You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by we...@apache.org on 2019/04/16 12:28:34 UTC
[hadoop] branch trunk updated: HADOOP-15014. KMS should log the IP
address of the clients. Contributed by Zsombor Gegesy.
This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 008766c HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
008766c is described below
commit 008766c119d9ed9d568f9458ed0c02136962da5b
Author: Zsombor Gegesy <zs...@apache.org>
AuthorDate: Tue Apr 16 05:27:29 2019 -0700
HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
Signed-off-by: Wei-Chiu Chuang <we...@apache.org>
---
.../key/kms/server/KMSExceptionsProvider.java | 5 +-
.../hadoop/crypto/key/kms/server/KMSMDCFilter.java | 58 +++++++++++++++++-----
2 files changed, 48 insertions(+), 15 deletions(-)
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
index 3d97753..ceaa8bc 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
@@ -111,9 +111,10 @@ public class KMSExceptionsProvider implements ExceptionMapper<Exception> {
UserGroupInformation ugi = KMSMDCFilter.getUgi();
String method = KMSMDCFilter.getMethod();
String url = KMSMDCFilter.getURL();
+ String remoteClientAddress = KMSMDCFilter.getRemoteClientAddress();
String msg = getOneLineMessage(ex);
- LOG.warn("User:'{}' Method:{} URL:{} Response:{}-{}", ugi, method, url,
- status, msg, ex);
+ LOG.warn("User:'{}' Method:{} URL:{} From:{} Response:{}-{}", ugi, method,
+ url, remoteClientAddress, status, msg, ex);
}
}
diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index 81591e5..f3c0bbd 100644
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -21,6 +21,8 @@ import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
+import com.google.common.annotations.VisibleForTesting;
+
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -38,29 +40,40 @@ import java.io.IOException;
public class KMSMDCFilter implements Filter {
private static class Data {
- private UserGroupInformation ugi;
- private String method;
- private StringBuffer url;
+ private final UserGroupInformation ugi;
+ private final String method;
+ private final String url;
+ private final String remoteClientAddress;
- private Data(UserGroupInformation ugi, String method, StringBuffer url) {
+ private Data(UserGroupInformation ugi, String method, String url,
+ String remoteClientAddress) {
this.ugi = ugi;
this.method = method;
this.url = url;
+ this.remoteClientAddress = remoteClientAddress;
}
}
private static final ThreadLocal<Data> DATA_TL = new ThreadLocal<Data>();
public static UserGroupInformation getUgi() {
- return DATA_TL.get().ugi;
+ Data data = DATA_TL.get();
+ return data != null ? data.ugi : null;
}
public static String getMethod() {
- return DATA_TL.get().method;
+ Data data = DATA_TL.get();
+ return data != null ? data.method : null;
}
public static String getURL() {
- return DATA_TL.get().url.toString();
+ Data data = DATA_TL.get();
+ return data != null ? data.url : null;
+ }
+
+ public static String getRemoteClientAddress() {
+ Data data = DATA_TL.get();
+ return data != null ? data.remoteClientAddress : null;
}
@Override
@@ -72,22 +85,41 @@ public class KMSMDCFilter implements Filter {
FilterChain chain)
throws IOException, ServletException {
try {
- DATA_TL.remove();
+ clearContext();
UserGroupInformation ugi = HttpUserGroupInformation.get();
- String method = ((HttpServletRequest) request).getMethod();
- StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
- String queryString = ((HttpServletRequest) request).getQueryString();
+ HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+ String method = httpServletRequest.getMethod();
+ StringBuffer requestURL = httpServletRequest.getRequestURL();
+ String queryString = httpServletRequest.getQueryString();
if (queryString != null) {
requestURL.append("?").append(queryString);
}
- DATA_TL.set(new Data(ugi, method, requestURL));
+ setContext(ugi, method, requestURL.toString(), request.getRemoteAddr());
chain.doFilter(request, response);
} finally {
- DATA_TL.remove();
+ clearContext();
}
}
@Override
public void destroy() {
}
+
+ /**
+ * Sets the context with the given parameters.
+ * @param ugi the {@link UserGroupInformation} for the current request.
+ * @param method the http method
+ * @param requestURL the requested URL.
+ * @param remoteAddr the remote address of the client.
+ */
+ @VisibleForTesting
+ public static void setContext(UserGroupInformation ugi,
+ String method, String requestURL, String remoteAddr) {
+ DATA_TL.set(new Data(ugi, method, requestURL, remoteAddr));
+ }
+
+ private static void clearContext() {
+ DATA_TL.remove();
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org