ).when(chain).doFilter(Mockito.<ServletRequest>anyObject(),
Mockito.<ServletResponse>anyObject());
+
+ filter.doFilter(request, response, chain);
+
+ Mockito.verify(response).sendError(
+ HttpServletResponse.SC_FORBIDDEN, "AUTH FAILED");
+ Mockito.verify(response,
Mockito.never()).setHeader(Mockito.eq("WWW-Authenticate"), Mockito.anyString());
+
+ String value = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
+ Assert.assertNotNull("cookie missing", value);
+ Assert.assertEquals("", value);
+ } finally {
+ filter.destroy();
+ }
+ }
+
+ @Test
public void testDoFilterAuthenticatedExpired() throws Exception {
+ String secret = "secret";
AuthenticationFilter filter = new AuthenticationFilter();
try {
FilterConfig config = Mockito.mock(FilterConfig.class);
@@ -594,9 +665,12 @@ public class TestAuthenticationFilter {
thenReturn("true");
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
DummyAuthenticationHandler.class.getName());
+
Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
+ secret);
Mockito.when(config.getInitParameterNames()).thenReturn(
new Vector<String>(
Arrays.asList(AuthenticationFilter.AUTH_TYPE,
+ AuthenticationFilter.SIGNATURE_SECRET,
"management.operation.return")).elements());
filter.init(config);
@@ -605,7 +679,7 @@ public class TestAuthenticationFilter {
AuthenticationToken token = new AuthenticationToken("u", "p",
DummyAuthenticationHandler.TYPE);
token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
- Signer signer = new Signer("secret".getBytes());
+ Signer signer = new Signer(secret.getBytes());
String tokenSigned = signer.sign(token.toString());
Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
@@ -643,12 +717,14 @@ public class TestAuthenticationFilter {
Mockito.verify(chain, Mockito.never()).doFilter(Mockito.any
(ServletRequest.class), Mockito.any(ServletResponse.class));
- Assert.assertTrue(cookieMap.containsKey(AuthenticatedURL.AUTH_COOKIE));
+ Assert.assertTrue("cookie is missing",
+ cookieMap.containsKey(AuthenticatedURL.AUTH_COOKIE));
Assert.assertEquals("", cookieMap.get(AuthenticatedURL.AUTH_COOKIE));
}
@Test
public void testDoFilterAuthenticatedInvalidType() throws Exception {
+ String secret = "secret";
AuthenticationFilter filter = new AuthenticationFilter();
try {
FilterConfig config = Mockito.mock(FilterConfig.class);
@@ -656,9 +732,12 @@ public class TestAuthenticationFilter {
thenReturn("true");
Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(
DummyAuthenticationHandler.class.getName());
+
Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(
+ secret);
Mockito.when(config.getInitParameterNames()).thenReturn(
new Vector<String>(
Arrays.asList(AuthenticationFilter.AUTH_TYPE,
+ AuthenticationFilter.SIGNATURE_SECRET,
"management.operation.return")).elements());
filter.init(config);
@@ -667,7 +746,7 @@ public class TestAuthenticationFilter {
AuthenticationToken token = new AuthenticationToken("u", "p",
"invalidtype");
token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
- Signer signer = new Signer("secret".getBytes());
+ Signer signer = new Signer(secret.getBytes());
String tokenSigned = signer.sign(token.toString());
Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1588509&r1=1588508&r2=1588509&view=diff
==============================================================================
---
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt
Fri Apr 18 16:32:35 2014
@@ -121,7 +121,25 @@ Trunk (Unreleased)
HADOOP-10342. Add a new method to UGI to use a Kerberos login subject to
build a new UGI. (Larry McCay via omalley)
- HADOOP-9968. Makes ProxyUsers to work with NetGroups (Benoy Antony via
ddas)
+ HADOOP-9968. Makes ProxyUsers to work with NetGroups (Benoy Antony via
+ ddas)
+
+ HADOOP-10237. JavaKeyStoreProvider needs to set keystore permissions
+ correctly. (Larry McCay via omalley)
+
+ HADOOP-10432. Refactor SSLFactory to expose static method to determine
+ HostnameVerifier. (tucu)
+
+ HADOOP-10427. KeyProvider implementations should be thread safe. (tucu)
+
+ HADOOP-10429. KeyStores should have methods to generate the materials
+ themselves, KeyShell should use them. (tucu)
+
+ HADOOP-10428. JavaKeyStoreProvider should accept keystore password via
+ configuration falling back to ENV VAR. (tucu)
+
+ HADOOP-10430. KeyProvider Metadata should have an optional description,
+ there should be a method to retrieve the metadata from all keys. (tucu)
BUG FIXES
@@ -297,6 +315,10 @@ Trunk (Unreleased)
HADOOP-10044 Improve the javadoc of rpc code (sanjay Radia)
+ HADOOP-10488. TestKeyProviderFactory fails randomly. (tucu)
+
+ HADOOP-10431. Change visibility of KeyStore.Options getter methods to
public. (tucu)
+
OPTIMIZATIONS
HADOOP-7761. Improve the performance of raw comparisons. (todd)
@@ -307,10 +329,27 @@ Release 2.5.0 - UNRELEASED
INCOMPATIBLE CHANGES
+ HADOOP-10474 Move o.a.h.record to hadoop-streaming. (wheat9)
+
NEW FEATURES
+ HADOOP-10498. Add support for proxy server. (daryn)
+
IMPROVEMENTS
+ HADOOP-10451. Remove unused field and imports from SaslRpcServer.
