org.apache.hadoop.hbase.http

Class HttpServer

java.lang.Object

org.apache.hadoop.hbase.http.HttpServer

All Implemented Interfaces:

FilterContainer

@InterfaceAudience.Private
 @InterfaceStability.Evolving
public class HttpServer
extends Object
implements FilterContainer

Create a Jetty embedded server to answer http requests. The primary goal is to serve up status information for the server. There are three contexts: "/logs/" -> points to the log directory "/static/" -> points to common static files (src/webapps/static) "/" -> the jsp server code from (src/webapps/<name>)

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	HttpServer.Builder Class to construct instances of HTTP server with specific options.
private static class	HttpServer.ListenerInfo
static class	HttpServer.QuotingInputFilter A Servlet input filter that quotes all HTML active characters in the parameter names and values.
static class	HttpServer.StackServlet A very simple servlet to serve up a text representation of the current stack traces.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ADMINS_ACL
private org.apache.hadoop.security.authorize.AccessControlList	adminsAcl
static String	APP_DIR
protected String	appDir
protected boolean	authenticationEnabled
static String	BIND_ADDRESS
static String	CONF_CONTEXT_ATTRIBUTE
private static int	DEFAULT_MAX_HEADER_SIZE
protected Map<org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletContextHandler,Boolean>	defaultContexts
private static String	EMPTY_STRING
(package private) static String	FILTER_INITIALIZERS_PROPERTY
protected List<String>	filterNames
protected boolean	findPort
(package private) static String	HTTP_AUTHENTICATION_PREFIX
static String	HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_KEY
(package private) static String	HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_SUFFIX
(package private) static String	HTTP_MAX_THREADS
static boolean	HTTP_PRIVILEGED_CONF_DEFAULT
static String	HTTP_PRIVILEGED_CONF_KEY
static String	HTTP_SPNEGO_AUTHENTICATION_ADMIN_GROUPS_KEY
static String	HTTP_SPNEGO_AUTHENTICATION_ADMIN_USERS_KEY
static String	HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY
(package private) static String	HTTP_SPNEGO_AUTHENTICATION_KEYTAB_SUFFIX
static String	HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_KEY
(package private) static String	HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_SUFFIX
(package private) static String	HTTP_SPNEGO_AUTHENTICATION_PREFIX
static String	HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY
(package private) static String	HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_SUFFIX
static boolean	HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_DEFAULT
static String	HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_KEY
(package private) static String	HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_SUFFIX
static String	HTTP_UI_AUTHENTICATION
private List<HttpServer.ListenerInfo>	listeners
private static org.slf4j.Logger	LOG
protected String	logDir
static String	NO_CACHE_FILTER
static String	SPNEGO_FILTER
static String	SPNEGO_PROXYUSER_FILTER
(package private) static String	STATE_DESCRIPTION_ALIVE
(package private) static String	STATE_DESCRIPTION_NOT_LIVE
protected org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext	webAppContext
protected org.apache.hbase.thirdparty.org.eclipse.jetty.server.Server	webServer

Constructor Summary

Constructors

Modifier	Constructor and Description
private	HttpServer(HttpServer.Builder b)
	HttpServer(String name, String bindAddress, int port, boolean findPort) Deprecated. Since 0.99.0
	HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf) Deprecated. Since 0.99.0
	HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList adminsAcl) Deprecated. Since 0.99.0
	HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList adminsAcl, String[] pathSpecs) Deprecated. Since 0.99.0
	HttpServer(String name, String bindAddress, int port, boolean findPort, org.apache.hadoop.conf.Configuration conf, String[] pathSpecs) Deprecated. Since 0.99.0

