You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2016/01/28 00:58:26 UTC
knox git commit: [KNOX-502] - Invalid requests (404s) should be
logged and audited
Repository: knox
Updated Branches:
refs/heads/master b036065f7 -> 933e848a6
[KNOX-502] - Invalid requests (404s) should be logged and audited
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/933e848a
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/933e848a
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/933e848a
Branch: refs/heads/master
Commit: 933e848a627b7ee82c351d103983a564f1046b01
Parents: b036065
Author: Kevin Minder <km...@apache.org>
Authored: Wed Jan 27 18:47:24 2016 -0500
Committer: Kevin Minder <km...@apache.org>
Committed: Wed Jan 27 18:50:48 2016 -0500
----------------------------------------------------------------------
CHANGES | 1 +
.../gateway/GatewayForwardingServlet.java | 88 ++++++++++++++------
.../apache/hadoop/gateway/GatewayResources.java | 3 +
.../gateway/GatewayForwardingServletTest.java | 5 +-
4 files changed, 71 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index c6aa3c1..d042e5e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,7 @@ Release Notes - Apache Knox - Version 0.8.0
** New Feature
** Improvement
* [KNOX-650] - Add posixGroups support for LDAP groups lookup
+ * [KNOX-502] - Invalid requests (404s) should be logged and audited
** Bug
------------------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
index e31a31c..f2d21be 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
@@ -17,6 +17,11 @@
*/
package org.apache.hadoop.gateway;
+import org.apache.hadoop.gateway.audit.api.*;
+import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.i18n.resources.ResourcesFactory;
+
import java.io.*;
import javax.servlet.*;
@@ -24,7 +29,18 @@ import javax.servlet.http.*;
public class GatewayForwardingServlet extends HttpServlet{
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 1L;
+
+ private static final String AUDIT_ACTION = "forward";
+
+ private static final GatewayResources RES = ResourcesFactory.get( GatewayResources.class );
+ private static final GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
+
+ private static AuditService auditService = AuditServiceFactory.getAuditService();
+ private static Auditor auditor = AuditServiceFactory.getAuditService()
+ .getAuditor( AuditConstants.DEFAULT_AUDITOR_NAME,
+ AuditConstants.KNOX_SERVICE_NAME, AuditConstants.KNOX_COMPONENT_NAME );
+
private String redirectToContext = null;
@Override
@@ -68,34 +84,58 @@ public class GatewayForwardingServlet extends HttpServlet{
HttpServletResponse response)
throws ServletException, IOException
{
- String path = "";
- String pathInfo = request.getPathInfo();
- if (pathInfo != null && pathInfo.length() > 0) {
- path = path + pathInfo;
+ String origPath = getRequestPath( request );
+ try {
+ auditService.createContext();
+
+ String origRequest = getRequestLine( request );
+
+ auditor.audit(
+ AUDIT_ACTION, origPath, ResourceType.URI,
+ ActionOutcome.UNAVAILABLE, RES.forwardToDefaultTopology( request.getMethod(), redirectToContext ) );
+
+ // Perform cross context dispatch to the configured topology context
+ ServletContext ctx = getServletContext().getContext(redirectToContext);
+ RequestDispatcher dispatcher = ctx.getRequestDispatcher(origRequest);
+
+ dispatcher.forward(request, response);
+
+ auditor.audit(
+ AUDIT_ACTION, origPath, ResourceType.URI,
+ ActionOutcome.SUCCESS, RES.responseStatus( response.getStatus() ) );
+
+ } catch( ServletException | IOException | RuntimeException e ) {
+ auditor.audit(
+ AUDIT_ACTION, origPath, ResourceType.URI,
+ ActionOutcome.FAILURE );
+ throw e;
+ } catch( Throwable e ) {
+ auditor.audit(
+ AUDIT_ACTION, origPath, ResourceType.URI,
+ ActionOutcome.FAILURE );
+ throw new ServletException(e);
+ } finally {
+ auditService.detachContext();
}
- String qstr = request.getQueryString();
- if (qstr != null && qstr.length() > 0) {
- path = path + "?" + qstr;
- }
-
- // Perform cross context dispatch to the configured topology context
- ServletContext ctx = getServletContext().getContext(redirectToContext);
- RequestDispatcher dispatcher = ctx.getRequestDispatcher(path);
- dispatcher.forward(request, response);
}
- public static class MyRequest extends HttpServletRequestWrapper {
- private String redirectTo = null;
-
- public MyRequest(HttpServletRequest request, String redirectTo) {
- super(request);
+ private static final String getRequestPath( final HttpServletRequest request ) {
+ final String path = request.getPathInfo();
+ if( path == null ) {
+ return "";
+ } else {
+ return path;
}
+ }
- @Override
- public String getContextPath() {
- return redirectTo;
+ private static final String getRequestLine( final HttpServletRequest request ) {
+ final String path = getRequestPath( request );
+ final String query = request.getQueryString();
+ if( query == null ) {
+ return path;
+ } else {
+ return path + "?" + query;
}
-
}
-}
\ No newline at end of file
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
index af9b7d6..ca73279 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
@@ -82,4 +82,7 @@ public interface GatewayResources {
@Resource( text="Request method: {0}" )
String requestMethod( String method );
+
+ @Resource( text="Forward method: {0} to default context: {1}" )
+ String forwardToDefaultTopology(String method, String context );
}
http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java b/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
index 6d32188..38eddae 100644
--- a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
+++ b/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
@@ -44,9 +44,10 @@ public class GatewayForwardingServletTest {
EasyMock.expect(config.getServletName()).andStubReturn("default");
EasyMock.expect(config.getServletContext()).andStubReturn(context);
EasyMock.expect(config.getInitParameter("redirectTo")).andReturn("/gateway/sandbox");
- EasyMock.expect(request.getMethod()).andReturn("GET");
- EasyMock.expect(request.getPathInfo()).andReturn("/webhdfs/v1/tmp");
+ EasyMock.expect(request.getMethod()).andReturn("GET").anyTimes();
+ EasyMock.expect(request.getPathInfo()).andReturn("/webhdfs/v1/tmp").anyTimes();
EasyMock.expect(request.getQueryString()).andReturn("op=LISTSTATUS");
+ EasyMock.expect(response.getStatus()).andReturn(200).anyTimes();
EasyMock.expect(context.getContext("/gateway/sandbox")).andReturn(context);
EasyMock.expect(context.getRequestDispatcher("/webhdfs/v1/tmp?op=LISTSTATUS")).andReturn(dispatcher);
dispatcher.forward(request, response);