You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by aw...@apache.org on 2016/02/09 23:16:19 UTC
[1/2] hadoop git commit: HDFS-9760. WebHDFS AuthFilter cannot be
configured with custom AltKerberos auth handler (Ryan Sasson via aw)
Repository: hadoop
Updated Branches:
refs/heads/branch-2 cb53dfcc9 -> 73b195ecc
refs/heads/branch-2.8 e4769775b -> dc325ee55
HDFS-9760. WebHDFS AuthFilter cannot be configured with custom AltKerberos auth handler (Ryan Sasson via aw)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/dc325ee5
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/dc325ee5
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/dc325ee5
Branch: refs/heads/branch-2.8
Commit: dc325ee550179edee6a3fd629458bed88de819ef
Parents: e476977
Author: Allen Wittenauer <aw...@apache.org>
Authored: Tue Feb 9 14:15:21 2016 -0800
Committer: Allen Wittenauer <aw...@apache.org>
Committed: Tue Feb 9 14:16:02 2016 -0800
----------------------------------------------------------------------
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++
.../hdfs/server/namenode/NameNodeHttpServer.java | 11 +++++++++++
.../java/org/apache/hadoop/hdfs/web/AuthFilter.java | 10 ++++++----
.../org/apache/hadoop/hdfs/web/TestAuthFilter.java | 15 +++++++++++++++
4 files changed, 35 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/dc325ee5/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index a819c13..cc9723c 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -1735,6 +1735,9 @@ Release 2.8.0 - UNRELEASED
HDFS-9713. DataXceiver#copyBlock should return if block is pinned.
(umamahesh)
+ HDFS-9760. WebHDFS AuthFilter cannot be configured with custom AltKerberos
+ auth handler (Ryan Sasson via aw)
+
Release 2.7.3 - UNRELEASED
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/dc325ee5/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
index b8ddef9..5fa147e 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
@@ -21,7 +21,9 @@ package org.apache.hadoop.hdfs.server.namenode;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map;
+import java.util.Map.Entry;
import javax.servlet.ServletContext;
@@ -33,6 +35,7 @@ import org.apache.hadoop.hdfs.security.token.delegation.DelegationUtilsClient;
import org.apache.hadoop.hdfs.server.common.JspHelper;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
+import org.apache.hadoop.hdfs.web.AuthFilter;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.resources.Param;
import org.apache.hadoop.hdfs.web.resources.UserParam;
@@ -159,6 +162,14 @@ public class NameNodeHttpServer {
private Map<String, String> getAuthFilterParams(Configuration conf)
throws IOException {
Map<String, String> params = new HashMap<String, String>();
+ // Select configs beginning with 'dfs.web.authentication.'
+ Iterator<Map.Entry<String, String>> iterator = conf.iterator();
+ while (iterator.hasNext()) {
+ Entry<String, String> kvPair = iterator.next();
+ if (kvPair.getKey().startsWith(AuthFilter.CONF_PREFIX)) {
+ params.put(kvPair.getKey(), kvPair.getValue());
+ }
+ }
String principalInConf = conf
.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY);
if (principalInConf != null && !principalInConf.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/hadoop/blob/dc325ee5/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
index 5ad1f24..a8b7bd4 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
@@ -46,7 +46,7 @@ import org.apache.hadoop.util.StringUtils;
* obtains Hadoop-Auth configuration for webhdfs.
*/
public class AuthFilter extends AuthenticationFilter {
- private static final String CONF_PREFIX = "dfs.web.authentication.";
+ public static final String CONF_PREFIX = "dfs.web.authentication.";
/**
* Returns the filter configuration properties,
@@ -62,9 +62,11 @@ public class AuthFilter extends AuthenticationFilter {
protected Properties getConfiguration(String prefix, FilterConfig config)
throws ServletException {
final Properties p = super.getConfiguration(CONF_PREFIX, config);
- // set authentication type
- p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
- KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
+ // if not set, configure based on security enabled
+ if (p.getProperty(AUTH_TYPE) == null) {
+ p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
+ KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
+ }
// if not set, enable anonymous for pseudo authentication
if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
http://git-wip-us.apache.org/repos/asf/hadoop/blob/dc325ee5/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
index b19a08a..9818461 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
@@ -98,4 +98,19 @@ public class TestAuthFilter {
Assert.assertEquals("true",
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
+
+ @Test
+ public void testGetCustomAuthConfiguration() throws ServletException {
+ AuthFilter filter = new AuthFilter();
+ Map<String, String> m = new HashMap<String,String>();
+
+ m.put(AuthFilter.CONF_PREFIX + AuthFilter.AUTH_TYPE, "com.yourclass");
+ m.put(AuthFilter.CONF_PREFIX + "alt-kerberos.param", "value");
+ FilterConfig config = new DummyFilterConfig(m);
+
+ Properties p = filter.getConfiguration(AuthFilter.CONF_PREFIX, config);
+ Assert.assertEquals("com.yourclass", p.getProperty(AuthFilter.AUTH_TYPE));
+ Assert.assertEquals("value", p.getProperty("alt-kerberos.param"));
+ }
+
}
[2/2] hadoop git commit: HDFS-9760. WebHDFS AuthFilter cannot be
configured with custom AltKerberos auth handler (Ryan Sasson via aw)
Posted by aw...@apache.org.