Method Summary

Modifier and Type	Method and Description
protected void	addDefaultApps(org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection parent, String appDir, org.apache.hadoop.conf.Configuration conf) Add default apps.
protected void	addDefaultServlets(org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection contexts, org.apache.hadoop.conf.Configuration conf) Add default servlets.
void	addFilter(String name, String classname, Map<String,String> parameters) Add a filter to the container.
protected void	addFilterPathMapping(String pathSpec, org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext webAppCtx) Add the path spec to the filter path mapping.
void	addGlobalFilter(String name, String classname, Map<String,String> parameters) Add a global filter to the container - This global filter will be applied to all available web contexts.
(package private) void	addInternalServlet(String pathSpec, org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder, boolean requireAuthz) Add an internal servlet in the server, specifying whether or not to protect with Kerberos authentication.
(package private) void	addInternalServlet(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz, boolean requireAuthz) Add an internal servlet in the server, specifying whether or not to protect with Kerberos authentication.
void	addJerseyResourcePackage(String packageName, String pathSpec) Add a Jersey resource package.
private void	addManagedListener(org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector connector)
private org.apache.hbase.thirdparty.org.eclipse.jetty.util.MultiException	addMultiException(org.apache.hbase.thirdparty.org.eclipse.jetty.util.MultiException exception, Exception e)
private static void	addNoCacheFilter(org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext ctxt)
void	addPrivilegedServlet(String pathSpec, org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder) Adds a servlet in the server that only administrators can access.
void	addPrivilegedServlet(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz) Adds a servlet in the server that only administrators can access.
(package private) void	addServletWithAuth(String pathSpec, org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder, boolean requireAuthz) Internal method to add a servlet to the HTTP server.
(package private) void	addServletWithAuth(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz, boolean requireAuthz) Internal method to add a servlet to the HTTP server.
void	addUnprivilegedServlet(String pathSpec, org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder) Adds a servlet in the server that any user can access.
void	addUnprivilegedServlet(String name, String pathSpec, Class<? extends javax.servlet.http.HttpServlet> clazz) Adds a servlet in the server that any user can access.
static org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.gzip.GzipHandler	buildGzipHandler(org.apache.hbase.thirdparty.org.eclipse.jetty.server.Handler wrapped) Construct and configure an instance of GzipHandler.
private static org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext	createWebAppContext(String name, org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList adminsAcl, String appDir)
static void	defineFilter(org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletContextHandler handler, String name, String classname, Map<String,String> parameters, String[] urls) Define a filter for a context and set up default url mappings.
Object	getAttribute(String name) Get the value in the webapp context.
InetSocketAddress	getConnectorAddress(int index) Get the address that corresponds to a particular connector.
private static FilterInitializer[]	getFilterInitializers(org.apache.hadoop.conf.Configuration conf) Get an array of FilterConfiguration specified in the conf
private String	getOrEmptyString(org.apache.hadoop.conf.Configuration conf, String key) Extracts the value for the given key from the configuration of returns a string of zero length.
int	getPort() Deprecated. Since 0.99.0
List<org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector>	getServerConnectors()
org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext	getWebAppContext()
String	getWebAppsPath(String appName)
protected String	getWebAppsPath(String webapps, String appName) Get the pathname to the webapps files.
static boolean	hasAdministratorAccess(org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.security.authorize.AccessControlList acl, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
static boolean	hasAdministratorAccess(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Does the user sending the HttpServletRequest has the administrator ACLs? If it isn't the case, response will be modified to send an error to the user.
private void	initializeWebServer(String name, String hostName, org.apache.hadoop.conf.Configuration conf, String[] pathSpecs, HttpServer.Builder b)
private void	initSpnego(org.apache.hadoop.conf.Configuration conf, String hostName, String usernameConfKey, String keytabConfKey, String kerberosNameRuleKey, String signatureSecretKeyFileKey)
boolean	isAlive() Test for the availability of the web server
static boolean	isInstrumentationAccessAllowed(javax.servlet.ServletContext servletContext, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Checks the user has privileges to access to instrumentation servlets.
private boolean	isMissing(String value) Returns true if the argument is non-null and not whitespace
void	join()
private void	loadListeners()
(package private) void	openListeners() Open the main listener for the server
void	setAttribute(String name, Object value) Set a value in the webapp context.
private void	setContextAttributes(org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletContextHandler context, org.apache.hadoop.conf.Configuration conf)
void	setThreads(int min, int max) Set the min, max number of worker threads (simultaneous connections).
void	start() Start the server.
void	stop() stop the server
String	toString() Return the host and port of the HttpServer, if live
static boolean	userHasAdministratorAccess(org.apache.hadoop.security.authorize.AccessControlList acl, String remoteUser)
static boolean	userHasAdministratorAccess(javax.servlet.ServletContext servletContext, String remoteUser) Get the admin ACLs from the given ServletContext and check if the given user is in the ACL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

