You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2019/10/01 00:21:48 UTC
[hadoop] branch branch-3.2 updated (79359e2 -> f42c8a4)
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a change to branch branch-3.2
in repository https://gitbox.apache.org/repos/asf/hadoop.git.
from 79359e2 HADOOP-16461. Regression: FileSystem cache lock parses XML within the lock.
new 85aff9f HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
new f42c8a4 HADOOP-15014. Addendum: KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../key/kms/server/KMSExceptionsProvider.java | 5 +-
.../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 58 ++++++++++----
.../crypto/key/kms/server/TestKMSMDCFilter.java | 88 ++++++++++++++++++++++
3 files changed, 136 insertions(+), 15 deletions(-)
create mode 100644 hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org
[hadoop] 02/02: HADOOP-15014. Addendum: KMS should log the IP
address of the clients. Contributed by Zsombor Gegesy.
Posted by we...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.2
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit f42c8a44ae686590595fc8aef4a2ca853c7be6c4
Author: Zsombor Gegesy <zs...@apache.org>
AuthorDate: Wed Aug 7 20:55:10 2019 -0700
HADOOP-15014. Addendum: KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
(cherry picked from commit b0131bc265453051820e54908e70d39433c227ab)
---
.../crypto/key/kms/server/TestKMSMDCFilter.java | 88 ++++++++++++++++++++++
1 file changed, 88 insertions(+)
diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java
new file mode 100644
index 0000000..42d1dc0
--- /dev/null
+++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSMDCFilter.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.crypto.key.kms.server;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+/**
+ * Test for {@link KMSMDCFilter}.
+ *
+ */
+public class TestKMSMDCFilter {
+
+ private static final String REMOTE_ADDRESS = "192.168.100.100";
+ private static final String URL = "/admin";
+ private static final String METHOD = "GET";
+
+ private KMSMDCFilter filter;
+ private HttpServletRequest httpRequest;
+ private HttpServletResponse httpResponse;
+
+ @Before
+ public void setUp() throws IOException {
+ filter = new KMSMDCFilter();
+ httpRequest = Mockito.mock(HttpServletRequest.class);
+ httpResponse = Mockito.mock(HttpServletResponse.class);
+ KMSMDCFilter.setContext(null, null, null, null);
+ }
+
+ @Test
+ public void testFilter() throws IOException, ServletException {
+ when(httpRequest.getMethod()).thenReturn(METHOD);
+ when(httpRequest.getRequestURL()).thenReturn(new StringBuffer(URL));
+ when(httpRequest.getRemoteAddr()).thenReturn(REMOTE_ADDRESS);
+
+ FilterChain filterChain = new FilterChain() {
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response)
+ throws IOException, ServletException {
+ assertEquals("filter.remoteClientAddress", REMOTE_ADDRESS,
+ KMSMDCFilter.getRemoteClientAddress());
+ assertEquals("filter.method", METHOD, KMSMDCFilter.getMethod());
+ assertEquals("filter.url", URL, KMSMDCFilter.getURL());
+ }
+ };
+
+ checkMDCValuesAreEmpty();
+ filter.doFilter(httpRequest, httpResponse, filterChain);
+ checkMDCValuesAreEmpty();
+ }
+
+ private void checkMDCValuesAreEmpty() {
+ assertNull("getRemoteClientAddress", KMSMDCFilter.getRemoteClientAddress());
+ assertNull("getMethod", KMSMDCFilter.getMethod());
+ assertNull("getURL", KMSMDCFilter.getURL());
+ assertNull("getUgi", KMSMDCFilter.getUgi());
+ }
+
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org
[hadoop] 01/02: HADOOP-15014. KMS should log the IP address of the
clients. Contributed by Zsombor Gegesy.