+ (Benoy Antony via jing9)
+
+ HADOOP-10345. Sanitize the the inputs (groups and hosts) for the proxyuser
+ configuration. (Benoy Antony via jing9)
+
+ HADOOP-10454. Provide FileContext version of har file system. (Kihwal Lee
+ via jeagles)
+
+ HADOOP-10104. Update jackson to 1.9.13 (Akira Ajisaka via stevel)
+
+ HADOOP-10485. Remove dead classes in hadoop-streaming. (wheat9)
+
OPTIMIZATIONS
BUG FIXES
@@ -325,7 +364,63 @@ Release 2.5.0 - UNRELEASED
removes unused FileContext.getFileStatus(..) and fixes various javac
warnings. (szetszwo)
-Release 2.4.0 - UNRELEASED
+ HADOOP-10414. Incorrect property name for RefreshUserMappingProtocol in
+ hadoop-policy.xml. (Joey Echeverria via atm)
+
+ HADOOP-10459. distcp V2 doesn't preserve root dir's attributes when -p is
+ specified. (Yongjun Zhang via atm)
+
+ HADOOP-10462. DF#getFilesystem is not parsing the command output.
+ (Akira AJISAKA via umamahesh)
+
+ HADOOP-10468. TestMetricsSystemImpl.testMultiThreadedPublish fails
+ intermediately. (wheat9)
+
+ HADOOP-10475. ConcurrentModificationException in
+ AbstractDelegationTokenSelector.selectToken(). (jing9)
+
+ HADOOP-10350. BUILDING.txt should mention openssl dependency required
+ for hadoop-pipes (Vinayakumar B)
+
+ HADOOP-10495. TestFileUtil fails on Windows due to bad permission
+ assertions. (cnauroth)
+
+ HADOOP-10496. Metrics system FileSink can leak file descriptor. (cnauroth)
+
+ HADOOP-10500. TestDoAsEffectiveUser fails on JDK7 due to failure to reset
+ proxy user configuration. (cnauroth)
+
+ HADOOP-10499. Remove unused parameter from ProxyUsers.authorize().
+ (Benoy Antony via cnauroth)
+
+Release 2.4.1 - UNRELEASED
+
+ INCOMPATIBLE CHANGES
+
+ NEW FEATURES
+
+ IMPROVEMENTS
+
+ HADOOP-10466. Lower the log level in UserGroupInformation. (Nicolas
+ Liochon via szetszwo)
+
+ OPTIMIZATIONS
+
+ BUG FIXES
+
+ HADOOP-10455. When there is an exception, ipc.Server should first check
+ whether it is an terse exception. (szetszwo)
+
+ HADOOP-10456. Bug in Configuration.java exposed by Spark
+ (ConcurrentModificationException). (Nishkam Ravi via cnauroth)
+
+ HADOOP-10473. TestCallQueueManager should interrupt before counting calls.
+ (szetszwo)
+
+ HADOOP-10490. TestMapFile and TestBloomMapFile leak file descriptors.
