This is an automated email from the ASF dual-hosted git repository. elek pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
The following commit(s) were added to refs/heads/master by this push: new 21c08ee HDDS-4041. Ozone /conf endpoint triggers kerberos replay error when SPNEGO is enabled. (#1267) 21c08ee is described below commit 21c08eef622bc085c0dc16b2804c33280c0c88b0 Author: Xiaoyu Yao <x...@apache.org> AuthorDate: Wed Jul 29 04:32:24 2020 -0700 HDDS-4041. Ozone /conf endpoint triggers kerberos replay error when SPNEGO is enabled. (#1267) --- .../apache/hadoop/hdds/server/http/HttpServer2.java | 21 +++++++++++++++++++++ .../dist/src/main/smoketest/spnego/web.robot | 14 ++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java index 3a2c49b..9282c84 100644 --- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java +++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java @@ -893,6 +893,27 @@ public final class HttpServer2 implements FilterContainer { } webAppContext.addServlet(holder, pathSpec); + // Remove any previous filter attached to the removed servlet path to avoid + // Kerberos replay error. + FilterMapping[] filterMappings = webAppContext.getServletHandler(). + getFilterMappings(); + for (int i = 0; i < filterMappings.length; i++) { + if (filterMappings[i].getPathSpecs() == null) { + LOG.debug("Skip checking {} filterMappings {} without a path spec.", + filterMappings[i].getFilterName(), filterMappings[i]); + continue; + } + int oldPathSpecsLen = filterMappings[i].getPathSpecs().length; + String[] newPathSpecs = + ArrayUtil.removeFromArray(filterMappings[i].getPathSpecs(), pathSpec); + if (newPathSpecs.length == 0) { + webAppContext.getServletHandler().setFilterMappings( + ArrayUtil.removeFromArray(filterMappings, filterMappings[i])); + } else if (newPathSpecs.length != oldPathSpecsLen) { + filterMappings[i].setPathSpecs(newPathSpecs); + } + } + if (requireAuth && UserGroupInformation.isSecurityEnabled()) { LOG.info("Adding Kerberos (SPNEGO) filter to {}", name); ServletHandler handler = webAppContext.getServletHandler(); diff --git a/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot b/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot index 9c4156f..065e390 100644 --- a/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot +++ b/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot @@ -30,6 +30,11 @@ ${OM_SERVICE_LIST_URL} http://om:9874/serviceList ${SCM_URL} http://scm:9876 ${RECON_URL} http://recon:9888 +${SCM_CONF_URL} http://scm:9876/conf +${SCM_JMX_URL} http://scm:9876/jmx +${SCM_STACKS_URL} http://scm:9876/stacks + + *** Keywords *** Verify SPNEGO enabled URL [arguments] ${url} @@ -60,6 +65,15 @@ Test OM Service List Test SCM portal Verify SPNEGO enabled URL ${SCM_URL} +Test SCM conf + Verify SPNEGO enabled URL ${SCM_CONF_URL} + +Test SCM jmx + Verify SPNEGO enabled URL ${SCM_JMX_URL} + +Test SCM stacks + Verify SPNEGO enabled URL ${SCM_STACKS_URL} + Test Recon portal Verify SPNEGO enabled URL ${RECON_URL} --------------------------------------------------------------------- To unsubscribe, e-mail: ozone-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: ozone-commits-h...@hadoop.apache.org