/** Same as getUGI(null, request, conf). */ public static UserGroupInformation getUGI(HttpServletRequest request, Configuration conf) throws IOException { return getUGI(null, request, conf); }
final boolean tryUgiParameter) throws IOException { UserGroupInformation ugi = null; final String usernameFromQuery = getUsernameFromQuery(request, tryUgiParameter); final String doAsUserFromQuery = request.getParameter(DoAsParam.NAME); final String remoteUser; ugi = getTokenUGI(context, request, tokenString, conf); checkUsername(ugi.getShortUserName(), usernameFromQuery); checkUsername(ugi.getShortUserName(), doAsUserFromQuery); } else if (remoteUser == null) { throw new IOException( ? getDefaultWebUserName(conf) // not specified in request : usernameFromQuery; checkUsername(ugi.getShortUserName(), usernameFromQuery); if (UserGroupInformation.isSecurityEnabled()) { ProxyUsers.authorize(ugi, getRemoteAddr(request));
/** Create a redirection URL */ private URL createRedirectURL(UserGroupInformation ugi, DatanodeID host, HttpServletRequest request, NameNode nn) throws IOException { final String hostname = host instanceof DatanodeInfo ? host.getHostName() : host.getIpAddr(); final String scheme = request.getScheme(); int port = host.getInfoPort(); if ("https".equals(scheme)) { final Integer portObject = (Integer) getServletContext().getAttribute( DFSConfigKeys.DFS_DATANODE_HTTPS_PORT_KEY); if (portObject != null) { port = portObject; } } final String encodedPath = ServletUtil.getRawPath(request, "/fileChecksum"); String dtParam = ""; if (UserGroupInformation.isSecurityEnabled()) { String tokenString = ugi.getTokens().iterator().next().encodeToUrlString(); dtParam = JspHelper.getDelegationTokenUrlParam(tokenString); } String addr = nn.getNameNodeAddressHostPortString(); String addrParam = JspHelper.getUrlParam(JspHelper.NAMENODE_ADDRESS, addr); return new URL(scheme, hostname, port, "/getFileChecksum" + encodedPath + '?' + "ugi=" + ServletUtil.encodeQueryValue(ugi.getShortUserName()) + dtParam + addrParam); }
UserGroupInformation ugi() throws IOException { if (UserGroupInformation.isSecurityEnabled()) { return tokenUGI(); } final String usernameFromQuery = params.userName(); final String doAsUserFromQuery = params.doAsUser(); final String remoteUser = usernameFromQuery == null ? JspHelper.getDefaultWebUserName(params.conf()) // not specified in // request : usernameFromQuery; UserGroupInformation ugi = UserGroupInformation.createRemoteUser(remoteUser); JspHelper.checkUsername(ugi.getShortUserName(), usernameFromQuery); if (doAsUserFromQuery != null) { // create and attempt to authorize a proxy user ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi); } return ugi; }
public NamenodeWebHdfsMethods(@Context HttpServletRequest request) { // the request object is a proxy to thread-locals so we have to extract // what we want from it since the external call will be processed in a // different thread. scheme = request.getScheme(); userPrincipal = request.getUserPrincipal(); // get the remote address, if coming in via a trusted proxy server then // the address with be that of the proxied client remoteAddr = JspHelper.getRemoteAddr(request); supportEZ = Boolean.valueOf(request.getHeader(WebHdfsFileSystem.EZ_HEADER)); }
/** * Returns the url parameter for the given string, prefixed with '&'. * * @param name parameter name * @param val parameter value * @return url parameter */ public static String getUrlParam(String name, String val) { return getUrlParam(name, val, false); } }
