пре 11 година · 0077999972
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -380,6 +380,9 @@ Release 2.5.0 - UNRELEASED
 
															     HADOOP-10158. SPNEGO should work with multiple interfaces/SPNs.
														
 
															     (daryn via kihwal)
														
 
															+    HADOOP-10566. Refactor proxyservers out of ProxyUsers.
														
 
															+    (Benoy Antony via suresh)
														
 
															+
														
 
															   OPTIMIZATIONS
														
 
															   BUG FIXES 
														
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ProxyUsers.java
@@ -19,12 +19,10 @@
 
															 package org.apache.hadoop.security.authorize;
														
 
															 import java.net.InetAddress;
														
 
															-import java.net.InetSocketAddress;
														
 
															 import java.net.UnknownHostException;
														
 
															 import java.util.ArrayList;
														
 
															 import java.util.Collection;
														
 
															 import java.util.HashMap;
														
 
															-import java.util.HashSet;
														
 
															 import java.util.Map;
														
 
															 import java.util.Map.Entry;
														
@@ -44,7 +42,6 @@ public class ProxyUsers {
 
															   private static final String CONF_GROUPS = ".groups";
														
 
															   private static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
														
 
															   private static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\.";
														
 
															-  public static final String CONF_HADOOP_PROXYSERVERS = "hadoop.proxyservers";
														
 
															   private static boolean init = false;
														
 
															   //list of users, groups and hosts per proxyuser
														
@@ -54,8 +51,6 @@ public class ProxyUsers {
 
															     new HashMap<String, Collection<String>>();
														
 
															   private static Map<String, Collection<String>> proxyHosts = 
														
 
															     new HashMap<String, Collection<String>>();
														
 
															-  private static Collection<String> proxyServers =
														
 
															-    new HashSet<String>();
														
 
															   /**
														
 
															    * reread the conf and get new values for "hadoop.proxyuser.*.groups/users/hosts"
														
@@ -75,7 +70,6 @@ public class ProxyUsers {
 
															     proxyGroups.clear();
														
 
															     proxyHosts.clear();
														
 
															     proxyUsers.clear();
														
 
															-    proxyServers.clear();
														
 
															     // get all the new keys for users
														
 
															     String regex = CONF_HADOOP_PROXYUSER_RE+"[^.]*\\"+CONF_USERS;
														
@@ -103,22 +97,8 @@ public class ProxyUsers {
 
															       proxyHosts.put(entry.getKey(),
														
 
															           StringUtils.getTrimmedStringCollection(entry.getValue()));
														
 
															     }
														
 
															-    
														
 
															-    // trusted proxy servers such as http proxies
														
 
															-    for (String host : conf.getTrimmedStrings(CONF_HADOOP_PROXYSERVERS)) {
														
 
															-      InetSocketAddress addr = new InetSocketAddress(host, 0);
														
 
															-      if (!addr.isUnresolved()) {
														
 
															-        proxyServers.add(addr.getAddress().getHostAddress());
														
 
															-      }
														
 
															-    }
														
 
															     init = true;
														
 
															-  }
														
 
															-
														
 
															-  public static synchronized boolean isProxyServer(String remoteAddr) { 
														
 
															-    if(!init) {
														
 
															-      refreshSuperUserGroupsConfiguration(); 
														
 
															-    }
														
 
															-    return proxyServers.contains(remoteAddr);
														
 
															+    ProxyServers.refresh(conf);
														
 
															   }
														
 
															   /**
														
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestProxyUsers.java
@@ -327,17 +327,6 @@ public class TestProxyUsers {
 
															     assertEquals (1,hosts.size());
														
 
															   }
														
 
															-  @Test
														
 
															-  public void testProxyServer() {
														
 
															-    Configuration conf = new Configuration();
														
 
															-    assertFalse(ProxyUsers.isProxyServer("1.1.1.1"));
														
 
															-    conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "2.2.2.2, 3.3.3.3");
														
 
															-    ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
														
 
															-    assertFalse(ProxyUsers.isProxyServer("1.1.1.1"));
														
 
															-    assertTrue(ProxyUsers.isProxyServer("2.2.2.2"));
														
 
															-    assertTrue(ProxyUsers.isProxyServer("3.3.3.3"));
														
 
															-  }
														
 
															-
														
 
															   private void assertNotAuthorized(UserGroupInformation proxyUgi, String host) {
														
 
															     try {
														
 
															       ProxyUsers.authorize(proxyUgi, host);
														