EMPTY_STRING

private static final String EMPTY_STRING

See Also:

Constant Field Values

DEFAULT_MAX_HEADER_SIZE

private static final int DEFAULT_MAX_HEADER_SIZE

See Also:

Constant Field Values

FILTER_INITIALIZERS_PROPERTY

static final String FILTER_INITIALIZERS_PROPERTY

See Also:

Constant Field Values

HTTP_MAX_THREADS

static final String HTTP_MAX_THREADS

See Also:

Constant Field Values

HTTP_UI_AUTHENTICATION

public static final String HTTP_UI_AUTHENTICATION

See Also:

Constant Field Values

HTTP_AUTHENTICATION_PREFIX

static final String HTTP_AUTHENTICATION_PREFIX

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_PREFIX

static final String HTTP_SPNEGO_AUTHENTICATION_PREFIX

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_SUFFIX

static final String HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_SUFFIX

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY

public static final String HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_KEYTAB_SUFFIX

static final String HTTP_SPNEGO_AUTHENTICATION_KEYTAB_SUFFIX

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY

public static final String HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_SUFFIX

static final String HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_SUFFIX

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_KEY

public static final String HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_KEY

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_SUFFIX

static final String HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_SUFFIX

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_KEY

public static final String HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_KEY

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_DEFAULT

public static final boolean HTTP_SPNEGO_AUTHENTICATION_PROXYUSER_ENABLE_DEFAULT

See Also:

Constant Field Values

HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_SUFFIX

static final String HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_SUFFIX

See Also:

Constant Field Values

HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_KEY

public static final String HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_KEY

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_ADMIN_USERS_KEY

public static final String HTTP_SPNEGO_AUTHENTICATION_ADMIN_USERS_KEY

See Also:

Constant Field Values

HTTP_SPNEGO_AUTHENTICATION_ADMIN_GROUPS_KEY

public static final String HTTP_SPNEGO_AUTHENTICATION_ADMIN_GROUPS_KEY

See Also:

Constant Field Values

HTTP_PRIVILEGED_CONF_KEY

public static final String HTTP_PRIVILEGED_CONF_KEY

See Also:

Constant Field Values

HTTP_PRIVILEGED_CONF_DEFAULT

public static final boolean HTTP_PRIVILEGED_CONF_DEFAULT

See Also:

Constant Field Values

CONF_CONTEXT_ATTRIBUTE

public static final String CONF_CONTEXT_ATTRIBUTE

See Also:

Constant Field Values

ADMINS_ACL

public static final String ADMINS_ACL

See Also:

Constant Field Values

BIND_ADDRESS

public static final String BIND_ADDRESS

See Also:

Constant Field Values

SPNEGO_FILTER

public static final String SPNEGO_FILTER

See Also:

Constant Field Values

SPNEGO_PROXYUSER_FILTER

public static final String SPNEGO_PROXYUSER_FILTER

See Also:

Constant Field Values

NO_CACHE_FILTER

public static final String NO_CACHE_FILTER

See Also:

Constant Field Values

APP_DIR

public static final String APP_DIR

See Also:

Constant Field Values

adminsAcl

private final org.apache.hadoop.security.authorize.AccessControlList adminsAcl

webServer

protected final org.apache.hbase.thirdparty.org.eclipse.jetty.server.Server webServer

appDir

protected String appDir

logDir

protected String logDir

listeners

private final List<HttpServer.ListenerInfo> listeners

webAppContext

protected final org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext webAppContext

findPort

protected final boolean findPort

defaultContexts

protected final Map<org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletContextHandler,Boolean> defaultContexts

filterNames

protected final List<String> filterNames

authenticationEnabled

protected final boolean authenticationEnabled

STATE_DESCRIPTION_ALIVE

static final String STATE_DESCRIPTION_ALIVE

See Also:

Constant Field Values

STATE_DESCRIPTION_NOT_LIVE

static final String STATE_DESCRIPTION_NOT_LIVE

See Also:

Constant Field Values

Constructor Detail

HttpServer

@Deprecated
public HttpServer(String name,
                              String bindAddress,
                              int port,
                              boolean findPort)
                       throws IOException

Deprecated. Since 0.99.0

Throws:

IOException

See Also:

HttpServer(String, String, int, boolean, Configuration)

HttpServer

@Deprecated
public HttpServer(String name,
                              String bindAddress,
                              int port,
                              boolean findPort,
                              org.apache.hadoop.conf.Configuration conf,
                              String[] pathSpecs)
                       throws IOException

Deprecated. Since 0.99.0

Create a status server on the given port. Allows you to specify the path specifications that this server will be serving so that they will be added to the filters properly.

Parameters:

name - The name of the server

bindAddress - The address for this server

port - The port to use on the server

findPort - whether the server should start at the given port and increment by 1 until it finds a free port.

conf - Configuration

pathSpecs - Path specifications that this httpserver will be serving. These will be added to any filters.

Throws:

IOException

HttpServer

@Deprecated
public HttpServer(String name,
                              String bindAddress,
                              int port,
                              boolean findPort,
                              org.apache.hadoop.conf.Configuration conf)
                       throws IOException

Deprecated. Since 0.99.0

Create a status server on the given port. The jsp scripts are taken from src/webapps/<name>.

Parameters:

name - The name of the server

port - The port to use on the server

findPort - whether the server should start at the given port and increment by 1 until it finds a free port.

conf - Configuration

Throws:

IOException

HttpServer

@Deprecated
public HttpServer(String name,
                              String bindAddress,
                              int port,
                              boolean findPort,
                              org.apache.hadoop.conf.Configuration conf,
                              org.apache.hadoop.security.authorize.AccessControlList adminsAcl)
                       throws IOException

Deprecated. Since 0.99.0

Creates a status server on the given port. The JSP scripts are taken from src/webapp<name>.

Parameters:

name - the name of the server

bindAddress - the address for this server

port - the port to use on the server

findPort - whether the server should start at the given port and increment by 1 until it finds a free port

conf - the configuration to use

adminsAcl - AccessControlList of the admins

Throws:

IOException - when creating the server fails

HttpServer

@Deprecated
public HttpServer(String name,
                              String bindAddress,
                              int port,
                              boolean findPort,
                              org.apache.hadoop.conf.Configuration conf,
                              org.apache.hadoop.security.authorize.AccessControlList adminsAcl,
                              String[] pathSpecs)
                       throws IOException

Deprecated. Since 0.99.0

Create a status server on the given port. The jsp scripts are taken from src/webapps/<name>.

Parameters:

name - The name of the server

bindAddress - The address for this server

port - The port to use on the server

findPort - whether the server should start at the given port and increment by 1 until it finds a free port.

conf - Configuration

adminsAcl - AccessControlList of the admins

pathSpecs - Path specifications that this httpserver will be serving. These will be added to any filters.

