You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by el...@apache.org on 2020/07/29 11:33:17 UTC
[hadoop-ozone] branch ozone-0.6.0 updated: HDDS-4041. Ozone /conf
endpoint triggers kerberos replay error when SPNEGO is enabled. (#1267)
This is an automated email from the ASF dual-hosted git repository.
elek pushed a commit to branch ozone-0.6.0
in repository https://gitbox.apache.org/repos/asf/hadoop-ozone.git
The following commit(s) were added to refs/heads/ozone-0.6.0 by this push:
new 87e0016 HDDS-4041. Ozone /conf endpoint triggers kerberos replay error when SPNEGO is enabled. (#1267)
87e0016 is described below
commit 87e0016843fb486028102368e62773df55447d45
Author: Xiaoyu Yao <xy...@apache.org>
AuthorDate: Wed Jul 29 04:32:24 2020 -0700
HDDS-4041. Ozone /conf endpoint triggers kerberos replay error when SPNEGO is enabled. (#1267)
---
.../apache/hadoop/hdds/server/http/HttpServer2.java | 21 +++++++++++++++++++++
.../dist/src/main/smoketest/spnego/web.robot | 14 ++++++++++++++
2 files changed, 35 insertions(+)
diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
index 3a2c49b..9282c84 100644
--- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
+++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/server/http/HttpServer2.java
@@ -893,6 +893,27 @@ public final class HttpServer2 implements FilterContainer {
}
webAppContext.addServlet(holder, pathSpec);
+ // Remove any previous filter attached to the removed servlet path to avoid
+ // Kerberos replay error.
+ FilterMapping[] filterMappings = webAppContext.getServletHandler().
+ getFilterMappings();
+ for (int i = 0; i < filterMappings.length; i++) {
+ if (filterMappings[i].getPathSpecs() == null) {
+ LOG.debug("Skip checking {} filterMappings {} without a path spec.",
+ filterMappings[i].getFilterName(), filterMappings[i]);
+ continue;
+ }
+ int oldPathSpecsLen = filterMappings[i].getPathSpecs().length;
+ String[] newPathSpecs =
+ ArrayUtil.removeFromArray(filterMappings[i].getPathSpecs(), pathSpec);
+ if (newPathSpecs.length == 0) {
+ webAppContext.getServletHandler().setFilterMappings(
+ ArrayUtil.removeFromArray(filterMappings, filterMappings[i]));
+ } else if (newPathSpecs.length != oldPathSpecsLen) {
+ filterMappings[i].setPathSpecs(newPathSpecs);
+ }
+ }
+
if (requireAuth && UserGroupInformation.isSecurityEnabled()) {
LOG.info("Adding Kerberos (SPNEGO) filter to {}", name);
ServletHandler handler = webAppContext.getServletHandler();
diff --git a/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot b/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot
index 9c4156f..065e390 100644
--- a/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot
+++ b/hadoop-ozone/dist/src/main/smoketest/spnego/web.robot
@@ -30,6 +30,11 @@ ${OM_SERVICE_LIST_URL} http://om:9874/serviceList
${SCM_URL} http://scm:9876
${RECON_URL} http://recon:9888
+${SCM_CONF_URL} http://scm:9876/conf
+${SCM_JMX_URL} http://scm:9876/jmx
+${SCM_STACKS_URL} http://scm:9876/stacks
+
+
*** Keywords ***
Verify SPNEGO enabled URL
[arguments] ${url}
@@ -60,6 +65,15 @@ Test OM Service List
Test SCM portal
Verify SPNEGO enabled URL ${SCM_URL}
+Test SCM conf
+ Verify SPNEGO enabled URL ${SCM_CONF_URL}
+
+Test SCM jmx
+ Verify SPNEGO enabled URL ${SCM_JMX_URL}
+
+Test SCM stacks
+ Verify SPNEGO enabled URL ${SCM_STACKS_URL}
+
Test Recon portal
Verify SPNEGO enabled URL ${RECON_URL}
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-commits-help@hadoop.apache.org