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java
@@ -34,6 +34,7 @@ import org.apache.hadoop.security.SecurityUtil;
 
															 import org.apache.hadoop.security.UserGroupInformation;
														
 
															 import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
														
 
															 import org.apache.hadoop.security.authentication.util.KerberosName;
														
 
															+import org.apache.hadoop.security.authorize.ProxyServers;
														
 
															 import org.apache.hadoop.security.authorize.ProxyUsers;
														
 
															 import org.apache.hadoop.security.token.Token;
														
@@ -193,7 +194,7 @@ public class JspHelper {
 
															   public static String getRemoteAddr(HttpServletRequest request) {
														
 
															     String remoteAddr = request.getRemoteAddr();
														
 
															     String proxyHeader = request.getHeader("X-Forwarded-For");
														
 
															-    if (proxyHeader != null && ProxyUsers.isProxyServer(remoteAddr)) {
														
 
															+    if (proxyHeader != null && ProxyServers.isProxyServer(remoteAddr)) {
														
 
															       final String clientAddr = proxyHeader.split(",")[0].trim();
														
 
															       if (!clientAddr.isEmpty()) {
														
 
															         remoteAddr = clientAddr;
														
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java
@@ -30,6 +30,7 @@ import org.apache.hadoop.io.Text;
 
															 import org.apache.hadoop.security.UserGroupInformation;
														
 
															 import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
														
 
															 import org.apache.hadoop.security.authorize.AuthorizationException;
														
 
															+import org.apache.hadoop.security.authorize.ProxyServers;
														
 
															 import org.apache.hadoop.security.authorize.ProxyUsers;
														
 
															 import org.apache.hadoop.security.token.Token;
														
 
															 import org.apache.hadoop.security.token.TokenIdentifier;
														
@@ -51,7 +52,6 @@ import static org.mockito.Mockito.when;
 
															 public class TestJspHelper {
														
 
															   private final Configuration conf = new HdfsConfiguration();
														
 
															-  private String jspWriterOutput = "";
														
 
															   // allow user with TGT to run tests
														
 
															   @BeforeClass
														
@@ -450,7 +450,7 @@ public class TestJspHelper {
 
															       when(req.getRemoteAddr()).thenReturn(proxyAddr);
														
 
															       when(req.getHeader("X-Forwarded-For")).thenReturn(clientAddr);
														
 
															       if (trusted) {
														
 
															-        conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, proxyAddr);
														
 
															+        conf.set(ProxyServers.CONF_HADOOP_PROXYSERVERS, proxyAddr);
														
 
															       }
														
 
															     }
														
 
															     ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
														
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java
@@ -32,14 +32,15 @@ import java.net.URISyntaxException;
 
															 import org.apache.hadoop.conf.Configuration;
														
 
															 import org.apache.hadoop.fs.FileStatus;
														
 
															 import org.apache.hadoop.fs.FileSystem;
														
 
															-import org.apache.hadoop.fs.permission.FsPermission;
														
 
															 import org.apache.hadoop.fs.Path;
														
 
															+import org.apache.hadoop.fs.permission.FsPermission;
														
 
															 import org.apache.hadoop.hdfs.HdfsConfiguration;
														
 
															 import org.apache.hadoop.hdfs.MiniDFSCluster;
														
 
															 import org.apache.hadoop.hdfs.web.resources.GetOpParam;
														
 
															 import org.apache.hadoop.ipc.RemoteException;
														
 
															 import org.apache.hadoop.net.NetUtils;
														
 
															 import org.apache.hadoop.security.authorize.ProxyUsers;
														
 
															+import org.apache.hadoop.security.authorize.ProxyServers;
														
 
															 import org.junit.Before;
														
 
															 import org.junit.Test;
														
@@ -120,7 +121,7 @@ public class TestAuditLogger {
 
															       assertEquals("127.0.0.1", DummyAuditLogger.remoteAddr);
														
 
															       // trusted proxied request
														
 
															-      conf.set(ProxyUsers.CONF_HADOOP_PROXYSERVERS, "127.0.0.1");
														
 
															+      conf.set(ProxyServers.CONF_HADOOP_PROXYSERVERS, "127.0.0.1");
														
 
															       ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
														
 
															       conn = (HttpURLConnection) uri.toURL().openConnection();
														
 
															       conn.setRequestMethod(op.getType().toString());