HADOOP-15014. KMS should log the IP address of the clients. Contributed by Zsombor Gegesy.

Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2019-04-16 05:27:29 -07:00 · 2019-04-16 05:27:29 -07:00 · 008766c119
commit 008766c119
parent a5ceed26f3
2 changed files with 48 additions and 15 deletions
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSExceptionsProvider.java
@ -111,9 +111,10 @@ protected void log(Response.Status status, Throwable ex) {
    UserGroupInformation ugi = KMSMDCFilter.getUgi();
    String method = KMSMDCFilter.getMethod();
    String url = KMSMDCFilter.getURL();
+    String remoteClientAddress = KMSMDCFilter.getRemoteClientAddress();
    String msg = getOneLineMessage(ex);
-    LOG.warn("User:'{}' Method:{} URL:{} Response:{}-{}", ugi, method, url,
-        status, msg, ex);
+    LOG.warn("User:'{}' Method:{} URL:{} From:{} Response:{}-{}", ugi, method,
+        url, remoteClientAddress, status, msg, ex);
  }

 }
--- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@ -21,6 +21,8 @@
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;

+import com.google.common.annotations.VisibleForTesting;
+
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@ -38,29 +40,40 @@
 public class KMSMDCFilter implements Filter {

  private static class Data {
-    private UserGroupInformation ugi;
-    private String method;
-    private StringBuffer url;
+    private final UserGroupInformation ugi;
+    private final String method;
+    private final String url;
+    private final String remoteClientAddress;

-    private Data(UserGroupInformation ugi, String method, StringBuffer url) {
+    private Data(UserGroupInformation ugi, String method, String url,
+        String remoteClientAddress) {
      this.ugi = ugi;
      this.method = method;
      this.url = url;
+      this.remoteClientAddress = remoteClientAddress;
    }
  }

  private static final ThreadLocal<Data> DATA_TL = new ThreadLocal<Data>();

  public static UserGroupInformation getUgi() {
-    return DATA_TL.get().ugi;
+    Data data = DATA_TL.get();
+    return data != null ? data.ugi : null;
  }

  public static String getMethod() {
-    return DATA_TL.get().method;
+    Data data = DATA_TL.get();
+    return data != null ? data.method : null;
  }

  public static String getURL() {
-    return DATA_TL.get().url.toString();
+    Data data = DATA_TL.get();
+    return data != null ? data.url : null;
+  }
+
+  public static String getRemoteClientAddress() {
+    Data data = DATA_TL.get();
+    return data != null ? data.remoteClientAddress : null;
  }

  @Override
@ -72,22 +85,41 @@ public void doFilter(ServletRequest request, ServletResponse response,
      FilterChain chain)
      throws IOException, ServletException {
    try {
-      DATA_TL.remove();
+      clearContext();
      UserGroupInformation ugi = HttpUserGroupInformation.get();
-      String method = ((HttpServletRequest) request).getMethod();
-      StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
-      String queryString = ((HttpServletRequest) request).getQueryString();
+      HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+      String method = httpServletRequest.getMethod();
+      StringBuffer requestURL = httpServletRequest.getRequestURL();
+      String queryString = httpServletRequest.getQueryString();
      if (queryString != null) {
        requestURL.append("?").append(queryString);
      }
-      DATA_TL.set(new Data(ugi, method, requestURL));
+      setContext(ugi, method, requestURL.toString(), request.getRemoteAddr());
      chain.doFilter(request, response);
    } finally {
-      DATA_TL.remove();
+      clearContext();
    }
  }

  @Override
  public void destroy() {
  }
+
+  /**
+   * Sets the context with the given parameters.
+   * @param ugi the {@link UserGroupInformation} for the current request.
+   * @param method the http method
+   * @param requestURL the requested URL.
+   * @param remoteAddr the remote address of the client.
+   */
+  @VisibleForTesting
+  public static void setContext(UserGroupInformation ugi,
+      String method, String requestURL, String remoteAddr) {
+    DATA_TL.set(new Data(ugi, method, requestURL, remoteAddr));
+  }
+
+  private static void clearContext() {
+    DATA_TL.remove();
+  }
+
 }