hadoop-hdfs-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From szets...@apache.org
Subject svn commit: r931338 - in /hadoop/hdfs/trunk: ./ src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/ src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/
Date Tue, 06 Apr 2010 21:26:36 GMT
Author: szetszwo
Date: Tue Apr  6 21:26:36 2010
New Revision: 931338

URL: http://svn.apache.org/viewvc?rev=931338&view=rev
Log:
HDFS-1010. hdfsproxy: Retrieve groups from UnixUserGroupInformation instead of LdapEntry.
 Contributed by Srikanth Sundarrajan

Modified:
    hadoop/hdfs/trunk/CHANGES.txt
    hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
    hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
    hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java
    hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java

Modified: hadoop/hdfs/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/CHANGES.txt?rev=931338&r1=931337&r2=931338&view=diff
==============================================================================
--- hadoop/hdfs/trunk/CHANGES.txt (original)
+++ hadoop/hdfs/trunk/CHANGES.txt Tue Apr  6 21:26:36 2010
@@ -237,6 +237,9 @@ Trunk (unreleased changes)
     configuration setting to ssl-client.xml.  (Srikanth Sundarrajan via
     szetszwo)
 
+    HDFS-1010. hdfsproxy: Retrieve groups from UnixUserGroupInformation
+    instead of LdapEntry.  (Srikanth Sundarrajan via szetszwo)
+
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java?rev=931338&r1=931337&r2=931338&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
(original)
+++ hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/AuthorizationFilter.java
Tue Apr  6 21:26:36 2010
@@ -26,6 +26,7 @@ import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.List;
 import java.util.regex.Pattern;
 
@@ -90,9 +91,10 @@ public class AuthorizationFilter impleme
     return userId;
   }
 
-  protected String getGroups(ServletRequest rqst) {
-    return (String) rqst.
-        getAttribute("org.apache.hadoop.hdfsproxy.authorized.role");
+  protected String getGroups(ServletRequest request) {
+    UserGroupInformation ugi = UserGroupInformation.
+        createRemoteUser(getUserId(request));
+    return Arrays.toString(ugi.getGroupNames());
   }
 
   @SuppressWarnings("unchecked")

Modified: hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java?rev=931338&r1=931337&r2=931338&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
(original)
+++ hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/KerberosAuthorizationFilter.java
Tue Apr  6 21:26:36 2010
@@ -80,10 +80,4 @@ public class KerberosAuthorizationFilter
     return userId +
         (userId.indexOf('@') > 0 ? "" : defaultRealm);
   }
-
-  @Override
-  protected String getGroups(ServletRequest request) {
-    return (String) request.
-        getAttribute("org.apache.hadoop.hdfsproxy.authorized.role");
-  }
 }

Modified: hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java?rev=931338&r1=931337&r2=931338&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java
(original)
+++ hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/java/org/apache/hadoop/hdfsproxy/LdapIpDirFilter.java
Tue Apr  6 21:26:36 2010
@@ -57,19 +57,16 @@ public class LdapIpDirFilter implements 
   private static String hdfsIpSchemaStr;
   private static String hdfsIpSchemaStrPrefix;
   private static String hdfsUidSchemaStr;
-  private static String hdfsGroupSchemaStr;
   private static String hdfsPathSchemaStr;
 
   private InitialLdapContext lctx;
 
   private class LdapRoleEntry {
     String userId;
-    String groupNames;
     ArrayList<Path> paths;
 
-    void init(String userId, String groupNames, ArrayList<Path> paths) {
+    void init(String userId, ArrayList<Path> paths) {
       this.userId = userId;
-      this.groupNames = groupNames;
       this.paths = paths;
     }
 