private static UserGroupInformation getTokenUGI(ServletContext context, HttpServletRequest request, String tokenString, Configuration conf) throws IOException { final Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(); token.decodeFromUrlString(tokenString); InetSocketAddress serviceAddress = getNNServiceAddress(context, request); if (serviceAddress != null) { SecurityUtil.setTokenService(token, serviceAddress); token.setKind(DelegationTokenIdentifier.HDFS_DELEGATION_KIND); } ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); DelegationTokenIdentifier id = new DelegationTokenIdentifier(); id.readFields(in); if (context != null) { final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context); if (nn != null) { // Verify the token. nn.getNamesystem().verifyToken(id, token.getPassword()); } } UserGroupInformation ugi = id.getUser(); ugi.addToken(token); return ugi; }
@Test public void testDelegationTokenUrlParam() { conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); String tokenString = "xyzabc"; String delegationTokenParam = JspHelper .getDelegationTokenUrlParam(tokenString); //Security is enabled Assert.assertEquals(JspHelper.SET_DELEGATION + "xyzabc", delegationTokenParam); conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "simple"); UserGroupInformation.setConfiguration(conf); delegationTokenParam = JspHelper .getDelegationTokenUrlParam(tokenString); //Empty string must be returned because security is disabled. Assert.assertEquals("", delegationTokenParam); }
private UserGroupInformation nonTokenUGI(String usernameFromQuery, String doAsUserFromQuery, String remoteUser) throws IOException { UserGroupInformation ugi = UserGroupInformation .createRemoteUser(remoteUser); JspHelper.checkUsername(ugi.getShortUserName(), usernameFromQuery); if (doAsUserFromQuery != null) { // create and attempt to authorize a proxy user ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi); } return ugi; } }
public static DatanodeInfo bestNode(LocatedBlocks blks, Configuration conf) throws IOException { HashMap<DatanodeInfo, NodeRecord> map = new HashMap<DatanodeInfo, NodeRecord>(); for (LocatedBlock block : blks.getLocatedBlocks()) { DatanodeInfo[] nodes = block.getLocations(); for (DatanodeInfo node : nodes) { NodeRecord record = map.get(node); if (record == null) { map.put(node, new NodeRecord(node, 1)); } else { record.frequency++; } } } NodeRecord[] nodes = map.values().toArray(new NodeRecord[map.size()]); Arrays.sort(nodes, new NodeRecordComparator()); return bestNode(nodes, false); }
final String doAsUserFromQuery = params.doAsUser(); final String remoteUser = usernameFromQuery == null ? JspHelper .getDefaultWebUserName(params.conf()) // not specified in request : usernameFromQuery;
/** Create a redirection URL */ private URL createRedirectURL(UserGroupInformation ugi, DatanodeID host, HttpServletRequest request, NameNode nn) throws IOException { final String hostname = host instanceof DatanodeInfo ? host.getHostName() : host.getIpAddr(); final String scheme = request.getScheme(); int port = host.getInfoPort(); if ("https".equals(scheme)) { final Integer portObject = (Integer) getServletContext().getAttribute( DFSConfigKeys.DFS_DATANODE_HTTPS_PORT_KEY); if (portObject != null) { port = portObject; } } final String encodedPath = ServletUtil.getRawPath(request, "/fileChecksum"); String dtParam = ""; if (UserGroupInformation.isSecurityEnabled()) { String tokenString = ugi.getTokens().iterator().next().encodeToUrlString(); dtParam = JspHelper.getDelegationTokenUrlParam(tokenString); } String addr = nn.getNameNodeAddressHostPortString(); String addrParam = JspHelper.getUrlParam(JspHelper.NAMENODE_ADDRESS, addr); return new URL(scheme, hostname, port, "/getFileChecksum" + encodedPath + '?' + "ugi=" + ServletUtil.encodeQueryValue(ugi.getShortUserName()) + dtParam + addrParam); }
UserGroupInformation ugi() throws IOException { if (UserGroupInformation.isSecurityEnabled()) { return tokenUGI(); } final String usernameFromQuery = params.userName(); final String doAsUserFromQuery = params.doAsUser(); final String remoteUser = usernameFromQuery == null ? JspHelper.getDefaultWebUserName(params.conf()) // not specified in // request : usernameFromQuery; UserGroupInformation ugi = UserGroupInformation.createRemoteUser(remoteUser); JspHelper.checkUsername(ugi.getShortUserName(), usernameFromQuery); if (doAsUserFromQuery != null) { // create and attempt to authorize a proxy user ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi); } return ugi; }
