You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by cn...@apache.org on 2014/03/17 21:52:39 UTC

svn commit: r1578565 - in /hadoop/common/branches/branch-1-win: ./ src/hdfs/org/apache/hadoop/hdfs/ src/hdfs/org/apache/hadoop/hdfs/server/namenode/ src/hdfs/org/apache/hadoop/hdfs/web/ src/test/org/apache/hadoop/hdfs/web/

Author: cnauroth
Date: Mon Mar 17 20:52:39 2014
New Revision: 1578565

URL: http://svn.apache.org/r1578565
Log:
HDFS-5516. WebHDFS does not require user name when anonymous http requests are disallowed. Contributed by Miodrag Radulovic.

Modified:
    hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt
    hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java
    hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
    hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java
    hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java

Modified: hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt (original)
+++ hadoop/common/branches/branch-1-win/CHANGES.branch-1-win.txt Mon Mar 17 20:52:39 2014
@@ -510,3 +510,6 @@ Branch-hadoop-1-win (branched from branc
 
     HADOOP-10142. Avoid groups lookup for unprivileged users such as "dr.who"
     (vinay, backported by Xi Fang via cnauroth)
+
+    HDFS-5516. WebHDFS does not require user name when anonymous http requests
+    are disallowed. (Miodrag Radulovic via cnauroth)

Modified: hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java (original)
+++ hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/DFSConfigKeys.java Mon Mar 17 20:52:39 2014
@@ -284,7 +284,8 @@ public class DFSConfigKeys extends Commo
   public static final String  DFS_SECONDARY_NAMENODE_INTERNAL_SPENGO_USER_NAME_KEY = "dfs.secondary.namenode.kerberos.internal.spnego.principal";
   public static final String  DFS_NAMENODE_NAME_CACHE_THRESHOLD_KEY = "dfs.namenode.name.cache.threshold";
   public static final int     DFS_NAMENODE_NAME_CACHE_THRESHOLD_DEFAULT = 10;
-  
+
+  public static final String  DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED = "dfs.web.authentication.simple.anonymous.allowed";
   public static final String  DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY = "dfs.web.authentication.kerberos.principal";
   public static final String  DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY = "dfs.web.authentication.kerberos.keytab";
   public static final String  DFS_BLOCK_LOCAL_PATH_ACCESS_USER_KEY = "dfs.block.local-path-access.user";

Modified: hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java (original)
+++ hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/server/namenode/NameNode.java Mon Mar 17 20:52:39 2014
@@ -503,6 +503,13 @@ public class NameNode implements ClientP
                     DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
                     httpKeytab);
               }
+              String anonymousAllowed = conf
+                  .get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED);
+              if (anonymousAllowed != null && !anonymousAllowed.isEmpty()) {
+                params.put(
+                    DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+                    anonymousAllowed);
+              }
               return params;
             }
           };

Modified: hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java (original)
+++ hadoop/common/branches/branch-1-win/src/hdfs/org/apache/hadoop/hdfs/web/AuthFilter.java Mon Mar 17 20:52:39 2014
@@ -64,8 +64,10 @@ public class AuthFilter extends Authenti
     // set authentication type
     p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
         KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
-    //For Pseudo Authentication, allow anonymous.
-    p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+    // if not set, enable anonymous for pseudo authentication
+    if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
+      p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+    }
     //set cookie path
     p.setProperty(COOKIE_PATH, "/");
     return p;

Modified: hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java?rev=1578565&r1=1578564&r2=1578565&view=diff
==============================================================================
--- hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java (original)
+++ hadoop/common/branches/branch-1-win/src/test/org/apache/hadoop/hdfs/web/TestAuthFilter.java Mon Mar 17 20:52:39 2014
@@ -75,4 +75,27 @@ public class TestAuthFilter {
     Assert.assertEquals("true",
         p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
   }
+  
+  @Test
+  public void testGetSimpleAuthDisabledConfiguration() throws ServletException {
+    AuthFilter filter = new AuthFilter();
+    Map<String, String> m = new HashMap<String,String>();
+    m.put(DFSConfigKeys.DFS_WEB_AUTHENTICATION_SIMPLE_ANONYMOUS_ALLOWED,
+        "false");
+    FilterConfig config = new DummyFilterConfig(m);
+    Properties p = filter.getConfiguration("random", config);
+    Assert.assertEquals("false",
+        p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+  }
+  
+  @Test
+  public void testGetSimpleAuthDefaultConfiguration() throws ServletException {
+    AuthFilter filter = new AuthFilter();
+    Map<String, String> m = new HashMap<String,String>();
+    
+    FilterConfig config = new DummyFilterConfig(m);
+    Properties p = filter.getConfiguration("random", config);
+    Assert.assertEquals("true",
+        p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
+  }
 }