9 年之前 · dc325ee550
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -1735,6 +1735,9 @@ Release 2.8.0 - UNRELEASED
 
				     HDFS-9713. DataXceiver#copyBlock should return if block is pinned.
			
 
				     (umamahesh)
			
 
				 
			
 
				+    HDFS-9760. WebHDFS AuthFilter cannot be configured with custom AltKerberos
			
 
				+    auth handler (Ryan Sasson via aw)
			
 
				+
			
 
				 Release 2.7.3 - UNRELEASED
			
 
				 
			
 
				   INCOMPATIBLE CHANGES
			
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
@@ -21,7 +21,9 @@ package org.apache.hadoop.hdfs.server.namenode;
 
				 import java.io.IOException;
			
 
				 import java.net.InetSocketAddress;
			
 
				 import java.util.HashMap;
			
 
				+import java.util.Iterator;
			
 
				 import java.util.Map;
			
 
				+import java.util.Map.Entry;
			
 
				 
			
 
				 import javax.servlet.ServletContext;
			
 
				 
			
@@ -33,6 +35,7 @@ import org.apache.hadoop.hdfs.security.token.delegation.DelegationUtilsClient;
 
				 import org.apache.hadoop.hdfs.server.common.JspHelper;
			
 
				 import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
			
 
				 import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
			
 
				+import org.apache.hadoop.hdfs.web.AuthFilter;
			
 
				 import org.apache.hadoop.hdfs.web.WebHdfsFileSystem;
			
 
				 import org.apache.hadoop.hdfs.web.resources.Param;
			
 
				 import org.apache.hadoop.hdfs.web.resources.UserParam;
			
@@ -159,6 +162,14 @@ public class NameNodeHttpServer {
 
				   private Map<String, String> getAuthFilterParams(Configuration conf)
			
 
				       throws IOException {
			
 
				     Map<String, String> params = new HashMap<String, String>();
			
 
				+    // Select configs beginning with 'dfs.web.authentication.'
			
 
				+    Iterator<Map.Entry<String, String>> iterator = conf.iterator();
			
 
				+    while (iterator.hasNext()) {
			
 
				+      Entry<String, String> kvPair = iterator.next();
			
 
				+      if (kvPair.getKey().startsWith(AuthFilter.CONF_PREFIX)) {
			
 
				+        params.put(kvPair.getKey(), kvPair.getValue());
			
 
				+      }
			
 
				+    }
			
 
				     String principalInConf = conf
			
 
				         .get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY);
			
 
				     if (principalInConf != null && !principalInConf.isEmpty()) {
			
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/AuthFilter.java
@@ -46,7 +46,7 @@ import org.apache.hadoop.util.StringUtils;
 
				  * obtains Hadoop-Auth configuration for webhdfs.
			
 
				  */
			
 
				 public class AuthFilter extends AuthenticationFilter {
			
 
				-  private static final String CONF_PREFIX = "dfs.web.authentication.";
			
 
				+  public static final String CONF_PREFIX = "dfs.web.authentication.";
			
 
				 
			
 
				   /**
			
 
				    * Returns the filter configuration properties,
			
@@ -62,9 +62,11 @@ public class AuthFilter extends AuthenticationFilter {
 
				   protected Properties getConfiguration(String prefix, FilterConfig config)
			
 
				       throws ServletException {
			
 
				     final Properties p = super.getConfiguration(CONF_PREFIX, config);
			
 
				-    // set authentication type
			
 
				-    p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
			
 
				-        KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
			
 
				+    // if not set, configure based on security enabled
			
 
				+    if (p.getProperty(AUTH_TYPE) == null) {
			
 
				+      p.setProperty(AUTH_TYPE, UserGroupInformation.isSecurityEnabled()?
			
 
				+          KerberosAuthenticationHandler.TYPE: PseudoAuthenticationHandler.TYPE);
			
 
				+    }
			
 
				     // if not set, enable anonymous for pseudo authentication
			
 
				     if (p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED) == null) {
			
 
				       p.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
			
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestAuthFilter.java
@@ -98,4 +98,19 @@ public class TestAuthFilter {
 
				     Assert.assertEquals("true",
			
 
				         p.getProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED));
			
 
				   }
			
 
				+
			
 
				+  @Test
			
 
				+  public void testGetCustomAuthConfiguration() throws ServletException {
			
 
				+    AuthFilter filter = new AuthFilter();
			
 
				+    Map<String, String> m = new HashMap<String,String>();
			
 
				+
			
 
				+    m.put(AuthFilter.CONF_PREFIX + AuthFilter.AUTH_TYPE, "com.yourclass");
			
 
				+    m.put(AuthFilter.CONF_PREFIX + "alt-kerberos.param", "value");
			
 
				+    FilterConfig config = new DummyFilterConfig(m);
			
 
				+
			
 
				+    Properties p = filter.getConfiguration(AuthFilter.CONF_PREFIX, config);
			
 
				+    Assert.assertEquals("com.yourclass", p.getProperty(AuthFilter.AUTH_TYPE));
			
 
				+    Assert.assertEquals("value", p.getProperty("alt-kerberos.param"));
			
 
				+  }
			
 
				+
			
 
				 }