@@ -80,7 +77,6 @@ public class LdapIpDirFilter implements 
     @Override
     public String toString() {
       return "LdapRoleEntry{" +
-          "groupName='" + groupNames + '\'' +
           ", userId='" + userId + '\'' +
           ", paths=" + paths +
           '}';
@@ -93,7 +89,6 @@ public class LdapIpDirFilter implements 
     hdfsIpSchemaStr = "uniqueMember";
     hdfsIpSchemaStrPrefix = "cn=";
     hdfsUidSchemaStr = "uid";
-    hdfsGroupSchemaStr = "userClass";
     hdfsPathSchemaStr = "documentLocation";
     lctx = ctx;
   }
@@ -135,7 +130,6 @@ public class LdapIpDirFilter implements 
       hdfsIpSchemaStrPrefix = conf.get(
           "hdfsproxy.ldap.ip.schema.string.prefix", "cn=");
       hdfsUidSchemaStr = conf.get("hdfsproxy.ldap.uid.schema.string", "uid");
-      hdfsGroupSchemaStr = conf.get("hdfsproxy.ldap.group.schema.string", "userClass");
       hdfsPathSchemaStr = conf.get("hdfsproxy.ldap.hdfs.path.schema.string",
           "documentLocation");
     }
@@ -187,8 +181,6 @@ public class LdapIpDirFilter implements 
     // classloaders in different war file, we have to use String attribute.
     rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
         ldapent.userId);
-    rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.role",
-        ldapent.groupNames);
     rqst.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",
         ldapent.paths);
     LOG.info("User: " + ldapent.userId + ", Request: " + rqst.getPathInfo() +
@@ -207,16 +199,14 @@ public class LdapIpDirFilter implements 
     Attributes matchAttrs = new BasicAttributes(true);
     matchAttrs.put(new BasicAttribute(hdfsIpSchemaStr, ipMember));
     matchAttrs.put(new BasicAttribute(hdfsUidSchemaStr));
-    matchAttrs.put(new BasicAttribute(hdfsGroupSchemaStr));
     matchAttrs.put(new BasicAttribute(hdfsPathSchemaStr));
 
-    String[] attrIDs = { hdfsUidSchemaStr, hdfsGroupSchemaStr, hdfsPathSchemaStr };
+    String[] attrIDs = { hdfsUidSchemaStr, hdfsPathSchemaStr };
 
     NamingEnumeration<SearchResult> results = lctx.search(baseName, matchAttrs,
         attrIDs);
     if (results.hasMore()) {
       String userId = null;
-      String groupNames = null;
       ArrayList<Path> paths = new ArrayList<Path>();
       SearchResult sr = results.next();
       Attributes attrs = sr.getAttributes();
@@ -224,8 +214,6 @@ public class LdapIpDirFilter implements 
         Attribute attr = (Attribute) ne.next();
         if (hdfsUidSchemaStr.equalsIgnoreCase(attr.getID())) {
           userId = (String) attr.get();
-        } else if (hdfsGroupSchemaStr.equalsIgnoreCase(attr.getID())) {
-          groupNames = (String) attr.get();
         } else if (hdfsPathSchemaStr.equalsIgnoreCase(attr.getID())) {
           for (NamingEnumeration e = attr.getAll(); e.hasMore();) {
             String pathStr = (String) e.next();
@@ -233,7 +221,7 @@ public class LdapIpDirFilter implements 
           }
         }
       }
-      ldapent.init(userId, groupNames, paths);
+      ldapent.init(userId, paths);
       if (LOG.isDebugEnabled()) LOG.debug(ldapent);
       return true;
     }

Modified: hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java
URL: http://svn.apache.org/viewvc/hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java?rev=931338&r1=931337&r2=931338&view=diff
==============================================================================
--- hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java
(original)
+++ hadoop/hdfs/trunk/src/contrib/hdfsproxy/src/test/org/apache/hadoop/hdfsproxy/TestAuthorizationFilter.java
Tue Apr  6 21:26:36 2010
@@ -65,8 +65,6 @@ public class TestAuthorizationFilter ext
     request.setRemoteIPAddress("127.0.0.1");
     request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.userID",
         System.getProperty("user.name"));
-    request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.role",
-        "users");
     List<Path> paths = new ArrayList<Path>();
     paths.add(new Path("/deny"));
     request.setAttribute("org.apache.hadoop.hdfsproxy.authorized.paths",



Mime
View raw message