/** * Returns the username for any user associated with the current RPC * request or not present if no user is set. */ public static Optional<String> getRequestUserName() { return getRequestUser().map(User::getShortName); }
private void logResult(boolean isAllowed, String request, String reason, byte[] user, List<byte[]> labelAuths, String regex) { if (AUDITLOG.isTraceEnabled()) { // This is more duplicated code! List<String> labelAuthsStr = new ArrayList<>(); if (labelAuths != null) { int labelAuthsSize = labelAuths.size(); labelAuthsStr = new ArrayList<>(labelAuthsSize); for (int i = 0; i < labelAuthsSize; i++) { labelAuthsStr.add(Bytes.toString(labelAuths.get(i))); } } User requestingUser = null; try { requestingUser = VisibilityUtils.getActiveUser(); } catch (IOException e) { LOG.warn("Failed to get active system user."); LOG.debug("Details on failure to get active system user.", e); } AUDITLOG.trace("Access " + (isAllowed ? "allowed" : "denied") + " for user " + (requestingUser != null ? requestingUser.getShortName() : "UNKNOWN") + "; reason: " + reason + "; remote address: " + RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("") + "; request: " + request + "; user: " + (user != null ? Bytes.toShort(user) : "null") + "; labels: " + labelAuthsStr + "; regex: " + regex); } }
@Before public void setUp() throws IOException { Configuration conf = HBaseConfiguration.create(); conf.set(RpcServerFactory.CUSTOM_RPC_SERVER_IMPL_CONF_KEY, rpcServerImpl.getName()); server = RpcServerFactory.createRpcServer(null, "testRpcServer", Lists.newArrayList(new BlockingServiceAndInterface(SERVICE, null)), new InetSocketAddress("localhost", 0), conf, new FifoRpcScheduler(conf, 1)); server.start(); socket = new Socket("localhost", server.getListenerAddress().getPort()); }
/** * @return Client info for use as prefix on an audit log string; who did an action */ @Override public String getClientIdAuditPrefix() { return "Client=" + RpcServer.getRequestUserName().orElse(null) + "/" + RpcServer.getRemoteAddress().orElse(null); }
/** * Verify, when servicing an RPC, that the caller is the scanner owner. If so, we assume that * access control is correctly enforced based on the checks performed in preScannerOpen() */ private void requireScannerOwner(InternalScanner s) throws AccessDeniedException { if (!RpcServer.isInRpcCallContext()) return; String requestUName = RpcServer.getRequestUserName().orElse(null); String owner = scannerOwners.get(s); if (authorizationEnabled && owner != null && !owner.equals(requestUName)) { throw new AccessDeniedException("User '" + requestUName + "' is not the scanner owner!"); } }
/** * Authorize the incoming client connection. * @param user client user * @param connection incoming connection * @param addr InetAddress of incoming connection * @throws AuthorizationException when the client isn't authorized to talk the protocol */ public void authorize(UserGroupInformation user, ConnectionHeader connection, InetAddress addr) throws AuthorizationException { if (authorize) { Class<?> c = getServiceInterface(services, connection.getServiceName()); synchronized (authManager) { authManager.authorize(user, c, getConf(), addr); } } }
@Test public void testRTEDuringConnectionSetup() throws Exception { Configuration conf = HBaseConfiguration.create(); RpcServer rpcServer = createRpcServer(null, "testRpcServer", Lists.newArrayList(new RpcServer.BlockingServiceAndInterface( SERVICE, null)), new InetSocketAddress("localhost", 0), CONF, new FifoRpcScheduler(CONF, 1)); try (AbstractRpcClient<?> client = createRpcClientRTEDuringConnectionSetup(conf)) { rpcServer.start(); BlockingInterface stub = newBlockingStub(client, rpcServer.getListenerAddress()); stub.ping(null, EmptyRequestProto.getDefaultInstance()); fail("Expected an exception to have been thrown!"); } catch (Exception e) { LOG.info("Caught expected exception: " + e.toString()); assertTrue(e.toString(), StringUtils.stringifyException(e).contains("Injected fault")); } finally { rpcServer.stop(); } }
void stopServer(RpcServer rpcServer) throws InterruptedException { InetSocketAddress address = rpcServer.getListenerAddress(); LOG.info("Stopping server: " + address); rpcServer.stop(); rpcServer.join(); LOG.info("Stopped server: " + address); }
@Override public InetSocketAddress getListenerAddress() { return this.rpcServer.getListenerAddress(); } }
this.rpcServer = new RpcServer(this, name, getServices(), this.serverName = ServerName.valueOf(hostName, rpcServer.getListenerAddress().getPort(), System.currentTimeMillis()); this.zkWatcher = new ZooKeeperWatcher(hbaseConf, this.serverName.toString(), null);
