@InterfaceAudience.Private @InterfaceStability.Evolving public class HttpServer extends Object implements FilterContainer
Modifier and Type | Class and Description |
---|---|
static class |
HttpServer.Builder
Class to construct instances of HTTP server with specific options.
|
private static class |
HttpServer.ListenerInfo |
static class |
HttpServer.QuotingInputFilter
A Servlet input filter that quotes all HTML active characters in the
parameter names and values.
|
static class |
HttpServer.StackServlet
A very simple servlet to serve up a text representation of the current
stack traces.
|
Modifier | Constructor and Description |
---|---|
private |
HttpServer(HttpServer.Builder b) |
|
HttpServer(String name,
String bindAddress,
int port,
boolean findPort)
Deprecated.
Since 0.99.0
|
|
HttpServer(String name,
String bindAddress,
int port,
boolean findPort,
org.apache.hadoop.conf.Configuration conf)
Deprecated.
Since 0.99.0
|
|
HttpServer(String name,
String bindAddress,
int port,
boolean findPort,
org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.security.authorize.AccessControlList adminsAcl)
Deprecated.
Since 0.99.0
|
|
HttpServer(String name,
String bindAddress,
int port,
boolean findPort,
org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.security.authorize.AccessControlList adminsAcl,
String[] pathSpecs)
Deprecated.
Since 0.99.0
|
|
HttpServer(String name,
String bindAddress,
int port,
boolean findPort,
org.apache.hadoop.conf.Configuration conf,
String[] pathSpecs)
Deprecated.
Since 0.99.0
|
Modifier and Type | Method and Description |
---|---|
protected void |
addDefaultApps(org.eclipse.jetty.server.handler.ContextHandlerCollection parent,
String appDir,
org.apache.hadoop.conf.Configuration conf)
Add default apps.
|
protected void |
addDefaultServlets(org.eclipse.jetty.server.handler.ContextHandlerCollection contexts,
org.apache.hadoop.conf.Configuration conf)
Add default servlets.
|
void |
addFilter(String name,
String classname,
Map<String,String> parameters)
Add a filter to the container.
|
protected void |
addFilterPathMapping(String pathSpec,
org.eclipse.jetty.webapp.WebAppContext webAppCtx)
Add the path spec to the filter path mapping.
|
void |
addGlobalFilter(String name,
String classname,
Map<String,String> parameters)
Add a global filter to the container - This global filter will be
applied to all available web contexts.
|
(package private) void |
addInternalServlet(String name,
String pathSpec,
Class<? extends javax.servlet.http.HttpServlet> clazz,
boolean requireAuthz)
Add an internal servlet in the server, specifying whether or not to
protect with Kerberos authentication.
|
void |
addJerseyResourcePackage(String packageName,
String pathSpec)
Add a Jersey resource package.
|
private void |
addManagedListener(org.eclipse.jetty.server.ServerConnector connector) |
private org.eclipse.jetty.util.MultiException |
addMultiException(org.eclipse.jetty.util.MultiException exception,
Exception e) |
private static void |
addNoCacheFilter(org.eclipse.jetty.webapp.WebAppContext ctxt) |
void |
addPrivilegedServlet(String name,
String pathSpec,
Class<? extends javax.servlet.http.HttpServlet> clazz)
Adds a servlet in the server that only administrators can access.
|
(package private) void |
addServletWithAuth(String name,
String pathSpec,
Class<? extends javax.servlet.http.HttpServlet> clazz,
boolean requireAuthz)
Internal method to add a servlet to the HTTP server.
|
void |
addUnprivilegedServlet(String name,
String pathSpec,
Class<? extends javax.servlet.http.HttpServlet> clazz)
Adds a servlet in the server that any user can access.
|
private static org.eclipse.jetty.webapp.WebAppContext |
createWebAppContext(String name,
org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.security.authorize.AccessControlList adminsAcl,
String appDir) |
static void |
defineFilter(org.eclipse.jetty.servlet.ServletContextHandler handler,
String name,
String classname,
Map<String,String> parameters,
String[] urls)
Define a filter for a context and set up default url mappings.
