You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apex.apache.org by th...@apache.org on 2015/09/25 19:40:04 UTC
[2/3] incubator-apex-core git commit: Improved logging
Improved logging
Project: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/commit/55478bf4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/tree/55478bf4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/diff/55478bf4
Branch: refs/heads/release-3.1
Commit: 55478bf4be0a5f8035865dbe7e947be481cafe32
Parents: 508f6de
Author: Pramod Immaneni <pr...@datatorrent.com>
Authored: Thu Sep 24 23:35:27 2015 -0700
Committer: Pramod Immaneni <pr...@datatorrent.com>
Committed: Thu Sep 24 23:47:03 2015 -0700
----------------------------------------------------------------------
.../stram/security/StramWSFilter.java | 48 ++++++++++++++------
1 file changed, 33 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-apex-core/blob/55478bf4/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
----------------------------------------------------------------------
diff --git a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
index 556f29d..762b359 100644
--- a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
+++ b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
@@ -34,6 +34,7 @@ import org.slf4j.LoggerFactory;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import com.datatorrent.stram.webapp.WebServices;
@@ -131,9 +132,8 @@ public class StramWSFilter implements Filter
HttpServletRequest httpReq = (HttpServletRequest)req;
HttpServletResponse httpResp = (HttpServletResponse)resp;
- logger.debug("Remote address for request is: {}", httpReq.getRemoteAddr());
+ String remoteAddr = httpReq.getRemoteAddr();
String requestURI = httpReq.getRequestURI();
- logger.debug("Request path {}", requestURI);
boolean authenticate = true;
String user = null;
if(getProxyAddresses().contains(httpReq.getRemoteAddr())) {
@@ -147,14 +147,15 @@ public class StramWSFilter implements Filter
}
if (requestURI.equals(WebServices.PATH) && (user != null)) {
String token = createClientToken(user, httpReq.getLocalAddr());
- logger.debug("Create token {}", token);
+ logger.debug("{}: creating token {}", remoteAddr, token);
Cookie cookie = new Cookie(CLIENT_COOKIE, token);
httpResp.addCookie(cookie);
+ } else {
+ logger.info("{}: proxy access to URI {} by user {}, no cookie created", remoteAddr, requestURI, user);
}
authenticate = false;
}
if (authenticate) {
- logger.debug("Authenticating");
Cookie cookie = null;
if (httpReq.getCookies() != null) {
for (Cookie c : httpReq.getCookies()) {
@@ -166,22 +167,24 @@ public class StramWSFilter implements Filter
}
boolean valid = false;
if (cookie != null) {
- logger.debug("Verifying token {}", cookie.getValue());
- user = verifyClientToken(cookie.getValue());
- valid = true;
- logger.debug("Token valid");
+ user = verifyClientToken(cookie.getValue(), remoteAddr);
+ if (user != null) {
+ valid = true;
+ } else {
+ logger.debug("{}: invalid cookie {}", remoteAddr, cookie.getValue());
+ }
} else {
- logger.debug("Cookie not found");
+ logger.debug("{}: cookie not found {}", remoteAddr, CLIENT_COOKIE);
}
if (!valid) {
- logger.debug("Auth failure {}", HttpServletResponse.SC_UNAUTHORIZED);
+ logger.debug("{}: auth failure", remoteAddr);
httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}
if(user == null) {
- logger.debug("Could not find {} cookie, so user will not be set", WEBAPP_PROXY_USER);
+ logger.debug("{}: could not find user, so user principal will not be set", remoteAddr);
chain.doFilter(req, resp);
} else {
final StramWSPrincipal principal = new StramWSPrincipal(user);
@@ -201,16 +204,31 @@ public class StramWSFilter implements Filter
return token.encodeToUrlString();
}
- private String verifyClientToken(String tokenstr) throws IOException
+ private String verifyClientToken(String tokenstr, String cid) throws IOException
{
Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>();
- token.decodeFromUrlString(tokenstr);
+ try {
+ token.decodeFromUrlString(tokenstr);
+ } catch (IOException e) {
+ logger.debug("{}: error decoding token: {}", cid, e.getMessage());
+ return null;
+ }
byte[] identifier = token.getIdentifier();
byte[] password = token.getPassword();
StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier();
DataInputStream input = new DataInputStream(new ByteArrayInputStream(identifier));
- tokenIdentifier.readFields(input);
- tokenManager.verifyToken(tokenIdentifier, password);
+ try {
+ tokenIdentifier.readFields(input);
+ } catch (IOException e) {
+ logger.debug("{}: error decoding identifier: {}", cid, e.getMessage());
+ return null;
+ }
+ try {
+ tokenManager.verifyToken(tokenIdentifier, password);
+ } catch (SecretManager.InvalidToken e) {
+ logger.debug("{}: invalid token {}: {}", cid, tokenIdentifier, e.getMessage());
+ return null;
+ }
return tokenIdentifier.getOwner().toString();
}
}