You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/06 18:21:56 UTC
git commit: KNOX-112 adding a logging for incomingResponse (from the
Hadoop service) statusCode in the dispatch.
Updated Branches:
refs/heads/master b00493ec9 -> 869783e4b
KNOX-112 adding a logging for incomingResponse (from the Hadoop service) statusCode in the dispatch.
Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/869783e4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/869783e4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/869783e4
Branch: refs/heads/master
Commit: 869783e4bb71b7dc65e67cb7184f59a19571d5b9
Parents: b00493e
Author: Larry McCay <lm...@hortonworks.com>
Authored: Fri Sep 6 12:12:59 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Fri Sep 6 12:12:59 2013 -0400
----------------------------------------------------------------------
.../apache/hadoop/gateway/GatewayMessages.java | 3 +
.../gateway/dispatch/HttpClientDispatch.java | 63 ++++++++++++--------
2 files changed, 40 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/869783e4/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
index d576038..ff102a9 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
@@ -266,4 +266,7 @@ public interface GatewayMessages {
@Message( level = MessageLevel.ERROR, text = "Failed Knox->Hadoop SPNegotiation authentication for URL: {0}" )
void failedSPNegoAuthn(String uri);
+
+ @Message( level = MessageLevel.DEBUG, text = "Status Code Returned from Request Dispatch: {0}" )
+ void dispatchResponseStatusCode(int statusCode);
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/869783e4/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
index 25fede5..a49649d 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
@@ -36,6 +36,7 @@ import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.auth.Credentials;
+import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpOptions;
@@ -88,37 +89,15 @@ public class HttpClientDispatch extends AbstractGatewayDispatch {
inboundResponse = client.execute(outboundRequest);
} else {
// Kerberos secured, no delegation token in query string
- outboundRequest.removeHeaders(COOKIE);
- String appCookie = appCookieManager.getCachedAppCookie();
- if (appCookie != null) {
- outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
- }
- inboundResponse = client.execute(outboundRequest);
- // if inBoundResponse has status 401 and header WWW-Authenticate: Negoitate
- // refresh hadoop.auth.cookie and attempt one more time
- int statusCode = inboundResponse.getStatusLine().getStatusCode();
- if (statusCode == HttpStatus.SC_UNAUTHORIZED ) {
- Header[] wwwAuthHeaders = inboundResponse.getHeaders(WWW_AUTHENTICATE) ;
- if (wwwAuthHeaders != null && wwwAuthHeaders.length != 0 &&
- wwwAuthHeaders[0].getValue().trim().startsWith(NEGOTIATE)) {
- appCookie = appCookieManager.getAppCookie(outboundRequest, true);
- outboundRequest.removeHeaders(COOKIE);
- outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
- client = new DefaultHttpClient();
- inboundResponse = client.execute(outboundRequest);
- } else {
- // no supported authentication type found
- // we would let the original response propogate
- }
- } else {
- // not a 401 Unauthorized status code
- // we would let the original response propogate
- }
+ inboundResponse = executeKerberosDispatch(outboundRequest, client);
}
} catch (IOException e) {
// we do not want to expose back end host. port end points to clients, see JIRA KNOX-58
LOG.dispatchServiceConnectionException( outboundRequest.getURI(), e );
throw new IOException( RES.dispatchConnectionError() );
+ } finally {
+ int statusCode = inboundResponse.getStatusLine().getStatusCode();
+ LOG.dispatchResponseStatusCode( statusCode );
}
// Copy the client respond header to the server respond.
@@ -150,6 +129,38 @@ public class HttpClientDispatch extends AbstractGatewayDispatch {
}
}
+ private HttpResponse executeKerberosDispatch(HttpUriRequest outboundRequest,
+ DefaultHttpClient client) throws IOException, ClientProtocolException {
+ HttpResponse inboundResponse;
+ outboundRequest.removeHeaders(COOKIE);
+ String appCookie = appCookieManager.getCachedAppCookie();
+ if (appCookie != null) {
+ outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
+ }
+ inboundResponse = client.execute(outboundRequest);
+ // if inBoundResponse has status 401 and header WWW-Authenticate: Negoitate
+ // refresh hadoop.auth.cookie and attempt one more time
+ int statusCode = inboundResponse.getStatusLine().getStatusCode();
+ if (statusCode == HttpStatus.SC_UNAUTHORIZED ) {
+ Header[] wwwAuthHeaders = inboundResponse.getHeaders(WWW_AUTHENTICATE) ;
+ if (wwwAuthHeaders != null && wwwAuthHeaders.length != 0 &&
+ wwwAuthHeaders[0].getValue().trim().startsWith(NEGOTIATE)) {
+ appCookie = appCookieManager.getAppCookie(outboundRequest, true);
+ outboundRequest.removeHeaders(COOKIE);
+ outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
+ client = new DefaultHttpClient();
+ inboundResponse = client.execute(outboundRequest);
+ } else {
+ // no supported authentication type found
+ // we would let the original response propogate
+ }
+ } else {
+ // not a 401 Unauthorized status code
+ // we would let the original response propogate
+ }
+ return inboundResponse;
+ }
+
protected HttpEntity createRequestEntity(HttpServletRequest request)
throws IOException {