You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apex.apache.org by th...@apache.org on 2015/09/25 19:40:03 UTC
[1/3] incubator-apex-core git commit: APEX-149 #comment Fixed the
property name used to lookup RM webapp address in non-HA mode
Repository: incubator-apex-core
Updated Branches:
refs/heads/release-3.1 525604ce6 -> 77a86ac2d
APEX-149 #comment Fixed the property name used to lookup RM webapp address in non-HA mode
Project: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/commit/508f6dee
Tree: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/tree/508f6dee
Diff: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/diff/508f6dee
Branch: refs/heads/release-3.1
Commit: 508f6dee1c844748632032a7b82035fda1c82523
Parents: 9d03e25
Author: Pramod Immaneni <pr...@datatorrent.com>
Authored: Thu Sep 24 02:09:03 2015 -0700
Committer: Pramod Immaneni <pr...@datatorrent.com>
Committed: Thu Sep 24 02:09:03 2015 -0700
----------------------------------------------------------------------
.../stram/security/StramWSFilter.java | 5 +++++
.../stram/security/StramWSFilterInitializer.java | 19 +++++++++++++++----
2 files changed, 20 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-apex-core/blob/508f6dee/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
----------------------------------------------------------------------
diff --git a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
index 1540c99..556f29d 100644
--- a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
+++ b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
@@ -99,6 +99,7 @@ public class StramWSFilter implements Filter
proxyAddresses = new HashSet<String>();
for (String proxyHost : proxyHosts) {
try {
+ logger.debug("resolving proxy hostname {}", proxyHost);
for (InetAddress add : InetAddress.getAllByName(proxyHost)) {
logger.debug("proxy address is: {}", add.getHostAddress());
proxyAddresses.add(add.getHostAddress());
@@ -153,6 +154,7 @@ public class StramWSFilter implements Filter
authenticate = false;
}
if (authenticate) {
+ logger.debug("Authenticating");
Cookie cookie = null;
if (httpReq.getCookies() != null) {
for (Cookie c : httpReq.getCookies()) {
@@ -168,8 +170,11 @@ public class StramWSFilter implements Filter
user = verifyClientToken(cookie.getValue());
valid = true;
logger.debug("Token valid");
+ } else {
+ logger.debug("Cookie not found");
}
if (!valid) {
+ logger.debug("Auth failure {}", HttpServletResponse.SC_UNAUTHORIZED);
httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
http://git-wip-us.apache.org/repos/asf/incubator-apex-core/blob/508f6dee/engine/src/main/java/com/datatorrent/stram/security/StramWSFilterInitializer.java
----------------------------------------------------------------------
diff --git a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilterInitializer.java b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilterInitializer.java
index 6a49f44..e901cb9 100644
--- a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilterInitializer.java
+++ b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilterInitializer.java
@@ -23,6 +23,9 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.http.FilterContainer;
@@ -40,12 +43,15 @@ import com.datatorrent.stram.util.ConfigUtils;
*/
public class StramWSFilterInitializer extends FilterInitializer
{
+ private static final Logger logger = LoggerFactory.getLogger(StramWSFilterInitializer.class);
+
private static final String FILTER_NAME = "AM_PROXY_FILTER";
private static final String FILTER_CLASS = StramWSFilter.class.getCanonicalName();
@Override
public void initFilter(FilterContainer container, Configuration conf)
{
+ logger.debug("Conf {}", conf);
Map<String, String> params = new HashMap<String, String>();
Collection<String> proxies = new ArrayList<String>();
if (ConfigUtils.isRMHAEnabled(conf)) {
@@ -77,6 +83,8 @@ public class StramWSFilterInitializer extends FilterInitializer
public String getProxyHostAndPort(Configuration conf)
{
String addr = conf.get(YarnConfiguration.PROXY_ADDRESS);
