Revert "HADOOP-13707. If kerberos is enabled while HTTP SPNEGO is not configured, some links cannot be accessed. Contributed by Yuanbo Liu"

Change-Id: I946a466a43d56c73bb0135384e73cb8513595461
(cherry picked from commit 80ee5248b2dda1cb8d122d4f362f2f8cf02b9467)
This commit is contained in:
Wangda Tan 2018-03-14 10:47:35 -07:00
parent 41fc7f80be
commit 252c2b4d52
6 changed files with 12 additions and 75 deletions

View File

@ -20,7 +20,6 @@
import java.io.IOException; import java.io.IOException;
import java.io.Writer; import java.io.Writer;
import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -59,12 +58,7 @@ private Configuration getConfFromContext() {
public void doGet(HttpServletRequest request, HttpServletResponse response) public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { throws ServletException, IOException {
// If user is a static user and auth Type is null, that means if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
// there is a non-security environment and no need authorization,
// otherwise, do the authorization.
final ServletContext servletContext = getServletContext();
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
!HttpServer2.isInstrumentationAccessAllowed(servletContext,
request, response)) { request, response)) {
return; return;
} }

View File

@ -19,7 +19,6 @@
import java.io.IOException; import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -36,13 +35,9 @@ public class AdminAuthorizedServlet extends DefaultServlet {
@Override @Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { throws ServletException, IOException {
// If user is a static user and auth Type is null, that means // Do the authorization
// there is a non-security environment and no need authorization, if (HttpServer2.hasAdministratorAccess(getServletContext(), request,
// otherwise, do the authorization.
final ServletContext servletContext = getServletContext();
if (HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) ||
HttpServer2.hasAdministratorAccess(servletContext, request,
response)) { response)) {
// Authorization is done. Just call super. // Authorization is done. Just call super.
super.doGet(request, response); super.doGet(request, response);

View File

@ -17,9 +17,6 @@
*/ */
package org.apache.hadoop.http; package org.apache.hadoop.http;
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
@ -1358,24 +1355,6 @@ public String toString() {
return sb.toString(); return sb.toString();
} }
/**
* check whether user is static and unauthenticated, if the
* answer is TRUE, that means http sever is in non-security
* environment.
* @param servletContext the servlet context.
* @param request the servlet request.
* @return TRUE/FALSE based on the logic described above.
*/
public static boolean isStaticUserAndNoneAuthType(
ServletContext servletContext, HttpServletRequest request) {
Configuration conf =
(Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE);
final String authType = request.getAuthType();
final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER,
DEFAULT_HADOOP_HTTP_STATIC_USER);
return authType == null && staticUser.equals(request.getRemoteUser());
}
/** /**
* Checks the user has privileges to access to instrumentation servlets. * Checks the user has privileges to access to instrumentation servlets.
* <p/> * <p/>
@ -1473,14 +1452,9 @@ public static class StackServlet extends HttpServlet {
@Override @Override
public void doGet(HttpServletRequest request, HttpServletResponse response) public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException { throws ServletException, IOException {
// If user is a static user and auth Type is null, that means if (!HttpServer2.isInstrumentationAccessAllowed(getServletContext(),
// there is a non-security environment and no need authorization, request, response)) {
// otherwise, do the authorization.
final ServletContext servletContext = getServletContext();
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
!HttpServer2.isInstrumentationAccessAllowed(servletContext,
request, response)) {
return; return;
} }
response.setContentType("text/plain; charset=UTF-8"); response.setContentType("text/plain; charset=UTF-8");

View File

@ -38,7 +38,6 @@
import javax.management.openmbean.CompositeData; import javax.management.openmbean.CompositeData;
import javax.management.openmbean.CompositeType; import javax.management.openmbean.CompositeType;
import javax.management.openmbean.TabularData; import javax.management.openmbean.TabularData;
import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -170,12 +169,7 @@ protected void doTrace(HttpServletRequest req, HttpServletResponse resp)
@Override @Override
public void doGet(HttpServletRequest request, HttpServletResponse response) { public void doGet(HttpServletRequest request, HttpServletResponse response) {
try { try {
// If user is a static user and auth Type is null, that means if (!isInstrumentationAccessAllowed(request, response)) {
// there is a non-security environment and no need authorization,
// otherwise, do the authorization.
final ServletContext servletContext = getServletContext();
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
!isInstrumentationAccessAllowed(request, response)) {
return; return;
} }
JsonGenerator jg = null; JsonGenerator jg = null;

View File

@ -27,7 +27,6 @@
import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -324,13 +323,9 @@ public static class Servlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response public void doGet(HttpServletRequest request, HttpServletResponse response
) throws ServletException, IOException { ) throws ServletException, IOException {
// If user is a static user and auth Type is null, that means // Do the authorization
// there is a non-security environment and no need authorization, if (!HttpServer2.hasAdministratorAccess(getServletContext(), request,
// otherwise, do the authorization. response)) {
final ServletContext servletContext = getServletContext();
if (!HttpServer2.isStaticUserAndNoneAuthType(servletContext, request) &&
!HttpServer2.hasAdministratorAccess(servletContext,
request, response)) {
return; return;
} }

View File

@ -69,9 +69,6 @@
import java.util.concurrent.Executor; import java.util.concurrent.Executor;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER;
import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER;
public class TestHttpServer extends HttpServerFunctionalTest { public class TestHttpServer extends HttpServerFunctionalTest {
static final Logger LOG = LoggerFactory.getLogger(TestHttpServer.class); static final Logger LOG = LoggerFactory.getLogger(TestHttpServer.class);
private static HttpServer2 server; private static HttpServer2 server;
@ -485,7 +482,7 @@ public void testAuthorizationOfDefaultServlets() throws Exception {
String serverURL = "http://" String serverURL = "http://"
+ NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/"; + NetUtils.getHostPortString(myServer.getConnectorAddress(0)) + "/";
for (String servlet : new String[] { "conf", "logs", "stacks", for (String servlet : new String[] { "conf", "logs", "stacks",
"logLevel", "jmx" }) { "logLevel" }) {
for (String user : new String[] { "userA", "userB", "userC", "userD" }) { for (String user : new String[] { "userA", "userB", "userC", "userD" }) {
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(serverURL
+ servlet, user)); + servlet, user));
@ -493,18 +490,6 @@ public void testAuthorizationOfDefaultServlets() throws Exception {
assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode( assertEquals(HttpURLConnection.HTTP_FORBIDDEN, getHttpStatusCode(
serverURL + servlet, "userE")); serverURL + servlet, "userE"));
} }
// hadoop.security.authorization is set as true while
// hadoop.http.authentication.type's value is `simple`(default value)
// in this case, static user has administrator access
final String staticUser = conf.get(HADOOP_HTTP_STATIC_USER,
DEFAULT_HADOOP_HTTP_STATIC_USER);
for (String servlet : new String[] {"conf", "logs", "stacks",
"logLevel", "jmx"}) {
assertEquals(HttpURLConnection.HTTP_OK, getHttpStatusCode(
serverURL + servlet, staticUser));
}
myServer.stop(); myServer.stop();
} }