Throws:

IOException

HttpServer

private HttpServer(HttpServer.Builder b)
            throws IOException

Throws:

IOException

Method Detail

getServerConnectors

public List<org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector> getServerConnectors()

initializeWebServer

private void initializeWebServer(String name,
                                 String hostName,
                                 org.apache.hadoop.conf.Configuration conf,
                                 String[] pathSpecs,
                                 HttpServer.Builder b)
                          throws FileNotFoundException,
                                 IOException

Throws:

FileNotFoundException

IOException

addManagedListener

private void addManagedListener(org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector connector)

createWebAppContext

private static org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext createWebAppContext(String name,
                                                                                                      org.apache.hadoop.conf.Configuration conf,
                                                                                                      org.apache.hadoop.security.authorize.AccessControlList adminsAcl,
                                                                                                      String appDir)

buildGzipHandler

public static org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.gzip.GzipHandler buildGzipHandler(org.apache.hbase.thirdparty.org.eclipse.jetty.server.Handler wrapped)

Construct and configure an instance of GzipHandler. With complex multi-WebAppContext configurations, it's easiest to apply this handler directly to the instance of Server near the end of its configuration, something like

 Server server = new Server();
 // ...
 server.setHandler(buildGzipHandler(server.getHandler()));
 server.start();
 

addNoCacheFilter

private static void addNoCacheFilter(org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext ctxt)

getFilterInitializers

private static FilterInitializer[] getFilterInitializers(org.apache.hadoop.conf.Configuration conf)

Get an array of FilterConfiguration specified in the conf

addDefaultApps

protected void addDefaultApps(org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection parent,
                              String appDir,
                              org.apache.hadoop.conf.Configuration conf)

Add default apps.

Parameters:

appDir - The application directory

setContextAttributes

private void setContextAttributes(org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletContextHandler context,
                                  org.apache.hadoop.conf.Configuration conf)

addDefaultServlets

protected void addDefaultServlets(org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection contexts,
                                  org.apache.hadoop.conf.Configuration conf)
                           throws IOException

Add default servlets.

Throws:

IOException

setAttribute

public void setAttribute(String name,
                         Object value)

Set a value in the webapp context. These values are available to the jsp pages as "application.getAttribute(name)".

Parameters:

name - The name of the attribute

value - The value of the attribute

addJerseyResourcePackage

public void addJerseyResourcePackage(String packageName,
                                     String pathSpec)

Add a Jersey resource package.

Parameters:

packageName - The Java package name containing the Jersey resource.

pathSpec - The path spec for the servlet

addUnprivilegedServlet

public void addUnprivilegedServlet(String name,
                                   String pathSpec,
                                   Class<? extends javax.servlet.http.HttpServlet> clazz)

Adds a servlet in the server that any user can access. This method differs from addPrivilegedServlet(String, String, Class) in that any authenticated user can interact with the servlet added by this method.

Parameters:

name - The name of the servlet (can be passed as null)

pathSpec - The path spec for the servlet

clazz - The servlet class

addUnprivilegedServlet

public void addUnprivilegedServlet(String pathSpec,
                                   org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder)

Adds a servlet in the server that any user can access. This method differs from addPrivilegedServlet(String, ServletHolder) in that any authenticated user can interact with the servlet added by this method.

Parameters:

pathSpec - The path spec for the servlet

holder - The servlet holder

addPrivilegedServlet

public void addPrivilegedServlet(String name,
                                 String pathSpec,
                                 Class<? extends javax.servlet.http.HttpServlet> clazz)

Adds a servlet in the server that only administrators can access. This method differs from addUnprivilegedServlet(String, String, Class) in that only those authenticated user who are identified as administrators can interact with the servlet added by this method.

addPrivilegedServlet

public void addPrivilegedServlet(String pathSpec,
                                 org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder)

Adds a servlet in the server that only administrators can access. This method differs from addUnprivilegedServlet(String, ServletHolder) in that only those authenticated user who are identified as administrators can interact with the servlet added by this method.

addServletWithAuth

void addServletWithAuth(String name,
                        String pathSpec,
                        Class<? extends javax.servlet.http.HttpServlet> clazz,
                        boolean requireAuthz)

