You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by am...@apache.org on 2010/06/18 14:36:57 UTC
svn commit: r955981 - in /hadoop/common/branches/branch-0.21: ./ src/java/
src/java/org/apache/hadoop/fs/ src/java/org/apache/hadoop/http/
src/test/core/org/apache/hadoop/http/
Author: amareshwari
Date: Fri Jun 18 12:36:57 2010
New Revision: 955981
URL: http://svn.apache.org/viewvc?rev=955981&view=rev
Log:
HADOOP-6748. Merge -r 955974:955975 from trunk.
Modified:
hadoop/common/branches/branch-0.21/CHANGES.txt
hadoop/common/branches/branch-0.21/src/java/core-default.xml
hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/http/HttpServer.java
hadoop/common/branches/branch-0.21/src/test/core/org/apache/hadoop/http/TestHttpServer.java
Modified: hadoop/common/branches/branch-0.21/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.21/CHANGES.txt?rev=955981&r1=955980&r2=955981&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.21/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.21/CHANGES.txt Fri Jun 18 12:36:57 2010
@@ -908,6 +908,9 @@ Release 0.21.0 - Unreleased
BUG FIXES
+ HADOOP-6748. Removes hadoop.cluster.administrators, cluster administrators
+ acl is passed as parameter in constructor. (amareshwari)
+
HADOOP-6828. Herrior uses old way of accessing logs directories (Sreekanth
Ramakrishnan via cos)
Modified: hadoop/common/branches/branch-0.21/src/java/core-default.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.21/src/java/core-default.xml?rev=955981&r1=955980&r2=955981&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.21/src/java/core-default.xml (original)
+++ hadoop/common/branches/branch-0.21/src/java/core-default.xml Fri Jun 18 12:36:57 2010
@@ -54,16 +54,6 @@
</property>
<property>
- <name>hadoop.cluster.administrators</name>
- <property>Users and/or groups who are designated as the administrators of a
- hadoop cluster. For specifying a list of users and groups the format to use
- is "user1,user2 group1,group". If set to '*', it allows all users/groups to
- do administrations operations of the cluster. If set to '', it allows none.
- </property>
- <value>${user.name}</value>
-</property>
-
-<property>
<name>hadoop.security.authorization</name>
<value>false</value>
<description>Is service-level authorization enabled?</description>
Modified: hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java?rev=955981&r1=955980&r2=955981&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java (original)
+++ hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java Fri Jun 18 12:36:57 2010
@@ -151,10 +151,5 @@ public class CommonConfigurationKeys {
public static final String HADOOP_SECURITY_AUTHENTICATION = "hadoop.security.authentication";
public static final String HADOOP_SECURITY_AUTHORIZATION =
"hadoop.security.authorization";
- /**
- * ACL denoting the administrator ACLs for a hadoop cluster.
- */
- public final static String HADOOP_CLUSTER_ADMINISTRATORS_PROPERTY =
- "hadoop.cluster.administrators";
}
Modified: hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/http/HttpServer.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/http/HttpServer.java?rev=955981&r1=955980&r2=955981&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/http/HttpServer.java (original)
+++ hadoop/common/branches/branch-0.21/src/java/org/apache/hadoop/http/HttpServer.java Fri Jun 18 12:36:57 2010
@@ -86,6 +86,9 @@ public class HttpServer implements Filte
// The ServletContext attribute where the daemon Configuration
// gets stored.
public static final String CONF_CONTEXT_ATTRIBUTE = "hadoop.conf";
+ static final String ADMINS_ACL = "admins.acl";
+
+ private AccessControlList adminsAcl;
protected final Server webServer;
protected final Connector listener;
@@ -115,9 +118,25 @@ public class HttpServer implements Filte
*/
public HttpServer(String name, String bindAddress, int port,
boolean findPort, Configuration conf) throws IOException {
+ this(name, bindAddress, port, findPort, conf, null);
+ }
+
+ /**
+ * Create a status server on the given port.
+ * The jsp scripts are taken from src/webapps/<name>.
+ * @param name The name of the server
+ * @param port The port to use on the server
+ * @param findPort whether the server should start at the given port and
+ * increment by 1 until it finds a free port.
