@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { try { DATA_TL.remove(); UserGroupInformation ugi = HttpUserGroupInformation.get(); String method = ((HttpServletRequest) request).getMethod(); StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL(); String queryString = ((HttpServletRequest) request).getQueryString(); if (queryString != null) { requestURL.append("?").append(queryString); } DATA_TL.set(new Data(ugi, method, requestURL)); chain.doFilter(request, response); } finally { DATA_TL.remove(); } }
@GET @Path(KMSRESTConstants.KEYS_METADATA_RESOURCE) @Produces(MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8) public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY) List<String> keyNamesList) throws Exception { try { LOG.trace("Entering getKeysMetadata method."); KMSWebApp.getAdminCallsMeter().mark(); UserGroupInformation user = HttpUserGroupInformation.get(); final String[] keyNames = keyNamesList.toArray( new String[keyNamesList.size()]); assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA); KeyProvider.Metadata[] keysMeta = user.doAs( new PrivilegedExceptionAction<KeyProvider.Metadata[]>() { @Override public KeyProvider.Metadata[] run() throws Exception { return provider.getKeysMetadata(keyNames); } } ); Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta); kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, ""); LOG.trace("Exiting getKeysMetadata method."); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json) .build(); } catch (Exception e) { LOG.debug("Exception in getKeysmetadata.", e); throw e; } }
@GET @Path(KMSRESTConstants.KEYS_NAMES_RESOURCE) @Produces(MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8) public Response getKeyNames() throws Exception { try { LOG.trace("Entering getKeyNames method."); KMSWebApp.getAdminCallsMeter().mark(); UserGroupInformation user = HttpUserGroupInformation.get(); assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS); List<String> json = user.doAs( new PrivilegedExceptionAction<List<String>>() { @Override public List<String> run() throws Exception { return provider.getKeys(); } } ); kmsAudit.ok(user, KMSOp.GET_KEYS, ""); LOG.trace("Exiting getKeyNames method."); return Response.ok().type(MediaType.APPLICATION_JSON).entity(json) .build(); } catch (Exception e) { LOG.debug("Exception in getkeyNames.", e); throw e; } }
@POST @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.INVALIDATECACHE_RESOURCE) public Response invalidateCache(@PathParam("name") final String name) throws Exception { try { LOG.trace("Entering invalidateCache Method."); KMSWebApp.getAdminCallsMeter().mark(); checkNotEmpty(name, "name"); UserGroupInformation user = HttpUserGroupInformation.get(); assertAccess(KMSACLs.Type.ROLLOVER, user, KMSOp.INVALIDATE_CACHE, name); LOG.debug("Invalidating cache with key name {}.", name); user.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { provider.invalidateCache(name); provider.flush(); return null; } }); kmsAudit.ok(user, KMSOp.INVALIDATE_CACHE, name, ""); LOG.trace("Exiting invalidateCache for key name {}.", name); return Response.ok().build(); } catch (Exception e) { LOG.debug("Exception in invalidateCache for key name {}.", name, e); throw e; } }
try { LOG.trace("Entering getMetadata method."); UserGroupInformation user = HttpUserGroupInformation.get(); checkNotEmpty(name, "name"); KMSWebApp.getAdminCallsMeter().mark();
@DELETE @Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}") public Response deleteKey(@PathParam("name") final String name) throws Exception { try { LOG.trace("Entering deleteKey method."); KMSWebApp.getAdminCallsMeter().mark(); UserGroupInformation user = HttpUserGroupInformation.get(); assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name); checkNotEmpty(name, "name"); LOG.debug("Deleting key with name {}.", name); user.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { provider.deleteKey(name); provider.flush(); return null; } }); kmsAudit.ok(user, KMSOp.DELETE_KEY, name, ""); LOG.trace("Exiting deleteKey method."); return Response.ok().build(); } catch (Exception e) { LOG.debug("Exception in deleteKey.", e); throw e; } }
try { LOG.trace("Entering getKeyVersion method."); UserGroupInformation user = HttpUserGroupInformation.get(); checkNotEmpty(versionName, "versionName"); KMSWebApp.getKeyCallsMeter().mark();
try { LOG.trace("Entering getCurrentVersion method."); UserGroupInformation user = HttpUserGroupInformation.get(); checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark();
try { LOG.trace("Entering getKeyVersions method."); UserGroupInformation user = HttpUserGroupInformation.get(); checkNotEmpty(name, "name"); KMSWebApp.getKeyCallsMeter().mark();
try { LOG.trace("Entering generateEncryptedKeys method."); UserGroupInformation user = HttpUserGroupInformation.get(); checkNotEmpty(name, "name"); checkNotNull(edekOp, "eekOp");
LOG.trace("Entering rolloverKey Method."); KMSWebApp.getAdminCallsMeter().mark(); UserGroupInformation user = HttpUserGroupInformation.get(); assertAccess(KMSACLs.Type.ROLLOVER, user, KMSOp.ROLL_NEW_VERSION, name); checkNotEmpty(name, "name");
checkNotEmpty(name, "name"); checkNotNull(jsonPayload, "jsonPayload"); final UserGroupInformation user = HttpUserGroupInformation.get(); KMSWebApp.getReencryptEEKBatchCallsMeter().mark(); if (jsonPayload.size() > MAX_NUM_PER_BATCH) {
try { LOG.trace("Entering decryptEncryptedKey method."); UserGroupInformation user = HttpUserGroupInformation.get(); checkNotEmpty(versionName, "versionName"); checkNotNull(eekOp, "eekOp");
@Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { UserGroupInformation ugi = HttpUserGroupInformation.get(); if (ugi != null) { String ret = "remoteuser=" + req.getRemoteUser() + ":ugi=" + ugi.getShortUserName(); if (ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) { ret = "realugi=" + ugi.getRealUser().getShortUserName() + ":" + ret; } resp.setStatus(HttpServletResponse.SC_OK); resp.getWriter().write(ret); } else { resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } }
@Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { UserGroupInformation ugi = HttpUserGroupInformation.get(); if (ugi != null) { String ret = "remoteuser=" + req.getRemoteUser() + ":ugi=" + ugi.getShortUserName(); if (ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) { ret = "realugi=" + ugi.getRealUser().getShortUserName() + ":" + ret; } resp.setStatus(HttpServletResponse.SC_OK); resp.getWriter().write(ret); } else { resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } }
@Context HttpServletRequest request) throws IOException, FileSystemAccessException { UserGroupInformation user = HttpUserGroupInformation.get(); Response response; path = makeAbsolute(path);
@Context HttpServletRequest request) throws IOException, FileSystemAccessException { UserGroupInformation user = HttpUserGroupInformation.get(); Response response; path = makeAbsolute(path);
LOG.trace("Entering createKey Method."); KMSWebApp.getAdminCallsMeter().mark(); UserGroupInformation user = HttpUserGroupInformation.get(); final String name = (String) jsonKey.get(KMSRESTConstants.NAME_FIELD); checkNotEmpty(name, KMSRESTConstants.NAME_FIELD);
@Context HttpServletRequest request) throws IOException, FileSystemAccessException { UserGroupInformation user = HttpUserGroupInformation.get(); Response response; path = makeAbsolute(path);
@Context HttpServletRequest request) throws IOException, FileSystemAccessException { UserGroupInformation user = HttpUserGroupInformation.get(); Response response; path = makeAbsolute(path);