Internal method to add a servlet to the HTTP server. Developers should not call this method directly, but invoke it via addUnprivilegedServlet(String, String, Class) or addPrivilegedServlet(String, String, Class).

addServletWithAuth

void addServletWithAuth(String pathSpec,
                        org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder,
                        boolean requireAuthz)

Internal method to add a servlet to the HTTP server. Developers should not call this method directly, but invoke it via addUnprivilegedServlet(String, ServletHolder) or addPrivilegedServlet(String, ServletHolder).

addInternalServlet

void addInternalServlet(String name,
                        String pathSpec,
                        Class<? extends javax.servlet.http.HttpServlet> clazz,
                        boolean requireAuthz)

Add an internal servlet in the server, specifying whether or not to protect with Kerberos authentication. Note: This method is to be used for adding servlets that facilitate internal communication and not for user facing functionality. For servlets added using this method, filters (except internal Kerberos filters) are not enabled.

Parameters:

name - The name of the Servlet (can be passed as null)

pathSpec - The path spec for the Servlet

clazz - The Servlet class

requireAuthz - Require Kerberos authenticate to access servlet

addInternalServlet

void addInternalServlet(String pathSpec,
                        org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder holder,
                        boolean requireAuthz)

Add an internal servlet in the server, specifying whether or not to protect with Kerberos authentication. Note: This method is to be used for adding servlets that facilitate internal communication and not for user facing functionality. For servlets added using this method, filters (except internal Kerberos filters) are not enabled.

Parameters:

pathSpec - The path spec for the Servlet

holder - The object providing the Servlet instance

requireAuthz - Require Kerberos authenticate to access servlet

addFilter

public void addFilter(String name,
                      String classname,
                      Map<String,String> parameters)

Description copied from interface: FilterContainer

Add a filter to the container.

Specified by:

addFilter in interface FilterContainer

Parameters:

name - Filter name

classname - Filter class name

parameters - a map from parameter names to initial values

addGlobalFilter

public void addGlobalFilter(String name,
                            String classname,
                            Map<String,String> parameters)

Description copied from interface: FilterContainer

Add a global filter to the container - This global filter will be applied to all available web contexts.

Specified by:

addGlobalFilter in interface FilterContainer

Parameters:

name - filter name

classname - filter class name

parameters - a map from parameter names to initial values

defineFilter

public static void defineFilter(org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletContextHandler handler,
                                String name,
                                String classname,
                                Map<String,String> parameters,
                                String[] urls)

Define a filter for a context and set up default url mappings.

addFilterPathMapping

protected void addFilterPathMapping(String pathSpec,
                                    org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext webAppCtx)

Add the path spec to the filter path mapping.

Parameters:

pathSpec - The path spec

webAppCtx - The WebApplicationContext to add to

getAttribute

public Object getAttribute(String name)

Get the value in the webapp context.

Parameters:

name - The name of the attribute

Returns:

The value of the attribute

getWebAppContext

public org.apache.hbase.thirdparty.org.eclipse.jetty.webapp.WebAppContext getWebAppContext()

getWebAppsPath

public String getWebAppsPath(String appName)
                      throws FileNotFoundException

Throws:

FileNotFoundException

getWebAppsPath

protected String getWebAppsPath(String webapps,
                                String appName)
                         throws FileNotFoundException

Get the pathname to the webapps files.

Parameters:

appName - eg "secondary" or "datanode"

Returns:

the pathname as a URL

Throws:

FileNotFoundException - if 'webapps' directory cannot be found on CLASSPATH.

getPort

@Deprecated
public int getPort()

Deprecated. Since 0.99.0

Get the port that the server is on

Returns:

the port

getConnectorAddress

public InetSocketAddress getConnectorAddress(int index)

Get the address that corresponds to a particular connector.