@After public void tearDown() throws IOException { if (socket != null) { socket.close(); } if (server != null) { server.stop(); } }
public void start() { rpcServer.start(); initZnodes(); running = true; }
@BeforeClass public static void setUp() { Mockito.when(mockRpcServer.getConf()).thenReturn(conf); Mockito.when(mockRpcServer.truncateTraceLog(Mockito.any(String.class))).thenCallRealMethod(); }
public SecretManager<? extends TokenIdentifier> getSecretManager() { return ((RpcServer)rpcServer).getSecretManager(); }
@Override public AuthenticationProtos.GetAuthenticationTokenResponse getAuthenticationToken( RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request) throws ServiceException { LOG.debug("Authentication token request from " + RpcServer.getRequestUserName().orElse(null)); // Ignore above passed in controller -- it is always null ServerRpcController serverController = new ServerRpcController(); final NonShadedBlockingRpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> callback = new NonShadedBlockingRpcCallback<>(); getAuthenticationToken(null, request, callback); try { serverController.checkFailed(); return callback.get(); } catch (IOException ioe) { throw new ServiceException(ioe); } }
private RpcServer initRpcServer() throws IOException { //hostname HostnameSupplier hostnameSupplier = new HostnameSupplier(hbaseConf); String hostName = hostnameSupplier.get(); //socketAddress InetSocketAddress socketAddress = null; for (int i = 1; i <= 10; i++) { try { socketAddress = new InetSocketAddress(hostName, randomPort()); break; } catch (Exception e) { logger.error("InetSocketAddress create failed in " + i + " times.", e); } } if (socketAddress == null || socketAddress.getAddress() == null) { throw new IllegalArgumentException("Failed to create " + socketAddress); } //rpcServer String name = "regionserver/" + socketAddress.toString(); this.serverName = ServerName.valueOf(hostName, socketAddress.getPort(), System.currentTimeMillis()); //handler-count设置为2,设置大了也没用,因为TaskReader<->TaskWriter是单线程模型 //并且源端的RegionServer推送Log的时候是单线程推送的,我们创建Task的时候,会比源端集群的RegionServer数目多, // 同一时刻,打到一个Task上的请求数不会太多 return new RpcServer(this, name, getServices(), socketAddress, hbaseConf, new FifoRpcScheduler(hbaseConf, hbaseConf.getInt(HConstants.REGION_SERVER_HANDLER_COUNT, 2))); }
/** * Truncate to number of chars decided by conf hbase.ipc.trace.log.max.length * if TRACE is on else to 150 chars Refer to Jira HBASE-20826 and HBASE-20942 * @param strParam stringifiedParam to be truncated * @return truncated trace log string */ @VisibleForTesting String truncateTraceLog(String strParam) { if (LOG.isTraceEnabled()) { int traceLogMaxLength = getConf().getInt(TRACE_LOG_MAX_LENGTH, DEFAULT_TRACE_LOG_MAX_LENGTH); int truncatedLength = strParam.length() < traceLogMaxLength ? strParam.length() : traceLogMaxLength; String truncatedFlag = truncatedLength == strParam.length() ? "" : KEY_WORD_TRUNCATED; return strParam.subSequence(0, truncatedLength) + truncatedFlag; } return strParam.subSequence(0, 150) + KEY_WORD_TRUNCATED; }
@Test public void testRemoteError() throws IOException, ServiceException { RpcServer rpcServer = createRpcServer(null, "testRpcServer", Lists.newArrayList(new RpcServer.BlockingServiceAndInterface( SERVICE, null)), new InetSocketAddress("localhost", 0), CONF, new FifoRpcScheduler(CONF, 1)); try (AbstractRpcClient<?> client = createRpcClient(CONF)) { rpcServer.start(); BlockingInterface stub = newBlockingStub(client, rpcServer.getListenerAddress()); stub.error(null, EmptyRequestProto.getDefaultInstance()); } catch (ServiceException e) { LOG.info("Caught expected exception: " + e); IOException ioe = ProtobufUtil.handleRemoteException(e); assertTrue(ioe instanceof DoNotRetryIOException); assertTrue(ioe.getMessage().contains("server error!")); } finally { rpcServer.stop(); } }
@Override public void logBatchWarning(String firstRegionName, int sum, int rowSizeWarnThreshold) { if (LOG.isWarnEnabled()) { LOG.warn("Large batch operation detected (greater than " + rowSizeWarnThreshold + ") (HBASE-18023)." + " Requested Number of Rows: " + sum + " Client: " + RpcServer.getRequestUserName().orElse(null) + "/" + RpcServer.getRemoteAddress().orElse(null) + " first region in multi=" + firstRegionName); } } };
void stopServer(RpcServer rpcServer) throws InterruptedException { InetSocketAddress address = rpcServer.getListenerAddress(); LOG.info("Stopping server: " + address); rpcServer.stop(); rpcServer.join(); LOG.info("Stopped server: " + address); }