hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077409 - in /hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy: AuthorizationFilter.java KerberosAuthorizationFilter.java LdapIpDirFilter.java
Date Fri, 04 Mar 2011 04:12:05 GMT
Author: omalley
Date: Fri Mar  4 04:12:05 2011
New Revision: 1077409

URL: http://svn.apache.org/viewvc?rev=1077409&view=rev
Log:
commit d451559ffd89186d9e7991ac285872fe0ea05992
Author: Srikanth Sundarrajan <sriksun@yahoo-inc.com>
Date:   Tue Apr 20 01:13:14 2010 +0530

    HDFS:1011 from https://issues.apache.org/jira/secure/attachment/12441031/HDFS-1011-bp-y20s.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HDFS-1011. Improve Logging in HDFSProxy to include cluster name associated with the
request
    +    (Srikanth Sundarrajan via Nicholas)
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
    hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
    hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java?rev=1077409&r1=1077408&r2=1077409&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
Fri Mar  4 04:12:05 2011
@@ -48,8 +48,11 @@ public class AuthorizationFilter impleme
   protected static final Pattern FILEPATH_PATTERN = Pattern
       .compile("^(/listPaths|/data|/file)$");
 
+  protected String contextPath;
+
   /** {@inheritDoc} **/
   public void init(FilterConfig filterConfig) throws ServletException {
+    contextPath = filterConfig.getServletContext().getContextPath();
   }
 
   /** {@inheritDoc} **/

Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java?rev=1077409&r1=1077408&r2=1077409&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
Fri Mar  4 04:12:05 2011
@@ -42,7 +42,7 @@ public class KerberosAuthorizationFilter
           conf.get("hdfsproxy.kerberos.principal"),
           conf.get("hdfsproxy.kerberos.keytab"));
 
-      LOG.info("Logged in user: " +
+      LOG.info(contextPath + " :: Logged in user: " +
           UserGroupInformation.getLoginUser().getUserName() +
           ", Current User: " + UserGroupInformation.getCurrentUser().getUserName());
 

Modified: hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java?rev=1077409&r1=1077408&r2=1077409&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java
Fri Mar  4 04:12:05 2011
@@ -68,6 +68,8 @@ public class LdapIpDirFilter implements 
     }
   }
 
+  protected String contextPath;
+
   public void initialize(String bName, InitialLdapContext ctx) {
     // hook to cooperate unit test
     baseName = bName;
@@ -82,6 +84,8 @@ public class LdapIpDirFilter implements 
   public void init(FilterConfig filterConfig) throws ServletException {
     ServletContext context = filterConfig.getServletContext();
 
+    contextPath = context.getContextPath();
+
     Configuration conf = new Configuration(false);
     conf.addResource("hdfsproxy-default.xml");
     conf.addResource("hdfsproxy-site.xml");
@@ -120,7 +124,7 @@ public class LdapIpDirFilter implements 
       hdfsPathSchemaStr = conf.get("hdfsproxy.ldap.hdfs.path.schema.string",
           "documentLocation");
     }
-    LOG.info("LdapIpDirFilter initialization successful");
+    LOG.info(contextPath + ":: LdapIpDirFilter initialization successful");
   }
 
   private String getNamenode(Configuration conf) throws ServletException {
@@ -140,49 +144,55 @@ public class LdapIpDirFilter implements 
   public void doFilter(ServletRequest request, ServletResponse response,
       FilterChain chain) throws IOException, ServletException {
 
-    HttpServletRequest rqst = (HttpServletRequest) request;
-    HttpServletResponse rsp = (HttpServletResponse) response;
-
-    if (LOG.isDebugEnabled()) {
-      StringBuilder b = new StringBuilder("Request from ").append(
-          rqst.getRemoteHost()).append("/").append(rqst.getRemoteAddr())
-          .append(":").append(rqst.getRemotePort());
-      b.append("\n The Scheme is " + rqst.getScheme());
-      b.append("\n The Path Info is " + rqst.getPathInfo());
-      b.append("\n The Translated Path Info is " + rqst.getPathTranslated());
-      b.append("\n The Context Path is " + rqst.getContextPath());
-      b.append("\n The Query String is " + rqst.getQueryString());
-      b.append("\n The Request URI is " + rqst.getRequestURI());
-      b.append("\n The Request URL is " + rqst.getRequestURL());
-      b.append("\n The Servlet Path is " + rqst.getServletPath());
-      LOG.debug(b.toString());
-    }
-    LdapRoleEntry ldapent = new LdapRoleEntry();
-    // check ip address
-    String userIp = rqst.getRemoteAddr();
+    String prevThreadName = Thread.currentThread().getName();
     try {
-      boolean isAuthorized = getLdapRoleEntryFromUserIp(userIp, ldapent);
-      if (!isAuthorized) {
-        rsp.sendError(HttpServletResponse.SC_FORBIDDEN, "IP " + userIp
-            + " is not authorized to access");
-        return;
+      Thread.currentThread().setName(contextPath);
+      HttpServletRequest rqst = (HttpServletRequest) request;
+      HttpServletResponse rsp = (HttpServletResponse) response;
+
+      if (LOG.isDebugEnabled()) {
+        StringBuilder b = new StringBuilder("Request from ").append(
+            rqst.getRemoteHost()).append("/").append(rqst.getRemoteAddr())
+            .append(":").append(rqst.getRemotePort());
+        b.append("\n The Scheme is " + rqst.getScheme());
+        b.append("\n The Path Info is " + rqst.getPathInfo());
+        b.append("\n The Translated Path Info is " + rqst.getPathTranslated());
+        b.append("\n The Context Path is " + rqst.getContextPath());
+        b.append("\n The Query String is " + rqst.getQueryString());
+        b.append("\n The Request URI is " + rqst.getRequestURI());
+        b.append("\n The Request URL is " + rqst.getRequestURL());
+        b.append("\n The Servlet Path is " + rqst.getServletPath());
+        LOG.debug(b.toString());
+      }
+      LdapRoleEntry ldapent = new LdapRoleEntry();
+      // check ip address
+      String userIp = rqst.getRemoteAddr();
+      try {
+        boolean isAuthorized = getLdapRoleEntryFromUserIp(userIp, ldapent);
+        if (!isAuthorized) {
+          rsp.sendError(HttpServletResponse.SC_FORBIDDEN, "IP " + userIp
+              + " is not authorized to access");
+          return;
+        }
+      } catch (NamingException ne) {
+        throw new IOException("NamingException while searching ldap"
+            + ne.toString());
       }
-    } catch (NamingException ne) {
-      throw new IOException("NamingException while searching ldap"
-          + ne.toString());
-    }
 
-    // since we cannot pass ugi object cross context as they are from
-    // different classloaders in different war file, we have to use String attribute.
-    rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
+      // since we cannot pass ugi object cross context as they are from
+      // different classloaders in different war file, we have to use String attribute.
+      rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
         ldapent.userId);
-    rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",
+      rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",
         ldapent.paths);
 
-    LOG.info("User: " + ldapent.userId + " Request: " + rqst.getPathInfo() +
-        " From: " + rqst.getRemoteAddr());
+      LOG.info("User: " + ldapent.userId + " Request: " + rqst.getPathInfo() +
+          " From: " + rqst.getRemoteAddr());
 
-    chain.doFilter(request, response);
+      chain.doFilter(request, response);
+    } finally {
+      Thread.currentThread().setName(prevThreadName);
+    }
   }
 
   /**



Mime
View raw message