|
Object |
getAttribute(String name)
Get the value in the webapp context.
|
InetSocketAddress |
getConnectorAddress(int index)
Get the address that corresponds to a particular connector.
|
private static FilterInitializer[] |
getFilterInitializers(org.apache.hadoop.conf.Configuration conf)
Get an array of FilterConfiguration specified in the conf
|
private String |
getOrEmptyString(org.apache.hadoop.conf.Configuration conf,
String key)
Extracts the value for the given key from the configuration of returns a string of
zero length.
|
int |
getPort()
Deprecated.
Since 0.99.0
|
List<org.eclipse.jetty.server.ServerConnector> |
getServerConnectors() |
org.eclipse.jetty.webapp.WebAppContext |
getWebAppContext() |
String |
getWebAppsPath(String appName) |
protected String |
getWebAppsPath(String webapps,
String appName)
Get the pathname to the webapps files.
|
static boolean |
hasAdministratorAccess(org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.security.authorize.AccessControlList acl,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response) |
static boolean |
hasAdministratorAccess(javax.servlet.ServletContext servletContext,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Does the user sending the HttpServletRequest has the administrator ACLs? If
it isn't the case, response will be modified to send an error to the user.
|
private void |
initializeWebServer(String name,
String hostName,
org.apache.hadoop.conf.Configuration conf,
String[] pathSpecs,
HttpServer.Builder b) |
private void |
initSpnego(org.apache.hadoop.conf.Configuration conf,
String hostName,
String usernameConfKey,
String keytabConfKey,
String kerberosNameRuleKey,
String signatureSecretKeyFileKey) |
boolean |
isAlive()
Test for the availability of the web server
|
static boolean |
isInstrumentationAccessAllowed(javax.servlet.ServletContext servletContext,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Checks the user has privileges to access to instrumentation servlets.
|
private boolean |
isMissing(String value)
Returns true if the argument is non-null and not whitespace
|
void |
join() |
private void |
loadListeners() |
(package private) void |
openListeners()
Open the main listener for the server
|
void |
setAttribute(String name,
Object value)
Set a value in the webapp context.
|
private void |
setContextAttributes(org.eclipse.jetty.servlet.ServletContextHandler context,
org.apache.hadoop.conf.Configuration conf) |
void |
setThreads(int min,
int max)
Set the min, max number of worker threads (simultaneous connections).
|
void |
start()
Start the server.
|
void |
stop()
stop the server
|
String |
toString()
Return the host and port of the HttpServer, if live
|
static boolean |
userHasAdministratorAccess(org.apache.hadoop.security.authorize.AccessControlList acl,
String remoteUser) |
static boolean |
userHasAdministratorAccess(javax.servlet.ServletContext servletContext,
String remoteUser)
Get the admin ACLs from the given ServletContext and check if the given
user is in the ACL.
