commit 0f10509ebda95a724ca24bce13dec0965ced6d37

Author: Devaraj Das <ddas@yahoo-inc.com>
Date:   Mon Feb 22 15:21:20 2010 -0800

    HADOOP:6583 from https://issues.apache.org/jira/secure/attachment/12436643/6583-bp20.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HADOOP-6583. Captures authentication and authorization metrics. (ddas)
    +


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security-patches@1077198 13f79535-47bb-0310-9956-ffa450edef68

src/core/org/apache/hadoop/ipc/Server.java

@@ -222,6 +222,11 @@ public abstract class Server {
       }
     }
   }
+  
+  /*Returns a handle to the rpcMetrics (required in tests)*/
+  public RpcMetrics getRpcMetrics() {
+    return rpcMetrics;
+  }
 
   /** A call queued for handling. */
   private static class Call {
@@ -876,7 +881,13 @@ public abstract class Server {
         if (LOG.isDebugEnabled())
           LOG.debug("Have read input token of size " + saslToken.length
               + " for processing by saslServer.evaluateResponse()");
-        byte[] replyToken = saslServer.evaluateResponse(saslToken);
+        byte[] replyToken;
+        try {
+          replyToken = saslServer.evaluateResponse(saslToken);
+        } catch (SaslException se) {
+          rpcMetrics.authenticationFailures.inc();
+          throw se;
+        }
         if (replyToken != null) {
           if (LOG.isDebugEnabled())
             LOG.debug("Will send token of size " + replyToken.length
@@ -1077,6 +1088,7 @@ public abstract class Server {
     
     private void processOneRpc(byte[] buf) throws IOException,
         InterruptedException {
+      rpcMetrics.authenticationSuccesses.inc();
       if (headerRead) {
         processData(buf);
       } else {
@@ -1120,7 +1132,9 @@ public abstract class Server {
         if (LOG.isDebugEnabled()) {
           LOG.debug("Successfully authorized " + header);
         }
+        rpcMetrics.authorizationSuccesses.inc();
       } catch (AuthorizationException ae) {
+        rpcMetrics.authorizationFailures.inc();
         authFailedCall.connection = this;
         setupResponse(authFailedResponse, authFailedCall, Status.FATAL, null,
             ae.getClass().getName(), ae.getMessage());

src/core/org/apache/hadoop/ipc/metrics/RpcMetrics.java

@@ -27,6 +27,7 @@ import org.apache.hadoop.metrics.Updater;
 import org.apache.hadoop.metrics.util.MetricsBase;
 import org.apache.hadoop.metrics.util.MetricsIntValue;
 import org.apache.hadoop.metrics.util.MetricsRegistry;
+import org.apache.hadoop.metrics.util.MetricsTimeVaryingInt;
 import org.apache.hadoop.metrics.util.MetricsTimeVaryingRate;
 
 /**
@@ -79,7 +80,14 @@ public class RpcMetrics implements Updater {
           new MetricsIntValue("NumOpenConnections", registry);
   public MetricsIntValue callQueueLen = 
           new MetricsIntValue("callQueueLen", registry);
-  
+  public MetricsTimeVaryingInt authenticationFailures = 
+          new MetricsTimeVaryingInt("rpcAuthenticationFailures", registry);
+  public MetricsTimeVaryingInt authenticationSuccesses = 
+          new MetricsTimeVaryingInt("rpcAuthenticationSuccesses", registry);
+  public MetricsTimeVaryingInt authorizationFailures = 
+          new MetricsTimeVaryingInt("rpcAuthorizationFailures", registry);
+  public MetricsTimeVaryingInt authorizationSuccesses = 
+         new MetricsTimeVaryingInt("rpcAuthorizationSuccesses", registry);
   /**
    * Push the metrics to the monitoring subsystem on doUpdate() call.
    */

src/test/org/apache/hadoop/ipc/TestRPC.java

@@ -364,6 +364,31 @@ public class TestRPC extends TestCase {
       if (proxy != null) {
         RPC.stopProxy(proxy);
       }
+      if (expectFailure) {
+        assertTrue("Expected 1 but got " + 
+            server.getRpcMetrics().authorizationFailures
+            .getCurrentIntervalValue(), 
+            server.getRpcMetrics().authorizationFailures
+            .getCurrentIntervalValue() == 1);
+      } else {
+        assertTrue("Expected 1 but got " + 
+            server.getRpcMetrics().authorizationSuccesses
+            .getCurrentIntervalValue(),
+            server.getRpcMetrics().authorizationSuccesses
+            .getCurrentIntervalValue() == 1);
+      }
+      //since we don't have authentication turned ON, we should see 
+      // >0 for the authentication successes and 0 for failure
+      assertTrue("Expected 0 but got " + 
+          server.getRpcMetrics().authenticationFailures
+          .getCurrentIntervalValue(),
+          server.getRpcMetrics().authenticationFailures
+          .getCurrentIntervalValue() == 0);
+      assertTrue("Expected greater than 0 but got " + 
+          server.getRpcMetrics().authenticationSuccesses
+          .getCurrentIntervalValue(),
+          server.getRpcMetrics().authenticationSuccesses
+          .getCurrentIntervalValue() > 0);
     }
   }