private void init(final UserGroupInformation ugi, final DelegationParam delegation, final UserParam username, final DoAsParam doAsUser, final UriFsPathParam path, final HttpOpParam<?> op, final Param<?, ?>... parameters) { if (LOG.isTraceEnabled()) { LOG.trace("HTTP " + op.getValue().getType() + ": " + op + ", " + path + ", ugi=" + ugi + ", " + username + ", " + doAsUser + Param.toSortedString(", ", parameters)); } //clear content type response.setContentType(null); // set the remote address, if coming in via a trust proxy server then // the address with be that of the proxied client REMOTE_ADDRESS.set(JspHelper.getRemoteAddr(request)); }
/** * Returns the url parameter for the given string, prefixed with '&'. * * @param name parameter name * @param val parameter value * @return url parameter */ public static String getUrlParam(String name, String val) { return getUrlParam(name, val, false); } }
private static UserGroupInformation getTokenUGI(ServletContext context, HttpServletRequest request, String tokenString, Configuration conf) throws IOException { final Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(); token.decodeFromUrlString(tokenString); InetSocketAddress serviceAddress = getNNServiceAddress(context, request); if (serviceAddress != null) { SecurityUtil.setTokenService(token, serviceAddress); token.setKind(DelegationTokenIdentifier.HDFS_DELEGATION_KIND); } ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); DelegationTokenIdentifier id = new DelegationTokenIdentifier(); id.readFields(in); if (context != null) { final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context); if (nn != null) { // Verify the token. nn.getNamesystem().verifyToken(id, token.getPassword()); } } UserGroupInformation ugi = id.getUser(); ugi.addToken(token); return ugi; }
protected String addDelegationTokenParam(String query) throws IOException { String tokenString = null; if (UserGroupInformation.isSecurityEnabled()) { synchronized (this) { tokenAspect.ensureTokenInitialized(); if (delegationToken != null) { tokenString = delegationToken.encodeToUrlString(); return (query + JspHelper.getDelegationTokenUrlParam(tokenString)); } } } return query; }
public static DatanodeInfo bestNode(LocatedBlocks blks, Configuration conf) throws IOException { HashMap<DatanodeInfo, NodeRecord> map = new HashMap<DatanodeInfo, NodeRecord>(); for (LocatedBlock block : blks.getLocatedBlocks()) { DatanodeInfo[] nodes = block.getLocations(); for (DatanodeInfo node : nodes) { NodeRecord record = map.get(node); if (record == null) { map.put(node, new NodeRecord(node, 1)); } else { record.frequency++; } } } NodeRecord[] nodes = map.values().toArray(new NodeRecord[map.size()]); Arrays.sort(nodes, new NodeRecordComparator()); return bestNode(nodes, false); }
final boolean tryUgiParameter) throws IOException { UserGroupInformation ugi = null; final String usernameFromQuery = getUsernameFromQuery(request, tryUgiParameter); final String doAsUserFromQuery = request.getParameter(DoAsParam.NAME); final String remoteUser; ugi = getTokenUGI(context, request, tokenString, conf); checkUsername(ugi.getShortUserName(), usernameFromQuery); checkUsername(ugi.getShortUserName(), doAsUserFromQuery); } else if (remoteUser == null) { throw new IOException( ? getDefaultWebUserName(conf) // not specified in request : usernameFromQuery; checkUsername(ugi.getShortUserName(), usernameFromQuery); if (UserGroupInformation.isSecurityEnabled()) { ProxyUsers.authorize(ugi, getRemoteAddr(request));
/** Same as getUGI(context, request, conf, KERBEROS_SSL, true). */ public static UserGroupInformation getUGI(ServletContext context, HttpServletRequest request, Configuration conf) throws IOException { return getUGI(context, request, conf, AuthenticationMethod.KERBEROS_SSL, true); }