Author: tucu Date: Thu Aug 21 18:59:51 2014 New Revision: 1619546 URL: http://svn.apache.org/r1619546 Log: HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu)
Conflicts: hadoop-common-project/hadoop-common/CHANGES.txt Added: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1619546&r1=1619545&r2=1619546&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Thu Aug 21 18:59:51 2014 @@ -287,6 +287,8 @@ Release 2.6.0 - UNRELEASED HADOOP-10937. Need to set version name correctly before decrypting EEK. (Arun Suresh via wang) + HADOOP-10918. JMXJsonServlet fails when used within Tomcat. (tucu) + Release 2.5.0 - 2014-08-11 INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java?rev=1619546&r1=1619545&r2=1619546&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java Thu Aug 21 18:59:51 2014 @@ -1037,7 +1037,7 @@ public final class HttpServer2 implement String remoteUser = request.getRemoteUser(); if (remoteUser == null) { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Unauthenticated users are not " + "authorized to access this page."); return false; @@ -1045,7 +1045,7 @@ public final class HttpServer2 implement if (servletContext.getAttribute(ADMINS_ACL) != null && !userHasAdministratorAccess(servletContext, remoteUser)) { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User " + response.sendError(HttpServletResponse.SC_FORBIDDEN, "User " + remoteUser + " is unauthorized to access this page."); return false; } Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java?rev=1619546&r1=1619545&r2=1619546&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java Thu Aug 21 18:59:51 2014 @@ -140,6 +140,12 @@ public class JMXJsonServlet extends Http mBeanServer = ManagementFactory.getPlatformMBeanServer(); } + protected boolean isInstrumentationAccessAllowed(HttpServletRequest request, + HttpServletResponse response) throws IOException { + return HttpServer2.isInstrumentationAccessAllowed(getServletContext(), + request, response); + } + /** * Process a GET request for the specified resource. * @@ -153,8 +159,7 @@ public class JMXJsonServlet extends Http String jsonpcb = null; PrintWriter writer = null; try { - if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(), - request, response)) { + if (!isInstrumentationAccessAllowed(request, response)) { return; } Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java?rev=1619546&r1=1619545&r2=1619546&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java Thu Aug 21 18:59:51 2014 @@ -421,7 +421,7 @@ public class TestHttpServer extends Http assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL + servlet, user)); } - assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, getHttpStatusCode( + assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode( serverURL + servlet, "userE")); } myServer.stop(); @@ -481,7 +481,7 @@ public class TestHttpServer extends Http response = Mockito.mock(HttpServletResponse.class); conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, true); Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response)); - Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString()); + Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString()); //authorization ON & user NOT NULL & ACLs NULL response = Mockito.mock(HttpServletResponse.class); @@ -494,7 +494,7 @@ public class TestHttpServer extends Http Mockito.when(acls.isUserAllowed(Mockito.<UserGroupInformation>any())).thenReturn(false); Mockito.when(context.getAttribute(HttpServer2.ADMINS_ACL)).thenReturn(acls); Assert.assertFalse(HttpServer2.hasAdministratorAccess(context, request, response)); - Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_UNAUTHORIZED), Mockito.anyString()); + Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse.SC_FORBIDDEN), Mockito.anyString()); //authorization ON & user NOT NULL & ACLs NOT NULL & user in in ACLs response = Mockito.mock(HttpServletResponse.class); Added: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java?rev=1619546&view=auto ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java (added) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSJMXServlet.java Thu Aug 21 18:59:51 2014 @@ -0,0 +1,33 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.crypto.key.kms.server; + +import org.apache.hadoop.jmx.JMXJsonServlet; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +public class KMSJMXServlet extends JMXJsonServlet { + + @Override + protected boolean isInstrumentationAccessAllowed(HttpServletRequest request, + HttpServletResponse response) throws IOException { + return true; + } +} Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml?rev=1619546&r1=1619545&r2=1619546&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-kms/src/main/webapp/WEB-INF/web.xml Thu Aug 21 18:59:51 2014 @@ -42,7 +42,7 @@ <servlet> <servlet-name>jmx-servlet</servlet-name> - <servlet-class>org.apache.hadoop.jmx.JMXJsonServlet</servlet-class> + <servlet-class>org.apache.hadoop.crypto.key.kms.server.KMSJMXServlet</servlet-class> </servlet> <servlet-mapping>