+ (cnauroth)
+
+Release 2.4.0 - 2014-04-07
INCOMPATIBLE CHANGES
@@ -463,6 +558,17 @@ Release 2.4.0 - UNRELEASED
HADOOP-10441. Namenode metric "rpc.RetryCache/NameNodeRetryCache.CacheHit"
can't be correctly processed by Ganglia. (jing9)
+ HADOOP-10449. Fix the javac warnings in the security package. (szetszwo)
+
+ HADOOP-10450. Build zlib native code bindings in hadoop.dll for Windows.
+ (cnauroth)
+
+ HADOOP-10301. AuthenticationFilter should return Forbidden for failed
+ authentication. (Daryn Sharp via jing9)
+
+ HADOOP-9525. Add tests that validate winutils chmod behavior on folders
+ (ivanmi)
+
BREAKDOWN OF HADOOP-10184 SUBTASKS AND RELATED JIRAS
HADOOP-10185. FileSystem API for ACLs. (cnauroth)
@@ -500,6 +606,9 @@ Release 2.4.0 - UNRELEASED
HADOOP-10399. FileContext API for ACLs. (Vinayakumar B via cnauroth)
+ HADOOP-10442. Group look-up can cause segmentation fault when certain
+ JNI-based mapping module is used. (Kihwal Lee via jeagles)
+
Release 2.3.1 - UNRELEASED
INCOMPATIBLE CHANGES
@@ -2720,6 +2829,9 @@ Release 0.23.11 - UNRELEASED
HADOOP-10332. HttpServer's jetty audit log always logs 200 OK (jeagles)
+ HADOOP-8826. Docs still refer to 0.20.205 as stable line (Mit Desai via
+ jeagles)
+
Release 0.23.10 - UNRELEASED
INCOMPATIBLE CHANGES
Propchange:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/CHANGES.txt
------------------------------------------------------------------------------
Merged
/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt:r1582150-1588387
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml?rev=1588509&r1=1588508&r2=1588509&view=diff
==============================================================================
---
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml
(original)
+++
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/dev-support/findbugsExcludeFile.xml
Fri Apr 18 16:32:35 2014
@@ -16,9 +16,6 @@
-->
<FindBugsFilter>
<Match>
- <Package name="org.apache.hadoop.record.compiler.generated" />
- </Match>
- <Match>
<Package name="org.apache.hadoop.security.proto" />
</Match>
<Match>
@@ -197,21 +194,6 @@
</Match>
<Match>
- <Class name="org.apache.hadoop.record.meta.Utils" />
- <Method name="skip" />
- <Bug pattern="BC_UNCONFIRMED_CAST" />
- </Match>
-
- <!--
- The compareTo method is actually a dummy method that just
- throws excpetions. So, no need to override equals. Ignore
- -->
- <Match>
- <Class name="org.apache.hadoop.record.meta.RecordTypeInfo" />
- <Bug pattern="EQ_COMPARETO_USE_OBJECT_EQUALS" />
- </Match>
-
- <Match>
<Class name="org.apache.hadoop.util.ProcfsBasedProcessTree" />
<Bug pattern="DMI_HARDCODED_ABSOLUTE_FILENAME" />
</Match>
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml?rev=1588509&r1=1588508&r2=1588509&view=diff
==============================================================================
---
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml
(original)
+++
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/pom.xml
Fri Apr 18 16:32:35 2014
@@ -202,7 +202,7 @@
<dependency>
<groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
- <scope>provided</scope>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.protobuf</groupId>
@@ -483,6 +483,7 @@
<exclude>src/test/resources/test.har/_index</exclude>
<exclude>src/test/resources/test.har/_masterindex</exclude>
<exclude>src/test/resources/test.har/part-0</exclude>
+ <exclude>src/test/resources/javakeystoreprovider.password</exclude>
</excludes>
</configuration>
</plugin>
Modified:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml?rev=1588509&r1=1588508&r2=1588509&view=diff
==============================================================================
---
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml
(original)
+++
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/conf/hadoop-policy.xml
Fri Apr 18 16:32:35 2014
@@ -85,7 +85,7 @@
</property>
<property>
- <name>security.refresh.usertogroups.mappings.protocol.acl</name>
+ <name>security.refresh.user.mappings.protocol.acl</name>
<value>*</value>
<description>ACL for RefreshUserMappingsProtocol. Used to refresh
users mappings. The ACL is a comma-separated list of user and
Propchange:
hadoop/common/branches/HADOOP-10388/hadoop-common-project/hadoop-common/src/main/docs/
------------------------------------------------------------------------------
Merged
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/docs:r1582150-1588387