+ * @param conf Configuration
+ * @param adminsAcl {@link AccessControlList} of the admins
+ */
+ public HttpServer(String name, String bindAddress, int port,
+ boolean findPort, Configuration conf, AccessControlList adminsAcl)
+ throws IOException {
webServer = new Server();
this.findPort = findPort;
-
+ this.adminsAcl = adminsAcl;
listener = createBaseListener(conf);
listener.setHost(bindAddress);
listener.setPort(port);
@@ -139,6 +158,7 @@ public class HttpServer implements Filte
webAppContext.setContextPath("/");
webAppContext.setWar(appDir + "/" + name);
webAppContext.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, conf);
+ webAppContext.getServletContext().setAttribute(ADMINS_ACL, adminsAcl);
webServer.addHandler(webAppContext);
addDefaultApps(contexts, appDir, conf);
@@ -201,7 +221,7 @@ public class HttpServer implements Filte
logContext.setResourceBase(logDir);
logContext.addServlet(AdminAuthorizedServlet.class, "/");
logContext.setDisplayName("logs");
- logContext.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, conf);
+ setContextAttributes(logContext, conf);
defaultContexts.put(logContext, true);
}
// set up the context for "/static/*"
@@ -209,10 +229,15 @@ public class HttpServer implements Filte
staticContext.setResourceBase(appDir + "/static");
staticContext.addServlet(DefaultServlet.class, "/*");
staticContext.setDisplayName("static");
- staticContext.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, conf);
+ setContextAttributes(staticContext, conf);
defaultContexts.put(staticContext, true);
}
+ private void setContextAttributes(Context context, Configuration conf) {
+ context.getServletContext().setAttribute(CONF_CONTEXT_ATTRIBUTE, conf);
+ context.getServletContext().setAttribute(ADMINS_ACL, adminsAcl);
+ }
+
/**
* Add default servlets.
*/
@@ -586,20 +611,18 @@ public class HttpServer implements Filte
if (remoteUser == null) {
return true;
}
-
- String adminsAclString =
- conf.get(
- CommonConfigurationKeys.HADOOP_CLUSTER_ADMINISTRATORS_PROPERTY,
- "*");
- AccessControlList adminsAcl = new AccessControlList(adminsAclString);
+ AccessControlList adminsAcl = (AccessControlList) servletContext
+ .getAttribute(ADMINS_ACL);
UserGroupInformation remoteUserUGI =
UserGroupInformation.createRemoteUser(remoteUser);
- if (!adminsAcl.isUserAllowed(remoteUserUGI)) {
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User "
- + remoteUser + " is unauthorized to access this page. "
- + "Only superusers/supergroup \"" + adminsAclString
- + "\" can access this page.");
- return false;
+ if (adminsAcl != null) {
+ if (!adminsAcl.isUserAllowed(remoteUserUGI)) {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "User "
+ + remoteUser + " is unauthorized to access this page. "
+ + "Only \"" + adminsAcl.toString()
+ + "\" can access this page.");
+ return false;
+ }
}
return true;
}
Modified: hadoop/common/branches/branch-0.21/src/test/core/org/apache/hadoop/http/TestHttpServer.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.21/src/test/core/org/apache/hadoop/http/TestHttpServer.java?rev=955981&r1=955980&r2=955981&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.21/src/test/core/org/apache/hadoop/http/TestHttpServer.java (original)
+++ hadoop/common/branches/branch-0.21/src/test/core/org/apache/hadoop/http/TestHttpServer.java Fri Jun 18 12:36:57 2010
@@ -49,6 +49,7 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.ShellBasedUnixGroupsMapping;
+import org.apache.hadoop.security.authorize.AccessControlList;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -293,9 +294,6 @@ public class TestHttpServer extends Http
Configuration conf = new Configuration();
conf.setBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION,
true);
- conf.set(
- CommonConfigurationKeys.HADOOP_CLUSTER_ADMINISTRATORS_PROPERTY,
- "userA,userB groupC,groupD");
conf.set(HttpServer.FILTER_INITIALIZER_PROPERTY,
DummyFilterInitializer.class.getName());
@@ -309,7 +307,8 @@ public class TestHttpServer extends Http
MyGroupsProvider.mapping.put("userD", Arrays.asList("groupD"));
MyGroupsProvider.mapping.put("userE", Arrays.asList("groupE"));
- HttpServer myServer = new HttpServer("test", "0.0.0.0", 0, true, conf);
+ HttpServer myServer = new HttpServer("test", "0.0.0.0", 0, true, conf,
+ new AccessControlList("userA,userB groupC,groupD"));
myServer.setAttribute(HttpServer.CONF_CONTEXT_ATTRIBUTE, conf);
myServer.start();
int port = myServer.getPort();