+ logger.info("proxy address setting {}", addr);
+ logger.debug("proxy setting sources {}", conf.getPropertySources(YarnConfiguration.PROXY_ADDRESS));
if (addr == null || addr.isEmpty()) {
addr = getResolvedRMWebAppURLWithoutScheme(conf, null);
}
@@ -93,27 +101,29 @@ public class StramWSFilterInitializer extends FilterInitializer
boolean sslEnabled = conf.getBoolean(
CommonConfigurationKeysPublic.HADOOP_SSL_ENABLED_KEY,
CommonConfigurationKeysPublic.HADOOP_SSL_ENABLED_DEFAULT);
- return getResolvedRMWebAppURLWithoutScheme(conf, sslEnabled, (rmId != null) ? "." + rmId : null);
+ return getResolvedRMWebAppURLWithoutScheme(conf, sslEnabled, (rmId != null) ? "." + rmId : "");
}
/*
From org.apache.hadoop.yarn.webapp.util.WebAppUtils
Modified for HA support
*/
- public String getResolvedRMWebAppURLWithoutScheme(Configuration conf, boolean sslEnabled, String rmId)
+ public String getResolvedRMWebAppURLWithoutScheme(Configuration conf, boolean sslEnabled, String rmPrpKey)
{
InetSocketAddress address = null;
if (sslEnabled) {
address =
- conf.getSocketAddr(YarnConfiguration.RM_WEBAPP_HTTPS_ADDRESS + rmId,
+ conf.getSocketAddr(YarnConfiguration.RM_WEBAPP_HTTPS_ADDRESS + rmPrpKey,
YarnConfiguration.DEFAULT_RM_WEBAPP_HTTPS_ADDRESS,
YarnConfiguration.DEFAULT_RM_WEBAPP_HTTPS_PORT);
} else {
address =
- conf.getSocketAddr(YarnConfiguration.RM_WEBAPP_ADDRESS + rmId,
+ conf.getSocketAddr(YarnConfiguration.RM_WEBAPP_ADDRESS + rmPrpKey,
YarnConfiguration.DEFAULT_RM_WEBAPP_ADDRESS,
YarnConfiguration.DEFAULT_RM_WEBAPP_PORT);
}
+ logger.info("rm webapp address setting {}", address);
+ logger.debug("rm setting sources {}", conf.getPropertySources(YarnConfiguration.RM_WEBAPP_ADDRESS));
address = NetUtils.getConnectAddress(address);
StringBuffer sb = new StringBuffer();
InetAddress resolved = address.getAddress();
@@ -130,6 +140,7 @@ public class StramWSFilterInitializer extends FilterInitializer
sb.append(address.getHostName());
}
sb.append(":").append(address.getPort());
+ logger.info("rm webapp resolved hostname {}", sb.toString());
return sb.toString();
}
[2/3] incubator-apex-core git commit: Improved logging
Posted by th...@apache.org.
Improved logging
Project: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/commit/55478bf4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/tree/55478bf4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/diff/55478bf4
Branch: refs/heads/release-3.1
Commit: 55478bf4be0a5f8035865dbe7e947be481cafe32
Parents: 508f6de
Author: Pramod Immaneni <pr...@datatorrent.com>
Authored: Thu Sep 24 23:35:27 2015 -0700
Committer: Pramod Immaneni <pr...@datatorrent.com>
Committed: Thu Sep 24 23:47:03 2015 -0700
----------------------------------------------------------------------
.../stram/security/StramWSFilter.java | 48 ++++++++++++++------
1 file changed, 33 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-apex-core/blob/55478bf4/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
----------------------------------------------------------------------
diff --git a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
index 556f29d..762b359 100644
--- a/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
+++ b/engine/src/main/java/com/datatorrent/stram/security/StramWSFilter.java
@@ -34,6 +34,7 @@ import org.slf4j.LoggerFactory;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import com.datatorrent.stram.webapp.WebServices;
@@ -131,9 +132,8 @@ public class StramWSFilter implements Filter
HttpServletRequest httpReq = (HttpServletRequest)req;
HttpServletResponse httpResp = (HttpServletResponse)resp;
- logger.debug("Remote address for request is: {}", httpReq.getRemoteAddr());
+ String remoteAddr = httpReq.getRemoteAddr();
String requestURI = httpReq.getRequestURI();
- logger.debug("Request path {}", requestURI);
boolean authenticate = true;
String user = null;
if(getProxyAddresses().contains(httpReq.getRemoteAddr())) {
@@ -147,14 +147,15 @@ public class StramWSFilter implements Filter
}
