diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 8ef642d5ed..f39cb69c7f 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -189,6 +189,8 @@ Release 2.0.1-alpha - UNRELEASED HADOOP-8323. Add javadoc and tests for Text.clear() behavior (harsh) + HADOOP-8358. Config-related WARN for dfs.web.ugi can be avoided. (harsh) + BUG FIXES HADOOP-8372. NetUtils.normalizeHostName() incorrectly handles hostname diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java index e2955ab9e7..29e4f1373d 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeys.java @@ -20,6 +20,7 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.http.lib.StaticUserWebFilter; /** * This class contains constants for configuration keys used @@ -163,5 +164,12 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic { "ha.failover-controller.cli-check.rpc-timeout.ms"; public static final int HA_FC_CLI_CHECK_TIMEOUT_DEFAULT = 20000; + /** Static user web-filter properties. + * See {@link StaticUserWebFilter}. + */ + public static final String HADOOP_HTTP_STATIC_USER = + "hadoop.http.staticuser.user"; + public static final String DEFAULT_HADOOP_HTTP_STATIC_USER = + "dr.who"; } diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/lib/StaticUserWebFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/lib/StaticUserWebFilter.java index f1ee20cfe9..9ca5b927df 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/lib/StaticUserWebFilter.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/lib/StaticUserWebFilter.java @@ -37,15 +37,15 @@ import javax.servlet.Filter; +import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER; +import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER; + /** * Provides a servlet filter that pretends to authenticate a fake user (Dr.Who) * so that the web UI is usable for a secure cluster without authentication. */ public class StaticUserWebFilter extends FilterInitializer { static final String DEPRECATED_UGI_KEY = "dfs.web.ugi"; - - static final String USERNAME_KEY = "hadoop.http.staticuser.user"; - static final String USERNAME_DEFAULT = "dr.who"; private static final Log LOG = LogFactory.getLog(StaticUserWebFilter.class); @@ -112,7 +112,7 @@ public String getRemoteUser() { @Override public void init(FilterConfig conf) throws ServletException { - this.username = conf.getInitParameter(USERNAME_KEY); + this.username = conf.getInitParameter(HADOOP_HTTP_STATIC_USER); this.user = new User(username); } @@ -123,7 +123,7 @@ public void initFilter(FilterContainer container, Configuration conf) { HashMap options = new HashMap(); String username = getUsernameFromConf(conf); - options.put(USERNAME_KEY, username); + options.put(HADOOP_HTTP_STATIC_USER, username); container.addFilter("static_user_filter", StaticUserFilter.class.getName(), @@ -139,11 +139,12 @@ static String getUsernameFromConf(Configuration conf) { // We can't use the normal configuration deprecation mechanism here // since we need to split out the username from the configured UGI. LOG.warn(DEPRECATED_UGI_KEY + " should not be used. Instead, use " + - USERNAME_KEY + "."); + HADOOP_HTTP_STATIC_USER + "."); String[] parts = oldStyleUgi.split(","); return parts[0]; } else { - return conf.get(USERNAME_KEY, USERNAME_DEFAULT); + return conf.get(HADOOP_HTTP_STATIC_USER, + DEFAULT_HADOOP_HTTP_STATIC_USER); } } diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml index e7e3c1b265..1e72e362e7 100644 --- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml +++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml @@ -1003,4 +1003,15 @@ this configuration will be loaded from within. + + + + + The user name to filter as, on static web filters + while rendering content. An example use is the HDFS + web UI (user to be used for browsing files). + + hadoop.http.staticuser.user + dr.who + diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/lib/TestStaticUserWebFilter.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/lib/TestStaticUserWebFilter.java index b7bf98cd50..9b161df25f 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/lib/TestStaticUserWebFilter.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/lib/TestStaticUserWebFilter.java @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequestWrapper; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.http.lib.StaticUserWebFilter.StaticUserFilter; import org.junit.Test; import org.mockito.ArgumentCaptor; @@ -36,7 +37,7 @@ public class TestStaticUserWebFilter { private FilterConfig mockConfig(String username) { FilterConfig mock = Mockito.mock(FilterConfig.class); Mockito.doReturn(username).when(mock).getInitParameter( - StaticUserWebFilter.USERNAME_KEY); + CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER); return mock; } @@ -73,7 +74,7 @@ public void testOldStyleConfiguration() { @Test public void testConfiguration() { Configuration conf = new Configuration(); - conf.set(StaticUserWebFilter.USERNAME_KEY, "joe"); + conf.set(CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER, "joe"); assertEquals("joe", StaticUserWebFilter.getUsernameFromConf(conf)); } diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java index e3f9127e1f..d75a267c6c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java @@ -71,10 +71,12 @@ import org.apache.hadoop.security.token.Token; import org.apache.hadoop.util.VersionInfo; +import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_HTTP_STATIC_USER; +import static org.apache.hadoop.fs.CommonConfigurationKeys.DEFAULT_HADOOP_HTTP_STATIC_USER; + @InterfaceAudience.Private public class JspHelper { public static final String CURRENT_CONF = "current.conf"; - final static public String WEB_UGI_PROPERTY_NAME = DFSConfigKeys.DFS_WEB_UGI_KEY; public static final String DELEGATION_PARAMETER_NAME = DelegationParam.NAME; public static final String NAMENODE_ADDRESS = "nnaddr"; static final String SET_DELEGATION = "&" + DELEGATION_PARAMETER_NAME + @@ -483,11 +485,12 @@ public static String validateURL(String value) { */ public static UserGroupInformation getDefaultWebUser(Configuration conf ) throws IOException { - String[] strings = conf.getStrings(JspHelper.WEB_UGI_PROPERTY_NAME); - if (strings == null || strings.length == 0) { + String user = conf.get( + HADOOP_HTTP_STATIC_USER, DEFAULT_HADOOP_HTTP_STATIC_USER); + if (user == null || user.length() == 0) { throw new IOException("Cannot determine UGI from request or conf"); } - return UserGroupInformation.createRemoteUser(strings[0]); + return UserGroupInformation.createRemoteUser(user); } private static InetSocketAddress getNNServiceAddress(ServletContext context, diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml b/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml index e6a19873bd..9e1a4356c6 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml @@ -239,14 +239,6 @@ left empty in a non-HA cluster. - - - dfs.web.ugi - webuser,webgroup - The user account used by the web interface. - Syntax: USERNAME,GROUP1,GROUP2, ... - - dfs.permissions.enabled