private void validateRequest(ServletContext context, Configuration conf, HttpServletRequest request, HttpServletResponse response, FSImage nnImage, String theirStorageInfoString) throws IOException { if (UserGroupInformation.isSecurityEnabled() && !isValidRequestor(context, request.getUserPrincipal().getName(), conf)) { String errorMsg = "Only Namenode, Secondary Namenode, and administrators may access " + "this servlet"; response.sendError(HttpServletResponse.SC_FORBIDDEN, errorMsg); LOG.warn("Received non-NN/SNN/administrator request for image or edits from " + request.getUserPrincipal().getName() + " at " + request.getRemoteHost()); throw new IOException(errorMsg); } String myStorageInfoString = nnImage.getStorage().toColonSeparatedString(); if (theirStorageInfoString != null && !myStorageInfoString.equals(theirStorageInfoString)) { String errorMsg = "This namenode has storage info " + myStorageInfoString + " but the secondary expected " + theirStorageInfoString; response.sendError(HttpServletResponse.SC_FORBIDDEN, errorMsg); LOG.warn("Received an invalid request file transfer request " + "from a secondary with storage info " + theirStorageInfoString); throw new IOException(errorMsg); } }
private void validateRequest(ServletContext context, Configuration conf, HttpServletRequest request, HttpServletResponse response, FSImage nnImage, String theirStorageInfoString) throws IOException { if (UserGroupInformation.isSecurityEnabled() && !isValidRequestor(context, request.getUserPrincipal().getName(), conf)) { String errorMsg = "Only Namenode, Secondary Namenode, and administrators may access " + "this servlet"; response.sendError(HttpServletResponse.SC_FORBIDDEN, errorMsg); LOG.warn("Received non-NN/SNN/administrator request for image or edits from " + request.getUserPrincipal().getName() + " at " + request.getRemoteHost()); throw new IOException(errorMsg); } String myStorageInfoString = nnImage.getStorage().toColonSeparatedString(); if (theirStorageInfoString != null && !myStorageInfoString.equals(theirStorageInfoString)) { String errorMsg = "This namenode has storage info " + myStorageInfoString + " but the secondary expected " + theirStorageInfoString; response.sendError(HttpServletResponse.SC_FORBIDDEN, errorMsg); LOG.warn("Received an invalid request file transfer request " + "from a secondary with storage info " + theirStorageInfoString); throw new IOException(errorMsg); } }
private void validateRequest(ServletContext context, Configuration conf, HttpServletRequest request, HttpServletResponse response, FSImage nnImage, String theirStorageInfoString) throws IOException { if (UserGroupInformation.isSecurityEnabled() && !isValidRequestor(context, request.getUserPrincipal().getName(), conf)) { String errorMsg = "Only Namenode, Secondary Namenode, and administrators may access " + "this servlet"; response.sendError(HttpServletResponse.SC_FORBIDDEN, errorMsg); LOG.warn("Received non-NN/SNN/administrator request for image or edits from " + request.getUserPrincipal().getName() + " at " + request.getRemoteHost()); throw new IOException(errorMsg); } String myStorageInfoString = nnImage.getStorage().toColonSeparatedString(); if (theirStorageInfoString != null && !myStorageInfoString.equals(theirStorageInfoString)) { String errorMsg = "This namenode has storage info " + myStorageInfoString + " but the secondary expected " + theirStorageInfoString; response.sendError(HttpServletResponse.SC_FORBIDDEN, errorMsg); LOG.warn("Received an invalid request file transfer request " + "from a secondary with storage info " + theirStorageInfoString); throw new IOException(errorMsg); } }
assertTrue(ImageServlet.isValidRequestor(context, "hdfs/host2@TEST-REALM.COM", conf)); assertTrue(ImageServlet.isValidRequestor(context, "hdfs/host2@TEST-REALM.COM", conf)); assertTrue(ImageServlet.isValidRequestor(context, "atm@TEST-REALM.COM", conf)); assertFalse(ImageServlet.isValidRequestor(context, "todd@TEST-REALM.COM", conf));