if (requestURI.equals(WebServices.PATH) && (user != null)) {
String token = createClientToken(user, httpReq.getLocalAddr());
- logger.debug("Create token {}", token);
+ logger.debug("{}: creating token {}", remoteAddr, token);
Cookie cookie = new Cookie(CLIENT_COOKIE, token);
httpResp.addCookie(cookie);
+ } else {
+ logger.info("{}: proxy access to URI {} by user {}, no cookie created", remoteAddr, requestURI, user);
}
authenticate = false;
}
if (authenticate) {
- logger.debug("Authenticating");
Cookie cookie = null;
if (httpReq.getCookies() != null) {
for (Cookie c : httpReq.getCookies()) {
@@ -166,22 +167,24 @@ public class StramWSFilter implements Filter
}
boolean valid = false;
if (cookie != null) {
- logger.debug("Verifying token {}", cookie.getValue());
- user = verifyClientToken(cookie.getValue());
- valid = true;
- logger.debug("Token valid");
+ user = verifyClientToken(cookie.getValue(), remoteAddr);
+ if (user != null) {
+ valid = true;
+ } else {
+ logger.debug("{}: invalid cookie {}", remoteAddr, cookie.getValue());
+ }
} else {
- logger.debug("Cookie not found");
+ logger.debug("{}: cookie not found {}", remoteAddr, CLIENT_COOKIE);
}
if (!valid) {
- logger.debug("Auth failure {}", HttpServletResponse.SC_UNAUTHORIZED);
+ logger.debug("{}: auth failure", remoteAddr);
httpResp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
}
if(user == null) {
- logger.debug("Could not find {} cookie, so user will not be set", WEBAPP_PROXY_USER);
+ logger.debug("{}: could not find user, so user principal will not be set", remoteAddr);
chain.doFilter(req, resp);
} else {
final StramWSPrincipal principal = new StramWSPrincipal(user);
@@ -201,16 +204,31 @@ public class StramWSFilter implements Filter
return token.encodeToUrlString();
}
- private String verifyClientToken(String tokenstr) throws IOException
+ private String verifyClientToken(String tokenstr, String cid) throws IOException
{
Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>();
- token.decodeFromUrlString(tokenstr);
+ try {
+ token.decodeFromUrlString(tokenstr);
+ } catch (IOException e) {
+ logger.debug("{}: error decoding token: {}", cid, e.getMessage());
+ return null;
+ }
byte[] identifier = token.getIdentifier();
byte[] password = token.getPassword();
StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier();
DataInputStream input = new DataInputStream(new ByteArrayInputStream(identifier));
- tokenIdentifier.readFields(input);
- tokenManager.verifyToken(tokenIdentifier, password);
+ try {
+ tokenIdentifier.readFields(input);
+ } catch (IOException e) {
+ logger.debug("{}: error decoding identifier: {}", cid, e.getMessage());
+ return null;
+ }
+ try {
+ tokenManager.verifyToken(tokenIdentifier, password);
+ } catch (SecretManager.InvalidToken e) {
+ logger.debug("{}: invalid token {}: {}", cid, tokenIdentifier, e.getMessage());
+ return null;
+ }
return tokenIdentifier.getOwner().toString();
}
}
[3/3] incubator-apex-core git commit: Merge branch 'apex-149-3.1' of
https://github.com/PramodSSImmaneni/incubator-apex-core into release-3.1
Posted by th...@apache.org.
Merge branch 'apex-149-3.1' of https://github.com/PramodSSImmaneni/incubator-apex-core into release-3.1
Project: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/commit/77a86ac2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/tree/77a86ac2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-apex-core/diff/77a86ac2
Branch: refs/heads/release-3.1
Commit: 77a86ac2deffd0f30a73cb2b1fac1bcc897364d3
Parents: 525604c 55478bf
Author: MalharJenkins <je...@datatorrent.com>
Authored: Fri Sep 25 10:29:01 2015 -0700
Committer: MalharJenkins <je...@datatorrent.com>
Committed: Fri Sep 25 10:29:01 2015 -0700
----------------------------------------------------------------------
.../stram/security/StramWSFilter.java | 47 +++++++++++++++-----
.../security/StramWSFilterInitializer.java | 19 ++++++--
2 files changed, 50 insertions(+), 16 deletions(-)
----------------------------------------------------------------------