This is an automated email from the ASF dual-hosted git repository.
eyang pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-2 by this push:
new bae607f Revert "HADOOP-13707. Skip authorization for anonymous user
to access Hadoop"
bae607f is described below
commit bae607f73435ec1ec29da994a5ce2466ff7e4f4e
Author: Eric Yang <[email protected]>
AuthorDate: Thu Feb 21 17:36:59 2019 -0500
Revert "HADOOP-13707. Skip authorization for anonymous user to access
Hadoop"
This reverts commit 439422fff923ae6aea1f7547fe24d0e23fbd8f7f.
---
.../java/org/apache/hadoop/conf/ConfServlet.java | 8 +-----
.../apache/hadoop/http/AdminAuthorizedServlet.java | 11 ++------
.../java/org/apache/hadoop/http/HttpServer2.java | 32 ++--------------------
.../java/org/apache/hadoop/jmx/JMXJsonServlet.java | 8 +-----
.../main/java/org/apache/hadoop/log/LogLevel.java | 10 ++-----
.../org/apache/hadoop/http/TestHttpServer.java | 17 +-----------
6 files changed, 12 insertions(+), 74 deletions(-)
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java
index cfd7b97..cdc9581 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfServlet.java
@@ -20,7 +20,6 @@ package org.apache.hadoop.conf;
import java.io.IOException;
import java.io.Writer;
-import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -59,12 +58,7 @@ public class ConfServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
- // If user is a static user and auth Type is null, that means
- // there is a non-security environment and no need authorization,
- // otherwise, do the authorization.
- final ServletContext servletContext = getServletContext();
- if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
- !HttpServer2.isInstrumentationAccessAllowed(servletContext,
+ if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
request, response)) {
return;
}
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java
index e591ab4..ef562b4 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/AdminAuthorizedServlet.java
@@ -19,7 +19,6 @@ package org.apache.hadoop.http;
import java.io.IOException;
-import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -36,13 +35,9 @@ public class AdminAuthorizedServlet extends DefaultServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse
response)
- throws ServletException, IOException {
- // If user is a static user and auth Type is null, that means
- // there is a non-security environment and no need authorization,
- // otherwise, do the authorization.
- final ServletContext servletContext = getServletContext();
- if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) ||
- HttpServer2.hasAdministratorAccess(servletContext, request,
+ throws ServletException, IOException {
+ // Do the authorization
+ if (HttpServer2.hasAdministratorAccess(getServletContext(), request,
response)) {
// Authorization is done. Just call super.
super.doGet(request, response);
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
index 861fa48..74936ee 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
@@ -97,9 +97,6 @@ import com.sun.jersey.spi.container.servlet.ServletContainer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import static
org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
-import static
org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
-
/**
* Create a Jetty embedded server to answer http requests. The primary goal is
* to serve up status information for the server. There are three contexts:
@@ -1172,24 +1169,6 @@ public final class HttpServer2 implements
FilterContainer {
}
/**
- * check whether user is static and unauthenticated, if the
- * answer is TRUE, that means http sever is in non-security
- * environment.
- * @param servletContext the servlet context.
- * @param request the servlet request.
- * @return TRUE/FALSE based on the logic described above.
- */
- public static boolean isStaticUserAndNoneAuthType(
- ServletContext servletContext, HttpServletRequest request) {
- Configuration conf =
- (Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE);
- final String authType = request.getAuthType();
- final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER,
- DEFAULT_HADOOP_HTTP_STATIC_USER);
- return authType == null && staticUser.equals(request.getRemoteUser());
- }
-
- /**
* Checks the user has privileges to access to instrumentation servlets.
* <p/>
* If <code>hadoop.security.instrumentation.requires.admin</code> is set to
FALSE
@@ -1286,14 +1265,9 @@ public final class HttpServer2 implements
FilterContainer {
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- // If user is a static user and auth Type is null, that means
- // there is a non-security environment and no need authorization,
- // otherwise, do the authorization.
- final ServletContext servletContext = getServletContext();
- if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
- !HttpServer2.isInstrumentationAccessAllowed(servletContext,
- request, response)) {
+ throws ServletException, IOException {
+ if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
+ request, response)) {
return;
}
response.setContentType("text/plain; charset=UTF-8");
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java
index c8b67bd..a81fbd9 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java
@@ -38,7 +38,6 @@ import javax.management.RuntimeMBeanException;
import javax.management.openmbean.CompositeData;
import javax.management.openmbean.CompositeType;
import javax.management.openmbean.TabularData;
-import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -168,12 +167,7 @@ public class JMXJsonServlet extends HttpServlet {
String jsonpcb = null;
PrintWriter writer = null;
try {
- // If user is a static user and auth Type is null, that means
- // there is a non-security environment and no need authorization,
- // otherwise, do the authorization.
- final ServletContext servletContext = getServletContext();
- if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
- !isInstrumentationAccessAllowed(request, response)) {
+ if (!isInstrumentationAccessAllowed(request, response)) {
return;
}
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java
index cec62a1..3b2ceba 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/log/LogLevel.java
@@ -323,13 +323,9 @@ public class LogLevel {
public void doGet(HttpServletRequest request, HttpServletResponse response
) throws ServletException, IOException {
- // If user is a static user and auth Type is null, that means
- // there is a non-security environment and no need authorization,
- // otherwise, do the authorization.
- final ServletContext servletContext = getServletContext();
- if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
- !HttpServer2.hasAdministratorAccess(servletContext,
- request, response)) {
+ // Do the authorization
+ if (!HttpServer2.hasAdministratorAccess(getServletContext(), request,
+ response)) {
return;
}
diff --git
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
index 27d6b07..7e72ee7 100644
---
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
+++
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServer.java
@@ -68,9 +68,6 @@ import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
-import static
org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
-import static
org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
-
public class TestHttpServer extends HttpServerFunctionalTest {
static final Logger LOG = LoggerFactory.getLogger(TestHttpServer.class);
private static HttpServer2 server;
@@ -458,7 +455,7 @@ public class TestHttpServer extends
HttpServerFunctionalTest {
String serverURL = "http://";
+ NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/";
for (String servlet : new String[] { "conf", "logs", "stacks",
- "logLevel", "metrics", "jmx" }) {
+ "logLevel", "metrics" }) {
for (String user : new String[] { "userA", "userB", "userC", "userD" }) {
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
+ servlet, user));
@@ -466,18 +463,6 @@ public class TestHttpServer extends
HttpServerFunctionalTest {
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
serverURL + servlet, "userE"));
}
-
- // hadoop.security.authorization is set as true while
- // hadoop.http.authentication.type's value is `simple`(default value)
- // in this case, static user has administrator access
- final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER,
- DEFAULT_HADOOP_HTTP_STATIC_USER);
- for (String servlet : new String[] {"conf", "logs", "stacks",
- "logLevel", "jmx"}) {
- assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(
- serverURL + servlet, staticUser));
- }
-
myServer.stop();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