|
private static final org.slf4j.Logger LOG
private static final String EMPTY_STRING
private static final int DEFAULT_MAX_HEADER_SIZE
static final String FILTER_INITIALIZERS_PROPERTY
static final String HTTP_MAX_THREADS
public static final String HTTP_UI_AUTHENTICATION
static final String HTTP_AUTHENTICATION_PREFIX
static final String HTTP_SPNEGO_AUTHENTICATION_PREFIX
static final String HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_SUFFIX
public static final String HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY
static final String HTTP_SPNEGO_AUTHENTICATION_KEYTAB_SUFFIX
public static final String HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY
static final String HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_SUFFIX
public static final String HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_KEY
static final String HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_SUFFIX
public static final String HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_KEY
public static final boolean HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_DEFAULT
static final String HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_SUFFIX
public static final String HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_KEY
public static final String HTTP_SPNEGO_AUTHENTICATION_ADMIN_USERS_KEY
public static final String HTTP_SPNEGO_AUTHENTICATION_ADMIN_GROUPS_KEY
public static final String HTTP_PRIVILEGED_CONF_KEY
public static final boolean HTTP_PRIVILEGED_CONF_DEFAULT
public static final String CONF_CONTEXT_ATTRIBUTE
public static final String ADMINS_ACL
public static final String BIND_ADDRESS
public static final String SPNEGO_FILTER
public static final String SPNEGO_PROXYUSER_FILTER
public static final String NO_CACHE_FILTER
public static final String APP_DIR
private final org.apache.hadoop.security.authorize.AccessControlList adminsAcl
protected final org.eclipse.jetty.server.Server webServer
private final List<HttpServer.ListenerInfo> listeners
protected final org.eclipse.jetty.webapp.WebAppContext webAppContext
protected final boolean findPort
protected final Map<org.eclipse.jetty.servlet.ServletContextHandler,Boolean> defaultContexts
protected final List<String> filterNames
protected final boolean authenticationEnabled
static final String STATE_DESCRIPTION_ALIVE
static final String STATE_DESCRIPTION_NOT_LIVE
@Deprecated public HttpServer(String name, String bindAddress, int port, boolean findPort) throws IOException
IOException
HttpServer(String, String, int, boolean, Configuration)
@Deprecated public HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf, String[] pathSpecs) throws IOException
name
- The name of the serverbindAddress
- The address for this serverport
- The port to use on the serverfindPort
- whether the server should start at the given port and
increment by 1 until it finds a free port.conf
- ConfigurationpathSpecs
- Path specifications that this httpserver will be serving.
These will be added to any filters.IOException
@Deprecated public HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf) throws IOException
name
- The name of the serverport
- The port to use on the serverfindPort
- whether the server should start at the given port and
increment by 1 until it finds a free port.conf
- ConfigurationIOException
@Deprecated public HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList adminsAcl) throws IOException
name
- the name of the serverbindAddress
- the address for this serverport
- the port to use on the serverfindPort
- whether the server should start at the given port and increment by 1 until it
finds a free portconf
- the configuration to useadminsAcl
- AccessControlList
of the adminsIOException
- when creating the server fails@Deprecated public HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList adminsAcl, String[] pathSpecs) throws IOException
name
- The name of the serverbindAddress
- The address for this serverport
- The port to use on the serverfindPort
- whether the server should start at the given port and
increment by 1 until it finds a free port.conf
- ConfigurationadminsAcl
- AccessControlList
of the adminspathSpecs
- Path specifications that this httpserver will be serving.
These will be added to any filters.IOException
private HttpServer(HttpServer.Builder b) throws IOException
IOException
public List<org.eclipse.jetty.server.ServerConnector> getServerConnectors()
private void initializeWebServer(String name, String hostName, org.apache.hadoop.conf.Configuration conf, String[] pathSpecs, HttpServer.Builder b) throws FileNotFoundException, IOException
FileNotFoundException
IOException
private void addManagedListener(org.eclipse.jetty.server.ServerConnector connector)
private static org.eclipse.jetty.webapp.WebAppContext createWebAppContext(String name, org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList adminsAcl, String appDir)
private static void addNoCacheFilter(org.eclipse.jetty.webapp.WebAppContext ctxt)
private static FilterInitializer[] getFilterInitializers(org.apache.hadoop.conf.Configuration conf)
protected void addDefaultApps(org.eclipse.jetty.server.handler.ContextHandlerCollection parent, String appDir, org.apache.hadoop.conf.Configuration conf)
appDir
