diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 0439646fe6..c6522bb351 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -380,6 +380,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10158. SPNEGO should work with multiple interfaces/SPNs. (daryn via kihwal) + HADOOP-10566. Refactor proxyservers out of ProxyUsers. + (Benoy Antony via suresh) + OPTIMIZATIONS BUG FIXES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java index 09fc7de7c4..128b572ac4 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java @@ -19,12 +19,10 @@ package org.apache.hadoop.security.authorize; import java.net.InetAddress; -import java.net.InetSocketAddress; import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; -import java.util.HashSet; import java.util.Map; import java.util.Map.Entry; @@ -44,7 +42,6 @@ public class ProxyUsers { private static final String CONF_GROUPS = ".groups"; private static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser."; private static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\."; - public static final String CONF_HADOOP_PROXYSERVERS = "hadoop.proxyservers"; private static boolean init = false; //list of users, groups and hosts per proxyuser @@ -54,8 +51,6 @@ public class ProxyUsers { new HashMap>(); private static Map> proxyHosts = new HashMap>(); - private static Collection proxyServers = - new HashSet(); /** * reread the conf and get new values for "hadoop.proxyuser.*.groups/users/hosts" @@ -75,7 +70,6 @@ public static synchronized void refreshSuperUserGroupsConfiguration(Configuratio proxyGroups.clear(); proxyHosts.clear(); proxyUsers.clear(); - proxyServers.clear(); // get all the new keys for users String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_USERS; @@ -103,22 +97,8 @@ public static synchronized void refreshSuperUserGroupsConfiguration(Configuratio proxyHosts.put(entry.getKey(), StringUtils.getTrimmedStringCollection(entry.getValue())); } - - // trusted proxy servers such as http proxies - for (String host : conf.getTrimmedStrings(CONF_HADOOP_PROXYSERVERS)) { - InetSocketAddress addr = new InetSocketAddress(host, 0); - if (!addr.isUnresolved()) { - proxyServers.add(addr.getAddress().getHostAddress()); - } - } init = true; - } - - public static synchronized boolean isProxyServer(String remoteAddr) { - if(!init) { - refreshSuperUserGroupsConfiguration(); - } - return proxyServers.contains(remoteAddr); + ProxyServers.refresh(conf); } /** diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java index e9df899a0e..f4775d6d82 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java @@ -327,17 +327,6 @@ public void testWithDuplicateProxyHosts() throws Exception { assertEquals (1,hosts.size()); } - @Test - public void testProxyServer() { - Configuration conf = new Configuration(); - assertFalse(ProxyUsers.isProxyServer("1.1.1.1")); - conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "2.2.2.2, 3.3.3.3"); - ProxyUsers.refreshSuperUserGroupsConfiguration(conf); - assertFalse(ProxyUsers.isProxyServer("1.1.1.1")); - assertTrue(ProxyUsers.isProxyServer("2.2.2.2")); - assertTrue(ProxyUsers.isProxyServer("3.3.3.3")); - } - private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) { try { ProxyUsers.authorize(proxyUgi, host); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java index 545fc042f0..4ed1b2bab0 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java @@ -34,6 +34,7 @@ import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.authorize.ProxyServers; import org.apache.hadoop.security.authorize.ProxyUsers; import org.apache.hadoop.security.token.Token; @@ -193,7 +194,7 @@ private static UserGroupInformation getTokenUGI(ServletContext context, public static String getRemoteAddr(HttpServletRequest request) { String remoteAddr = request.getRemoteAddr(); String proxyHeader = request.getHeader("X-Forwarded-For"); - if (proxyHeader != null && ProxyUsers.isProxyServer(remoteAddr)) { + if (proxyHeader != null && ProxyServers.isProxyServer(remoteAddr)) { final String clientAddr = proxyHeader.split(",")[0].trim(); if (!clientAddr.isEmpty()) { remoteAddr = clientAddr; diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java index f6e63ccaf1..d8209e3f97 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java @@ -30,6 +30,7 @@ import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.authorize.AuthorizationException; +import org.apache.hadoop.security.authorize.ProxyServers; import org.apache.hadoop.security.authorize.ProxyUsers; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; @@ -51,7 +52,6 @@ public class TestJspHelper { private final Configuration conf = new HdfsConfiguration(); - private String jspWriterOutput = ""; // allow user with TGT to run tests @BeforeClass @@ -450,7 +450,7 @@ private String getRemoteAddr(String clientAddr, String proxyAddr, boolean truste when(req.getRemoteAddr()).thenReturn(proxyAddr); when(req.getHeader("X-Forwarded-For")).thenReturn(clientAddr); if (trusted) { - conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, proxyAddr); + conf.set(ProxyServers.CONF_HADOOP_PROXYSERVERS, proxyAddr); } } ProxyUsers.refreshSuperUserGroupsConfiguration(conf); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java index 8d1a70ec85..8d40cd01c5 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java @@ -32,14 +32,15 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; -import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.fs.Path; +import org.apache.hadoop.fs.permission.FsPermission; import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.MiniDFSCluster; import org.apache.hadoop.hdfs.web.resources.GetOpParam; import org.apache.hadoop.ipc.RemoteException; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.authorize.ProxyUsers; +import org.apache.hadoop.security.authorize.ProxyServers; import org.junit.Before; import org.junit.Test; @@ -120,7 +121,7 @@ public void testWebHdfsAuditLogger() throws IOException, URISyntaxException { assertEquals("127.0.0.1", DummyAuditLogger.remoteAddr); // trusted proxied request - conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "127.0.0.1"); + conf.set(ProxyServers.CONF_HADOOP_PROXYSERVERS, "127.0.0.1"); ProxyUsers.refreshSuperUserGroupsConfiguration(conf); conn = (HttpURLConnection) uri.toURL().openConnection(); conn.setRequestMethod(op.getType().toString());