HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
This commit is contained in:
Zsombor Gegesy
Wei-Chiu Chuang
parent
a5ceed26f3
commit
008766c119
@ -111,9 +111,10 @@ protected void log(Response.Status status, Throwable ex) {
|
|||||||
UserGroupInformation ugi = KMSMDCFilter.getUgi();
|
UserGroupInformation ugi = KMSMDCFilter.getUgi();
|
||||||
String method = KMSMDCFilter.getMethod();
|
String method = KMSMDCFilter.getMethod();
|
||||||
String url = KMSMDCFilter.getURL();
|
String url = KMSMDCFilter.getURL();
|
||||||
|
String remoteClientAddress = KMSMDCFilter.getRemoteClientAddress();
|
||||||
String msg = getOneLineMessage(ex);
|
String msg = getOneLineMessage(ex);
|
||||||
LOG.warn("User:'{}' Method:{} URL:{} Response:{}-{}", ugi, method, url,
|
LOG.warn("User:'{}' Method:{} URL:{} From:{} Response:{}-{}", ugi, method,
|
||||||
status, msg, ex);
|
url, remoteClientAddress, status, msg, ex);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -21,6 +21,8 @@
|
|||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
|
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
|
||||||
|
|
||||||
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
|
|
||||||
import javax.servlet.Filter;
|
import javax.servlet.Filter;
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
import javax.servlet.FilterConfig;
|
import javax.servlet.FilterConfig;
|
||||||
@ -38,29 +40,40 @@
|
|||||||
public class KMSMDCFilter implements Filter {
|
public class KMSMDCFilter implements Filter {
|
||||||
|
|
||||||
private static class Data {
|
private static class Data {
|
||||||
private UserGroupInformation ugi;
|
private final UserGroupInformation ugi;
|
||||||
private String method;
|
private final String method;
|
||||||
private StringBuffer url;
|
private final String url;
|
||||||
|
private final String remoteClientAddress;
|
||||||
|
|
||||||
private Data(UserGroupInformation ugi, String method, StringBuffer url) {
|
private Data(UserGroupInformation ugi, String method, String url,
|
||||||
|
String remoteClientAddress) {
|
||||||
this.ugi = ugi;
|
this.ugi = ugi;
|
||||||
this.method = method;
|
this.method = method;
|
||||||
this.url = url;
|
this.url = url;
|
||||||
|
this.remoteClientAddress = remoteClientAddress;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static final ThreadLocal<Data> DATA_TL = new ThreadLocal<Data>();
|
private static final ThreadLocal<Data> DATA_TL = new ThreadLocal<Data>();
|
||||||
|
|
||||||
public static UserGroupInformation getUgi() {
|
public static UserGroupInformation getUgi() {
|
||||||
return DATA_TL.get().ugi;
|
Data data = DATA_TL.get();
|
||||||
|
return data != null ? data.ugi : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String getMethod() {
|
public static String getMethod() {
|
||||||
return DATA_TL.get().method;
|
Data data = DATA_TL.get();
|
||||||
|
return data != null ? data.method : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String getURL() {
|
public static String getURL() {
|
||||||
return DATA_TL.get().url.toString();
|
Data data = DATA_TL.get();
|
||||||
|
return data != null ? data.url : null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String getRemoteClientAddress() {
|
||||||
|
Data data = DATA_TL.get();
|
||||||
|
return data != null ? data.remoteClientAddress : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -72,22 +85,41 @@ public void doFilter(ServletRequest request, ServletResponse response,
|
|||||||
FilterChain chain)
|
FilterChain chain)
|
||||||
throws IOException, ServletException {
|
throws IOException, ServletException {
|
||||||
try {
|
try {
|
||||||
DATA_TL.remove();
|
clearContext();
|
||||||
UserGroupInformation ugi = HttpUserGroupInformation.get();
|
UserGroupInformation ugi = HttpUserGroupInformation.get();
|
||||||
String method = ((HttpServletRequest) request).getMethod();
|
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
|
||||||
StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
|
String method = httpServletRequest.getMethod();
|
||||||
String queryString = ((HttpServletRequest) request).getQueryString();
|
StringBuffer requestURL = httpServletRequest.getRequestURL();
|
||||||
|
String queryString = httpServletRequest.getQueryString();
|
||||||
if (queryString != null) {
|
if (queryString != null) {
|
||||||
requestURL.append("?").append(queryString);
|
requestURL.append("?").append(queryString);
|
||||||
}
|
}
|
||||||
DATA_TL.set(new Data(ugi, method, requestURL));
|
setContext(ugi, method, requestURL.toString(), request.getRemoteAddr());
|
||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
} finally {
|
} finally {
|
||||||
DATA_TL.remove();
|
clearContext();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void destroy() {
|
public void destroy() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the context with the given parameters.
|
||||||
|
* @param ugi the {@link UserGroupInformation} for the current request.
|
||||||
|
* @param method the http method
|
||||||
|
* @param requestURL the requested URL.
|
||||||
|
* @param remoteAddr the remote address of the client.
|
||||||
|
*/
|
||||||
|
@VisibleForTesting
|
||||||
|
public static void setContext(UserGroupInformation ugi,
|
||||||
|
String method, String requestURL, String remoteAddr) {
|
||||||
|
DATA_TL.set(new Data(ugi, method, requestURL, remoteAddr));
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void clearContext() {
|
||||||
|
DATA_TL.remove();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user