- The application directoryprivate void setContextAttributes(org.eclipse.jetty.servlet.ServletContextHandler context, org.apache.hadoop.conf.Configuration conf)
protected void addDefaultServlets(org.eclipse.jetty.server.handler.ContextHandlerCollection contexts, org.apache.hadoop.conf.Configuration conf) throws IOException
IOException
public void setAttribute(String name, Object value)
name
- The name of the attributevalue
- The value of the attributepublic void addJerseyResourcePackage(String packageName, String pathSpec)
packageName
- The Java package name containing the Jersey resource.pathSpec
- The path spec for the servletpublic void addUnprivilegedServlet(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz)
addPrivilegedServlet(String, String, Class)
in that any authenticated user
can interact with the servlet added by this method.name
- The name of the servlet (can be passed as null)pathSpec
- The path spec for the servletclazz
- The servlet classpublic void addPrivilegedServlet(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz)
addUnprivilegedServlet(String, String, Class)
in that only those authenticated user
who are identified as administrators can interact with the servlet added by this method.void addServletWithAuth(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz, boolean requireAuthz)
addUnprivilegedServlet(String, String, Class)
or
addPrivilegedServlet(String, String, Class)
.void addInternalServlet(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz, boolean requireAuthz)
name
- The name of the servlet (can be passed as null)pathSpec
- The path spec for the servletclazz
- The servlet classrequireAuth
- Require Kerberos authenticate to access servletpublic void addFilter(String name, String classname, Map<String,String> parameters)
FilterContainer
addFilter
in interface FilterContainer
name
- Filter nameclassname
- Filter class nameparameters
- a map from parameter names to initial valuespublic void addGlobalFilter(String name, String classname, Map<String,String> parameters)
FilterContainer
addGlobalFilter
in interface FilterContainer
name
- filter nameclassname
- filter class nameparameters
- a map from parameter names to initial valuespublic static void defineFilter(org.eclipse.jetty.servlet.ServletContextHandler handler, String name, String classname, Map<String,String> parameters, String[] urls)
protected void addFilterPathMapping(String pathSpec, org.eclipse.jetty.webapp.WebAppContext webAppCtx)
pathSpec
- The path specwebAppCtx
- The WebApplicationContext to add topublic Object getAttribute(String name)
name
- The name of the attributepublic org.eclipse.jetty.webapp.WebAppContext getWebAppContext()
public String getWebAppsPath(String appName) throws FileNotFoundException
FileNotFoundException
protected String getWebAppsPath(String webapps, String appName) throws FileNotFoundException
appName
- eg "secondary" or "datanode"FileNotFoundException
- if 'webapps' directory cannot be found on CLASSPATH.@Deprecated public int getPort()
public InetSocketAddress getConnectorAddress(int index)
public void setThreads(int min, int max)
private void initSpnego(org.apache.hadoop.conf.Configuration conf, String hostName, String usernameConfKey, String keytabConfKey, String kerberosNameRuleKey, String signatureSecretKeyFileKey) throws IOException
IOException
private boolean isMissing(String value)
private String getOrEmptyString(org.apache.hadoop.conf.Configuration conf, String key)
public void start() throws IOException
IOException
private void loadListeners()
void openListeners() throws Exception
Exception
- if the listener cannot be opened or the appropriate port is already in useprivate org.eclipse.jetty.util.MultiException addMultiException(org.eclipse.jetty.util.MultiException exception, Exception e)
public void join() throws InterruptedException
InterruptedException
public boolean isAlive()
public static boolean isInstrumentationAccessAllowed(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
If hadoop.security.instrumentation.requires.admin
is set to FALSE
(default value) it always returns TRUE.
If hadoop.security.instrumentation.requires.admin
is set to TRUE
it will check that if the current user is in the admin ACLS. If the user is
in the admin ACLs it returns TRUE, otherwise it returns FALSE.
servletContext
- the servlet context.request
- the servlet request.response
- the servlet response.IOException
public static boolean hasAdministratorAccess(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
servletContext
- the ServletContext
to userequest
- the HttpServletRequest
to checkresponse
- used to send the error response if user does not have admin access.IOException
- if an unauthenticated or unauthorized user tries to access the pagepublic static boolean hasAdministratorAccess(org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList acl, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
IOException
public static boolean userHasAdministratorAccess(javax.servlet.ServletContext servletContext, String remoteUser)
servletContext
- the context containing the admin ACL.remoteUser
- the remote user to check for.public static boolean userHasAdministratorAccess(org.apache.hadoop.security.authorize.AccessControlList acl, String remoteUser)
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.