hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077272 - in /hadoop/common/branches/branch-0.20-security-patches/src: hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java webapps/hdfs/nn_browsedfscontent.jsp
Date Fri, 04 Mar 2011 03:58:35 GMT
Author: omalley
Date: Fri Mar  4 03:58:35 2011
New Revision: 1077272

URL: http://svn.apache.org/viewvc?rev=1077272&view=rev
Log:
commit e0729b6ef778e0d01725ae0fb6fa3cf6ba8eeb1c
Author: Jakob Homan <jhoman@yahoo-inc.com>
Date:   Wed Mar 3 10:50:34 2010 -0800

    HDFS:1017 from
    https://issues.apache.org/jira/secure/attachment/12437683/HDFS-1017-Y20-2.patch
    
    +++ b/YAHOO-CHANGES.txt
    +
    +    HDFS-1017. browsedfs jsp should call JspHelper.getUGI rather than using
    +    createRemoteUser(). (jhoman)
    +    HDFS-1005. Fsck security. Makes it work over kerberized SSL(boryas and jhoman)
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
    hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java?rev=1077272&r1=1077271&r2=1077272&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
Fri Mar  4 03:58:35 2011
@@ -450,6 +450,8 @@ public class JspHelper {
                                 "authenticated by filter");
         }
         ugi = UserGroupInformation.createRemoteUser(user);
+        // This is not necessarily true, could have been auth'ed by user-facing
+        // filter
         ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS_SSL);
       }
     } else { // Security's not on, pull from url

Modified: hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp?rev=1077272&r1=1077271&r2=1077272&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/webapps/hdfs/nn_browsedfscontent.jsp
Fri Mar  4 03:58:35 2011
@@ -20,18 +20,16 @@
   import="java.net.URLEncoder"
 %>
 <%!
-  static String getDelegationToken(final NameNode nn, final String user
-                                   ) throws IOException, InterruptedException {
-    if (user == null) {
-      return null;
-    }
-    UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
+  static String getDelegationToken(final NameNode nn,
+                                   HttpServletRequest request, Configuration conf) 
+                                   throws IOException, InterruptedException {
+    final UserGroupInformation ugi = JspHelper.getUGI(request, conf);
     Token<DelegationTokenIdentifier> token =
       ugi.doAs(
               new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>()
           {
             public Token<DelegationTokenIdentifier> run() throws IOException {
-              return nn.getDelegationToken(new Text(user));
+              return nn.getDelegationToken(new Text(ugi.getUserName()));
             }
           });
     return token.encodeToUrlString();
@@ -40,9 +38,10 @@
   public void redirectToRandomDataNode(
                             NameNode nn, 
                             HttpServletRequest request,
-                            HttpServletResponse resp
+                            HttpServletResponse resp,
+                            Configuration conf
                            ) throws IOException, InterruptedException {
-    String tokenString = getDelegationToken(nn, request.getRemoteUser());
+    String tokenString = getDelegationToken(nn, request, conf);
     FSNamesystem fsn = nn.getNamesystem();
     String datanode = fsn.randomDataNode();
     String redirectLocation;
@@ -76,7 +75,7 @@
 <% 
   NameNode nn = (NameNode)application.getAttribute("name.node");
   Configuration conf = (Configuration) application.getAttribute("name.conf");
-  redirectToRandomDataNode(nn, request, response); 
+  redirectToRandomDataNode(nn, request, response, conf); 
 %>
 <hr>
 



Mime
View raw message