You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2019/10/01 00:21:45 UTC
[hadoop] branch branch-3.1 updated (b9dc2c1 -> db5b835)
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a change to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/hadoop.git.
from b9dc2c1 HADOOP-16461. Regression: FileSystem cache lock parses XML within the lock.
new b59911d HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
new db5b835 HADOOP-15014. Addendum: KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../key/kms/server/KMSExceptionsProvider.java | 5 +-
.../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 58 ++++++++++----
.../crypto/key/kms/server/TestKMSMDCFilter.java | 88 ++++++++++++++++++++++
3 files changed, 136 insertions(+), 15 deletions(-)
create mode 100644 hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org
[hadoop] 01/02: HADOOP-15014. KMS should log the IP address of the
clients. Contributed by Zsombor Gegesy.
Posted by we...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit b59911d841ec016c0b0ee3115c8efea4a84a6d1d
Author: Zsombor Gegesy <zs...@apache.org>
AuthorDate: Tue Apr 16 05:27:29 2019 -0700
HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
(cherry picked from commit 008766c119d9ed9d568f9458ed0c02136962da5b)
---
.../key/kms/server/KMSExceptionsProvider.java | 5 +-
.../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 58 +++++++++++++++++-----
2 files changed, 48 insertions(+), 15 deletions(-)
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
index 3d97753..ceaa8bc 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
@@ -111,9 +111,10 @@ public class KMSExceptionsProvider implements ExceptionMapper<Exception> {
UserGroupInformation ugi = KMSMDCFilter.getUgi();
String method = KMSMDCFilter.getMethod();
String url = KMSMDCFilter.getURL();
+ String remoteClientAddress = KMSMDCFilter.getRemoteClientAddress();
String msg = getOneLineMessage(ex);
- LOG.warn("User:'{}' Method:{} URL:{} Response:{}-{}", ugi, method, url,
- status, msg, ex);
+ LOG.warn("User:'{}' Method:{} URL:{} From:{} Response:{}-{}", ugi, method,
+ url, remoteClientAddress, status, msg, ex);
}
}
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index 81591e5..f3c0bbd 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -21,6 +21,8 @@ import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
+import com.google.common.annotations.VisibleForTesting;
+
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -38,29 +40,40 @@ import java.io.IOException;
public class KMSMDCFilter implements Filter {
private static class Data {
- private UserGroupInformation ugi;
- private String method;
- private StringBuffer url;
+ private final UserGroupInformation ugi;
+ private final String method;
+ private final String url;
+ private final String remoteClientAddress;
- private Data(UserGroupInformation ugi, String method, StringBuffer url) {
+ private Data(UserGroupInformation ugi, String method, String url,
+ String remoteClientAddress) {
this.ugi = ugi;
this.method = method;
this.url = url;
+ this.remoteClientAddress = remoteClientAddress;
}
}
private static final ThreadLocal<Data> DATA_TL = new ThreadLocal<Data>();
public static UserGroupInformation getUgi() {
- return DATA_TL.get().ugi;
+ Data data = DATA_TL.get();
+ return data != null ? data.ugi : null;
}
public static String getMethod() {
- return DATA_TL.get().method;
+ Data data = DATA_TL.get();
+ return data != null ? data.method : null;
}
public static String getURL() {
- return DATA_TL.get().url.toString();
+ Data data = DATA_TL.get();
+ return data != null ? data.url : null;
+ }
+
+ public static String getRemoteClientAddress() {
+ Data data = DATA_TL.get();
+ return data != null ? data.remoteClientAddress : null;
}
@Override
@@ -72,22 +85,41 @@ public class KMSMDCFilter implements Filter {
FilterChain chain)
throws IOException, ServletException {
try {
- DATA_TL.remove();
+ clearContext();
UserGroupInformation ugi = HttpUserGroupInformation.get();
- String method = ((HttpServletRequest) request).getMethod();
- StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
- String queryString = ((HttpServletRequest) request).getQueryString();
+ HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+ String method = httpServletRequest.getMethod();
+ StringBuffer requestURL = httpServletRequest.getRequestURL();
+ String queryString = httpServletRequest.getQueryString();
if (queryString != null) {
requestURL.append("?").append(queryString);
}
- DATA_TL.set(new Data(ugi, method, requestURL));
+ setContext(ugi, method, requestURL.toString(), request.getRemoteAddr());
chain.doFilter(request, response);
} finally {
- DATA_TL.remove();
+ clearContext();
}
}
@Override
public void destroy() {
}
+
+ /**
+ * Sets the context with the given parameters.
