You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by wa...@apache.org on 2016/06/04 00:21:39 UTC
hadoop git commit: HDFS-10481. HTTPFS server should correctly
impersonate as end user to open file. Contributed by Xiao Chen.
Repository: hadoop
Updated Branches:
refs/heads/trunk 99a771cd7 -> 47e0321ee
HDFS-10481. HTTPFS server should correctly impersonate as end user to open file. Contributed by Xiao Chen.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/47e0321e
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/47e0321e
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/47e0321e
Branch: refs/heads/trunk
Commit: 47e0321ee91149331e6ae72e7caa41d1de078b6c
Parents: 99a771c
Author: Andrew Wang <wa...@apache.org>
Authored: Fri Jun 3 17:21:17 2016 -0700
Committer: Andrew Wang <wa...@apache.org>
Committed: Fri Jun 3 17:21:17 2016 -0700
----------------------------------------------------------------------
.../hadoop/fs/http/server/HttpFSServer.java | 218 ++++++++++---------
1 file changed, 114 insertions(+), 104 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/47e0321e/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java b/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
index b7b63fa..db4692a 100644
--- a/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
@@ -79,6 +79,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.security.AccessControlException;
+import java.security.PrivilegedExceptionAction;
import java.text.MessageFormat;
import java.util.EnumSet;
import java.util.List;
@@ -94,6 +95,7 @@ import java.util.Map;
@InterfaceAudience.Private
public class HttpFSServer {
private static Logger AUDIT_LOG = LoggerFactory.getLogger("httpfsaudit");
+ private static final Logger LOG = LoggerFactory.getLogger(HttpFSServer.class);
/**
* Executes a {@link FileSystemAccess.FileSystemExecutor} using a filesystem for the effective
@@ -205,115 +207,123 @@ public class HttpFSServer {
MDC.put(HttpFSFileSystem.OP_PARAM, op.value().name());
MDC.put("hostname", request.getRemoteAddr());
switch (op.value()) {
- case OPEN: {
- //Invoking the command directly using an unmanaged FileSystem that is
- // released by the FileSystemReleaseFilter
- FSOperations.FSOpen command = new FSOperations.FSOpen(path);
- FileSystem fs = createFileSystem(user);
- InputStream is = command.execute(fs);
- Long offset = params.get(OffsetParam.NAME, OffsetParam.class);
- Long len = params.get(LenParam.NAME, LenParam.class);
- AUDIT_LOG.info("[{}] offset [{}] len [{}]",
- new Object[]{path, offset, len});
- InputStreamEntity entity = new InputStreamEntity(is, offset, len);
- response =
+ case OPEN: {
+ //Invoking the command directly using an unmanaged FileSystem that is
+ // released by the FileSystemReleaseFilter
+ final FSOperations.FSOpen command = new FSOperations.FSOpen(path);
+ final FileSystem fs = createFileSystem(user);
+ InputStream is = null;
+ UserGroupInformation ugi = UserGroupInformation
+ .createProxyUser(user.getShortUserName(),
+ UserGroupInformation.getLoginUser());
+ try {
+ is = ugi.doAs(new PrivilegedExceptionAction<InputStream>() {
+ @Override
+ public InputStream run() throws Exception {
+ return command.execute(fs);
+ }
+ });
+ } catch (InterruptedException ie) {
+ LOG.info("Open interrupted.", ie);
+ Thread.currentThread().interrupt();
+ }
+ Long offset = params.get(OffsetParam.NAME, OffsetParam.class);
+ Long len = params.get(LenParam.NAME, LenParam.class);
+ AUDIT_LOG.info("[{}] offset [{}] len [{}]",
+ new Object[] { path, offset, len });
+ InputStreamEntity entity = new InputStreamEntity(is, offset, len);
+ response =
Response.ok(entity).type(MediaType.APPLICATION_OCTET_STREAM).build();
- break;
- }
- case GETFILESTATUS: {
- FSOperations.FSFileStatus command =
- new FSOperations.FSFileStatus(path);
- Map json = fsExecute(user, command);
- AUDIT_LOG.info("[{}]", path);
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- case LISTSTATUS: {
- String filter = params.get(FilterParam.NAME, FilterParam.class);
- FSOperations.FSListStatus command = new FSOperations.FSListStatus(
- path, filter);
- Map json = fsExecute(user, command);
- AUDIT_LOG.info("[{}] filter [{}]", path,
- (filter != null) ? filter : "-");
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- case GETHOMEDIRECTORY: {
- enforceRootPath(op.value(), path);
- FSOperations.FSHomeDir command = new FSOperations.FSHomeDir();
- JSONObject json = fsExecute(user, command);
- AUDIT_LOG.info("");
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- case INSTRUMENTATION: {
- enforceRootPath(op.value(), path);
- Groups groups = HttpFSServerWebApp.get().get(Groups.class);
- List<String> userGroups = groups.getGroups(user.getShortUserName());
- if (!userGroups.contains(HttpFSServerWebApp.get().getAdminGroup())) {
- throw new AccessControlException(
+ break;
+ }
+ case GETFILESTATUS: {
