1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.rest;
20
21 import java.io.IOException;
22
23 import javax.servlet.ServletException;
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpServletResponse;
26
27 import org.apache.hadoop.hbase.classification.InterfaceAudience;
28
29 import com.sun.jersey.spi.container.servlet.ServletContainer;
30
31 import org.apache.hadoop.security.UserGroupInformation;
32 import org.apache.hadoop.security.authorize.AuthorizationException;
33 import org.apache.hadoop.security.authorize.ProxyUsers;
34 import org.apache.hadoop.conf.Configuration;
35
36
37
38
39
40 @InterfaceAudience.Private
41 public class RESTServletContainer extends ServletContainer {
42 private static final long serialVersionUID = -2474255003443394314L;
43
44
45
46
47
48
49 @Override
50 public void service(final HttpServletRequest request,
51 final HttpServletResponse response) throws ServletException, IOException {
52 final String doAsUserFromQuery = request.getParameter("doAs");
53 RESTServlet servlet = RESTServlet.getInstance();
54 if (doAsUserFromQuery != null) {
55 Configuration conf = servlet.getConfiguration();
56 if (!servlet.supportsProxyuser()) {
57 throw new ServletException("Support for proxyuser is not configured");
58 }
59
60 UserGroupInformation ugi = UserGroupInformation.createRemoteUser(request.getRemoteUser());
61
62
63 ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi);
64
65 try {
66 ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
67 } catch(AuthorizationException e) {
68 throw new ServletException(e.getMessage());
69 }
70 servlet.setEffectiveUser(doAsUserFromQuery);
71 } else {
72 String effectiveUser = request.getRemoteUser();
73 servlet.setEffectiveUser(effectiveUser);
74 }
75 super.service(request, response);
76 }
77 }