You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by cn...@apache.org on 2014/03/17 21:52:39 UTC
svn commit: r1578565 - in /hadoop/common/branches/branch-1-win: ./
src/hdfs/org/apache/hadoop/hdfs/
src/hdfs/org/apache/hadoop/hdfs/server/namenode/
src/hdfs/org/apache/hadoop/hdfs/web/ src/test/org/apache/hadoop/hdfs/web/
Author: cnauroth
Date: Mon Mar 17 20:52:39 2014
New Revision: 1578565
URL: http://svn.apache.org/r1578565
Log:
HDFS-5516. WebHDFS does not require user name when anonymous http requests are disallowed. Contributed by Miodrag Radulovic.
Modified:
hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt
hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java
hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java
hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java
Modified: hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt (original)
+++ hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt Mon Mar 17 20:52:39 2014
@@ -510,3 +510,6 @@ Branch-hadoop-1-win (branched from branc
HADOOP-10142. Avoid groups lookup for unprivileged users such as "dr.who"
(vinay, backported by Xi Fang via cnauroth)
+
+ HDFS-5516. WebHDFS does not require user name when anonymous http requests
+ are disallowed. (Miodrag Radulovic via cnauroth)
Modified: hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java (original)
+++ hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java Mon Mar 17 20:52:39 2014
@@ -284,7 +284,8 @@ public class DFSConfigKeys extends Commo
public static final String DFS_SECONDARY_NAMENODE_INTERNAL_SPENGO_USER_NAME_KEY = "dfs.secondary.namenode.kerberos.internal.spnego.principal";
public static final String DFS_NAMENODE_NAME_CACHE_THRESHOLD_KEY = "dfs.namenode.name.cache.threshold";
public static final int DFS_NAMENODE_NAME_CACHE_THRESHOLD_DEFAULT = 10;
-
+
+ public static final String DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED = "dfs.web.authentication.simple.anonymous.allowed";
public static final String DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY = "dfs.web.authentication.kerberos.principal";
public static final String DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY = "dfs.web.authentication.kerberos.keytab";
public static final String DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY = "dfs.block.local-path-access.user";
Modified: hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java Mon Mar 17 20:52:39 2014
@@ -503,6 +503,13 @@ public class NameNode implements ClientP
DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
httpKeytab);
}
+ String anonymousAllowed = conf
+ .get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED);
+ if (anonymousAllowed != null && !anonymousAllowed.isEmpty()) {
+ params.put(
+ DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+ anonymousAllowed);
+ }
return params;
}
};
Modified: hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java (original)
+++ hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java Mon Mar 17 20:52:39 2014
@@ -64,8 +64,10 @@ public class AuthFilter extends Authenti
// set authentication type
p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
- //For Pseudo Authentication, allow anonymous.
- p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+ // if not set, enable anonymous for pseudo authentication
+ if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
+ p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+ }
//set cookie path
p.setProperty(COOKIE_PATH, "/");
return p;
Modified: hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java (original)
+++ hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java Mon Mar 17 20:52:39 2014
@@ -75,4 +75,27 @@ public class TestAuthFilter {
Assert.assertEquals("true",
p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
}
+
+ @Test
+ public void testGetSimpleAuthDisabledConfiguration() throws ServletException {
+ AuthFilter filter = new AuthFilter();
+ Map<String, String> m = new HashMap<String,String>();
+ m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+ "false");
+ FilterConfig config = new DummyFilterConfig(m);
+ Properties p = filter.getConfiguration("random", config);
+ Assert.assertEquals("false",
+ p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+ }
+
+ @Test
+ public void testGetSimpleAuthDefaultConfiguration() throws ServletException {
+ AuthFilter filter = new AuthFilter();
+ Map<String, String> m = new HashMap<String,String>();
+
+ FilterConfig config = new DummyFilterConfig(m);
+ Properties p = filter.getConfiguration("random", config);
+ Assert.assertEquals("true",
+ p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+ }
}