+ * @param ugi the {@link UserGroupInformation} for the current request.
+ * @param method the http method
+ * @param requestURL the requested URL.
+ * @param remoteAddr the remote address of the client.
+ */
+ @VisibleForTesting
+ public static void setContext(UserGroupInformation ugi,
+ String method, String requestURL, String remoteAddr) {
+ DATA_TL.set(new Data(ugi, method, requestURL, remoteAddr));
+ }
+
+ private static void clearContext() {
+ DATA_TL.remove();
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org
[hadoop] 02/02: HADOOP-15014. Addendum: KMS should log the IP
address of the clients. Contributed by Zsombor Gegesy.
Posted by we...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.1
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit db5b8358cae68ab99464481f36b5f7fa223c8e4a
Author: Zsombor Gegesy <zs...@apache.org>
AuthorDate: Wed Aug 7 20:55:10 2019 -0700
HADOOP-15014. Addendum: KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
(cherry picked from commit b0131bc265453051820e54908e70d39433c227ab)
---
.../crypto/key/kms/server/TestKMSMDCFilter.java | 88 ++++++++++++++++++++++
1 file changed, 88 insertions(+)
diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java
new file mode 100644
index 0000000..42d1dc0
--- /dev/null
+++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.crypto.key.kms.server;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+/**
+ * Test for {@link KMSMDCFilter}.
+ *
+ */
+public class TestKMSMDCFilter {
+
+ private static final String REMOTE_ADDRESS = "192.168.100.100";
+ private static final String URL = "/admin";
+ private static final String METHOD = "GET";
+
+ private KMSMDCFilter filter;
+ private HttpServletRequest httpRequest;
+ private HttpServletResponse httpResponse;
+
+ @Before
+ public void setUp() throws IOException {
+ filter = new KMSMDCFilter();
+ httpRequest = Mockito.mock(HttpServletRequest.class);
+ httpResponse = Mockito.mock(HttpServletResponse.class);
+ KMSMDCFilter.setContext(null, null, null, null);
+ }
+
+ @Test
+ public void testFilter() throws IOException, ServletException {
+ when(httpRequest.getMethod()).thenReturn(METHOD);
+ when(httpRequest.getRequestURL()).thenReturn(new StringBuffer(URL));
+ when(httpRequest.getRemoteAddr()).thenReturn(REMOTE_ADDRESS);
+
+ FilterChain filterChain = new FilterChain() {
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response)
+ throws IOException, ServletException {
+ assertEquals("filter.remoteClientAddress", REMOTE_ADDRESS,
+ KMSMDCFilter.getRemoteClientAddress());
+ assertEquals("filter.method", METHOD, KMSMDCFilter.getMethod());
+ assertEquals("filter.url", URL, KMSMDCFilter.getURL());
+ }
+ };
+
+ checkMDCValuesAreEmpty();
+ filter.doFilter(httpRequest, httpResponse, filterChain);
+ checkMDCValuesAreEmpty();
+ }
+
+ private void checkMDCValuesAreEmpty() {
+ assertNull("getRemoteClientAddress", KMSMDCFilter.getRemoteClientAddress());
+ assertNull("getMethod", KMSMDCFilter.getMethod());
+ assertNull("getURL", KMSMDCFilter.getURL());
+ assertNull("getUgi", KMSMDCFilter.getUgi());
+ }
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org