+ FSOperations.FSFileStatus command = new FSOperations.FSFileStatus(path);
+ Map json = fsExecute(user, command);
+ AUDIT_LOG.info("[{}]", path);
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ case LISTSTATUS: {
+ String filter = params.get(FilterParam.NAME, FilterParam.class);
+ FSOperations.FSListStatus command =
+ new FSOperations.FSListStatus(path, filter);
+ Map json = fsExecute(user, command);
+ AUDIT_LOG.info("[{}] filter [{}]", path, (filter != null) ? filter : "-");
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ case GETHOMEDIRECTORY: {
+ enforceRootPath(op.value(), path);
+ FSOperations.FSHomeDir command = new FSOperations.FSHomeDir();
+ JSONObject json = fsExecute(user, command);
+ AUDIT_LOG.info("");
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ case INSTRUMENTATION: {
+ enforceRootPath(op.value(), path);
+ Groups groups = HttpFSServerWebApp.get().get(Groups.class);
+ List<String> userGroups = groups.getGroups(user.getShortUserName());
+ if (!userGroups.contains(HttpFSServerWebApp.get().getAdminGroup())) {
+ throw new AccessControlException(
"User not in HttpFSServer admin group");
- }
- Instrumentation instrumentation =
- HttpFSServerWebApp.get().get(Instrumentation.class);
- Map snapshot = instrumentation.getSnapshot();
- response = Response.ok(snapshot).build();
- break;
}
- case GETCONTENTSUMMARY: {
- FSOperations.FSContentSummary command =
+ Instrumentation instrumentation =
+ HttpFSServerWebApp.get().get(Instrumentation.class);
+ Map snapshot = instrumentation.getSnapshot();
+ response = Response.ok(snapshot).build();
+ break;
+ }
+ case GETCONTENTSUMMARY: {
+ FSOperations.FSContentSummary command =
new FSOperations.FSContentSummary(path);
- Map json = fsExecute(user, command);
- AUDIT_LOG.info("[{}]", path);
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- case GETFILECHECKSUM: {
- FSOperations.FSFileChecksum command =
+ Map json = fsExecute(user, command);
+ AUDIT_LOG.info("[{}]", path);
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ case GETFILECHECKSUM: {
+ FSOperations.FSFileChecksum command =
new FSOperations.FSFileChecksum(path);
- Map json = fsExecute(user, command);
- AUDIT_LOG.info("[{}]", path);
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- case GETFILEBLOCKLOCATIONS: {
- response = Response.status(Response.Status.BAD_REQUEST).build();
- break;
- }
- case GETACLSTATUS: {
- FSOperations.FSAclStatus command =
- new FSOperations.FSAclStatus(path);
- Map json = fsExecute(user, command);
- AUDIT_LOG.info("ACL status for [{}]", path);
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- case GETXATTRS: {
- List<String> xattrNames = params.getValues(XAttrNameParam.NAME,
- XAttrNameParam.class);
- XAttrCodec encoding = params.get(XAttrEncodingParam.NAME,
- XAttrEncodingParam.class);
- FSOperations.FSGetXAttrs command = new FSOperations.FSGetXAttrs(path,
- xattrNames, encoding);
- @SuppressWarnings("rawtypes")
- Map json = fsExecute(user, command);
- AUDIT_LOG.info("XAttrs for [{}]", path);
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- case LISTXATTRS: {
- FSOperations.FSListXAttrs command = new FSOperations.FSListXAttrs(path);
- @SuppressWarnings("rawtypes")
- Map json = fsExecute(user, command);
- AUDIT_LOG.info("XAttr names for [{}]", path);
- response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
- break;
- }
- default: {
- throw new IOException(
- MessageFormat.format("Invalid HTTP GET operation [{0}]",
- op.value()));
- }
+ Map json = fsExecute(user, command);
+ AUDIT_LOG.info("[{}]", path);
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ case GETFILEBLOCKLOCATIONS: {
+ response = Response.status(Response.Status.BAD_REQUEST).build();
+ break;
+ }
+ case GETACLSTATUS: {
+ FSOperations.FSAclStatus command = new FSOperations.FSAclStatus(path);
+ Map json = fsExecute(user, command);
+ AUDIT_LOG.info("ACL status for [{}]", path);
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ case GETXATTRS: {
+ List<String> xattrNames =
+ params.getValues(XAttrNameParam.NAME, XAttrNameParam.class);
+ XAttrCodec encoding =
+ params.get(XAttrEncodingParam.NAME, XAttrEncodingParam.class);
+ FSOperations.FSGetXAttrs command =
+ new FSOperations.FSGetXAttrs(path, xattrNames, encoding);
+ @SuppressWarnings("rawtypes") Map json = fsExecute(user, command);
+ AUDIT_LOG.info("XAttrs for [{}]", path);
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ case LISTXATTRS: {
+ FSOperations.FSListXAttrs command = new FSOperations.FSListXAttrs(path);
+ @SuppressWarnings("rawtypes") Map json = fsExecute(user, command);
+ AUDIT_LOG.info("XAttr names for [{}]", path);
+ response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
+ break;
+ }
+ default: {
+ throw new IOException(
+ MessageFormat.format("Invalid HTTP GET operation [{0}]", op.value()));
+ }
}
return response;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org