HDFS-9760. WebHDFS AuthFilter cannot be configured with custom AltKerberos auth handler (Ryan Sasson via aw)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/73b195ec
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/73b195ec
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/73b195ec
Branch: refs/heads/branch-2
Commit: 73b195ecccddeec326e8e358569de56a78ebd71d
Parents: cb53dfc
Author: Allen Wittenauer <aw...@apache.org>
Authored: Tue Feb 9 14:15:21 2016 -0800
Committer: Allen Wittenauer <aw...@apache.org>
Committed: Tue Feb 9 14:16:12 2016 -0800
----------------------------------------------------------------------
hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++
.../hdfs/server/namenode/NameNodeHttpServer.java | 11 +++++++++++
.../java/org/apache/hadoop/hdfs/web/AuthFilter.java | 10 ++++++----
.../org/apache/hadoop/hdfs/web/TestAuthFilter.java | 15 +++++++++++++++
4 files changed, 35 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/73b195ec/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index 67f69fc..71445d0 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -1808,6 +1808,9 @@ Release 2.8.0 - UNRELEASED
HDFS-9713. DataXceiver#copyBlock should return if block is pinned.
(umamahesh)
+ HDFS-9760. WebHDFS AuthFilter cannot be configured with custom AltKerberos
+ auth handler (Ryan Sasson via aw)
+
Release 2.7.3 - UNRELEASED
INCOMPATIBLE CHANGES
http://git-wip-us.apache.org/repos/asf/hadoop/blob/73b195ec/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
index b8ddef9..5fa147e 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
@@ -21,7 +21,9 @@ package org.apache.hadoop.hdfs.server.namenode;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map;
+import java.util.Map.Entry;
import javax.servlet.ServletContext;
@@ -33,6 +35,7 @@ import org.apache.hadoop.hdfs.security.token.delegation.DelegationUtilsClient;
import org.apache.hadoop.hdfs.server.common.JspHelper;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
+import org.apache.hadoop.hdfs.web.AuthFilter;
import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
import org.apache.hadoop.hdfs.web.resources.Param;
import org.apache.hadoop.hdfs.web.resources.UserParam;
@@ -159,6 +162,14 @@ public class NameNodeHttpServer {
private Map<String, String> getAuthFilterParams(Configuration conf)
throws IOException {
Map<String, String> params = new HashMap<String, String>();
+ // Select configs beginning with 'dfs.web.authentication.'
+ Iterator<Map.Entry<String, String>> iterator = conf.iterator();
+ while (iterator.hasNext()) {
+ Entry<String, String> kvPair = iterator.next();
+ if (kvPair.getKey().startsWith(AuthFilter.CONF_PREFIX)) {
+ params.put(kvPair.getKey(), kvPair.getValue());
+ }
+ }
String principalInConf = conf
.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY);
if (principalInConf != null && !principalInConf.isEmpty()) {
http://git-wip-us.apache.org/repos/asf/hadoop/blob/73b195ec/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
index 5ad1f24..a8b7bd4 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
@@ -46,7 +46,7 @@ import org.apache.hadoop.util.StringUtils;
* obtains Hadoop-Auth configuration for webhdfs.
*/
public class AuthFilter extends AuthenticationFilter {
- private static final String CONF_PREFIX = "dfs.web.authentication.";
+ public static final String CONF_PREFIX = "dfs.web.authentication.";
/**
* Returns the filter configuration properties,
@@ -62,9 +62,11 @@ public class AuthFilter extends AuthenticationFilter {
protected Properties getConfiguration(String prefix, FilterConfig config)
throws ServletException {
final Properties p = super.getConfiguration(CONF_PREFIX, config);
- // set authentication type
- p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
- KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
+ // if not set, configure based on security enabled
+ if (p.getProperty(AUTH_TYPE) == null) {
+ p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
+ KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
+ }
// if not set, enable anonymous for pseudo authentication
if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
http://git-wip-us.apache.org/repos/asf/hadoop/blob/73b195ec/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
index b19a08a..9818461 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
@@ -98,4 +98,19 @@ public class TestAuthFilter {
Assert.assertEquals("true",
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
+
+ @Test
+ public void testGetCustomAuthConfiguration() throws ServletException {
+ AuthFilter filter = new AuthFilter();
+ Map<String, String> m = new HashMap<String,String>();
+
+ m.put(AuthFilter.CONF_PREFIX + AuthFilter.AUTH_TYPE, "com.yourclass");
+ m.put(AuthFilter.CONF_PREFIX + "alt-kerberos.param", "value");
+ FilterConfig config = new DummyFilterConfig(m);
+
+ Properties p = filter.getConfiguration(AuthFilter.CONF_PREFIX, config);
+ Assert.assertEquals("com.yourclass", p.getProperty(AuthFilter.AUTH_TYPE));
+ Assert.assertEquals("value", p.getProperty("alt-kerberos.param"));
+ }
+
}