You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/06 18:21:56 UTC

git commit: KNOX-112 adding a logging for incomingResponse (from the Hadoop service) statusCode in the dispatch.

Updated Branches:
  refs/heads/master b00493ec9 -> 869783e4b


KNOX-112 adding a logging for incomingResponse (from the Hadoop service) statusCode in the dispatch.

Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/869783e4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/869783e4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/869783e4

Branch: refs/heads/master
Commit: 869783e4bb71b7dc65e67cb7184f59a19571d5b9
Parents: b00493e
Author: Larry McCay <lm...@hortonworks.com>
Authored: Fri Sep 6 12:12:59 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Fri Sep 6 12:12:59 2013 -0400

----------------------------------------------------------------------
 .../apache/hadoop/gateway/GatewayMessages.java  |  3 +
 .../gateway/dispatch/HttpClientDispatch.java    | 63 ++++++++++++--------
 2 files changed, 40 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/869783e4/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
index d576038..ff102a9 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
@@ -266,4 +266,7 @@ public interface GatewayMessages {
   
   @Message( level = MessageLevel.ERROR, text = "Failed Knox->Hadoop SPNegotiation authentication for URL: {0}" )
   void failedSPNegoAuthn(String uri);
+
+  @Message( level = MessageLevel.DEBUG, text = "Status Code Returned from Request Dispatch: {0}" )
+  void dispatchResponseStatusCode(int statusCode);
 }

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/869783e4/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
index 25fede5..a49649d 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/HttpClientDispatch.java
@@ -36,6 +36,7 @@ import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.HttpStatus;
 import org.apache.http.auth.Credentials;
+import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.methods.HttpDelete;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpOptions;
@@ -88,37 +89,15 @@ public class HttpClientDispatch extends AbstractGatewayDispatch {
         inboundResponse = client.execute(outboundRequest);
       } else { 
         // Kerberos secured, no delegation token in query string
-        outboundRequest.removeHeaders(COOKIE);
-        String appCookie = appCookieManager.getCachedAppCookie();
-        if (appCookie != null) {
-          outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
-        }
-        inboundResponse = client.execute(outboundRequest);
-        // if inBoundResponse has status 401 and header WWW-Authenticate: Negoitate
-        // refresh hadoop.auth.cookie and attempt one more time
-        int statusCode = inboundResponse.getStatusLine().getStatusCode();
-        if (statusCode == HttpStatus.SC_UNAUTHORIZED ) {
-          Header[] wwwAuthHeaders = inboundResponse.getHeaders(WWW_AUTHENTICATE) ;
-          if (wwwAuthHeaders != null && wwwAuthHeaders.length != 0 && 
-              wwwAuthHeaders[0].getValue().trim().startsWith(NEGOTIATE)) {
-            appCookie = appCookieManager.getAppCookie(outboundRequest, true);
-            outboundRequest.removeHeaders(COOKIE);
-            outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
-            client = new DefaultHttpClient();
-            inboundResponse = client.execute(outboundRequest);
-          } else {
-            // no supported authentication type found
-            // we would let the original response propogate
-          }
-        } else {
-          // not a 401 Unauthorized status code
-          // we would let the original response propogate
-        }
+        inboundResponse = executeKerberosDispatch(outboundRequest, client);
       }
     } catch (IOException e) {
       // we do not want to expose back end host. port end points to clients, see JIRA KNOX-58
       LOG.dispatchServiceConnectionException( outboundRequest.getURI(), e );
       throw new IOException( RES.dispatchConnectionError() );
+    } finally {
+      int statusCode = inboundResponse.getStatusLine().getStatusCode();
+      LOG.dispatchResponseStatusCode( statusCode );
     }
 
     // Copy the client respond header to the server respond.
@@ -150,6 +129,38 @@ public class HttpClientDispatch extends AbstractGatewayDispatch {
     }
   }
 
+  private HttpResponse executeKerberosDispatch(HttpUriRequest outboundRequest,
+      DefaultHttpClient client) throws IOException, ClientProtocolException {
+    HttpResponse inboundResponse;
+    outboundRequest.removeHeaders(COOKIE);
+    String appCookie = appCookieManager.getCachedAppCookie();
+    if (appCookie != null) {
+      outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
+    }
+    inboundResponse = client.execute(outboundRequest);
+    // if inBoundResponse has status 401 and header WWW-Authenticate: Negoitate
+    // refresh hadoop.auth.cookie and attempt one more time
+    int statusCode = inboundResponse.getStatusLine().getStatusCode();
+    if (statusCode == HttpStatus.SC_UNAUTHORIZED ) {
+      Header[] wwwAuthHeaders = inboundResponse.getHeaders(WWW_AUTHENTICATE) ;
+      if (wwwAuthHeaders != null && wwwAuthHeaders.length != 0 && 
+          wwwAuthHeaders[0].getValue().trim().startsWith(NEGOTIATE)) {
+        appCookie = appCookieManager.getAppCookie(outboundRequest, true);
+        outboundRequest.removeHeaders(COOKIE);
+        outboundRequest.addHeader(new BasicHeader(COOKIE, appCookie));
+        client = new DefaultHttpClient();
+        inboundResponse = client.execute(outboundRequest);
+      } else {
+        // no supported authentication type found
+        // we would let the original response propogate
+      }
+    } else {
+      // not a 401 Unauthorized status code
+      // we would let the original response propogate
+    }
+    return inboundResponse;
+  }
+
   protected HttpEntity createRequestEntity(HttpServletRequest request)
       throws IOException {