Posted by we...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.2
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit 85aff9faccd4252f73994c79020b3590e323ed7c
Author: Zsombor Gegesy <zs...@apache.org>
AuthorDate: Tue Apr 16 05:27:29 2019 -0700
HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
(cherry picked from commit 008766c119d9ed9d568f9458ed0c02136962da5b)
---
.../key/kms/server/KMSExceptionsProvider.java | 5 +-
.../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 58 +++++++++++++++++-----
2 files changed, 48 insertions(+), 15 deletions(-)
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
index 3d97753..ceaa8bc 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
@@ -111,9 +111,10 @@ public class KMSExceptionsProvider implements ExceptionMapper<Exception> {
UserGroupInformation ugi = KMSMDCFilter.getUgi();
String method = KMSMDCFilter.getMethod();
String url = KMSMDCFilter.getURL();
+ String remoteClientAddress = KMSMDCFilter.getRemoteClientAddress();
String msg = getOneLineMessage(ex);
- LOG.warn("User:'{}' Method:{} URL:{} Response:{}-{}", ugi, method, url,
- status, msg, ex);
+ LOG.warn("User:'{}' Method:{} URL:{} From:{} Response:{}-{}", ugi, method,
+ url, remoteClientAddress, status, msg, ex);
}
}
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index 81591e5..f3c0bbd 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -21,6 +21,8 @@ import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
+import com.google.common.annotations.VisibleForTesting;
+
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -38,29 +40,40 @@ import java.io.IOException;
public class KMSMDCFilter implements Filter {
private static class Data {
- private UserGroupInformation ugi;
- private String method;
- private StringBuffer url;
+ private final UserGroupInformation ugi;
+ private final String method;
+ private final String url;
+ private final String remoteClientAddress;
- private Data(UserGroupInformation ugi, String method, StringBuffer url) {
+ private Data(UserGroupInformation ugi, String method, String url,
+ String remoteClientAddress) {
this.ugi = ugi;
this.method = method;
this.url = url;
+ this.remoteClientAddress = remoteClientAddress;
}
}
private static final ThreadLocal<Data> DATA_TL = new ThreadLocal<Data>();
public static UserGroupInformation getUgi() {
- return DATA_TL.get().ugi;
+ Data data = DATA_TL.get();
+ return data != null ? data.ugi : null;
}
public static String getMethod() {
- return DATA_TL.get().method;
+ Data data = DATA_TL.get();
+ return data != null ? data.method : null;
}
public static String getURL() {
- return DATA_TL.get().url.toString();
+ Data data = DATA_TL.get();
+ return data != null ? data.url : null;
+ }
+
+ public static String getRemoteClientAddress() {
+ Data data = DATA_TL.get();
+ return data != null ? data.remoteClientAddress : null;
}
@Override
@@ -72,22 +85,41 @@ public class KMSMDCFilter implements Filter {
FilterChain chain)
throws IOException, ServletException {
try {
- DATA_TL.remove();
+ clearContext();
UserGroupInformation ugi = HttpUserGroupInformation.get();
- String method = ((HttpServletRequest) request).getMethod();
- StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
- String queryString = ((HttpServletRequest) request).getQueryString();
+ HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+ String method = httpServletRequest.getMethod();
+ StringBuffer requestURL = httpServletRequest.getRequestURL();
+ String queryString = httpServletRequest.getQueryString();
if (queryString != null) {
requestURL.append("?").append(queryString);
}
- DATA_TL.set(new Data(ugi, method, requestURL));
+ setContext(ugi, method, requestURL.toString(), request.getRemoteAddr());
chain.doFilter(request, response);
} finally {
- DATA_TL.remove();
+ clearContext();
}
}
@Override
public void destroy() {
}
+
+ /**
+ * Sets the context with the given parameters.
+ * @param ugi the {@link UserGroupInformation} for the current request.
+ * @param method the http method
+ * @param requestURL the requested URL.
+ * @param remoteAddr the remote address of the client.
+ */
+ @VisibleForTesting
+ public static void setContext(UserGroupInformation ugi,
+ String method, String requestURL, String remoteAddr) {
+ DATA_TL.set(new Data(ugi, method, requestURL, remoteAddr));
+ }
+
+ private static void clearContext() {
+ DATA_TL.remove();
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org