Returns:

the corresponding address for the connector, or null if there's no such connector or the connector is not bounded.

setThreads

public void setThreads(int min,
                       int max)

Set the min, max number of worker threads (simultaneous connections).

initSpnego

private void initSpnego(org.apache.hadoop.conf.Configuration conf,
                        String hostName,
                        String usernameConfKey,
                        String keytabConfKey,
                        String kerberosNameRuleKey,
                        String signatureSecretKeyFileKey)
                 throws IOException

Throws:

IOException

isMissing

private boolean isMissing(String value)

Returns true if the argument is non-null and not whitespace

getOrEmptyString

private String getOrEmptyString(org.apache.hadoop.conf.Configuration conf,
                                String key)

Extracts the value for the given key from the configuration of returns a string of zero length.

start

public void start()
           throws IOException

Start the server. Does not wait for the server to start.

Throws:

IOException

loadListeners

private void loadListeners()

openListeners

void openListeners()
            throws Exception

Open the main listener for the server

Throws:

Exception - if the listener cannot be opened or the appropriate port is already in use

stop

public void stop()
          throws Exception

stop the server

Throws:

Exception

addMultiException

private org.apache.hbase.thirdparty.org.eclipse.jetty.util.MultiException addMultiException(org.apache.hbase.thirdparty.org.eclipse.jetty.util.MultiException exception,
                                                                                            Exception e)

join

public void join()
          throws InterruptedException

Throws:

InterruptedException

isAlive

public boolean isAlive()

Test for the availability of the web server

Returns:

true if the web server is started, false otherwise

toString

public String toString()

Return the host and port of the HttpServer, if live

Overrides:

toString in class Object

Returns:

the classname and any HTTP URL

isInstrumentationAccessAllowed

public static boolean isInstrumentationAccessAllowed(javax.servlet.ServletContext servletContext,
                                                     javax.servlet.http.HttpServletRequest request,
                                                     javax.servlet.http.HttpServletResponse response)
                                              throws IOException

Checks the user has privileges to access to instrumentation servlets.

If hadoop.security.instrumentation.requires.admin is set to FALSE (default value) it always returns TRUE.

If hadoop.security.instrumentation.requires.admin is set to TRUE it will check that if the current user is in the admin ACLS. If the user is in the admin ACLs it returns TRUE, otherwise it returns FALSE.

Parameters:

servletContext - the servlet context.

request - the servlet request.

response - the servlet response.

Returns:

TRUE/FALSE based on the logic decribed above.

Throws:

IOException

hasAdministratorAccess

public static boolean hasAdministratorAccess(javax.servlet.ServletContext servletContext,
                                             javax.servlet.http.HttpServletRequest request,
                                             javax.servlet.http.HttpServletResponse response)
                                      throws IOException

Does the user sending the HttpServletRequest has the administrator ACLs? If it isn't the case, response will be modified to send an error to the user.

Parameters:

servletContext - the ServletContext to use

request - the HttpServletRequest to check

response - used to send the error response if user does not have admin access.

Returns:

true if admin-authorized, false otherwise

Throws:

IOException - if an unauthenticated or unauthorized user tries to access the page

hasAdministratorAccess

public static boolean hasAdministratorAccess(org.apache.hadoop.conf.Configuration conf,
                                             org.apache.hadoop.security.authorize.AccessControlList acl,
                                             javax.servlet.http.HttpServletRequest request,
                                             javax.servlet.http.HttpServletResponse response)
                                      throws IOException

Throws:

IOException

userHasAdministratorAccess

public static boolean userHasAdministratorAccess(javax.servlet.ServletContext servletContext,
                                                 String remoteUser)

Get the admin ACLs from the given ServletContext and check if the given user is in the ACL.

Parameters:

servletContext - the context containing the admin ACL.

remoteUser - the remote user to check for.

Returns:

true if the user is present in the ACL, false if no ACL is set or the user is not present

userHasAdministratorAccess

public static boolean userHasAdministratorAccess(org.apache.hadoop.security.authorize.AccessControlList acl,
                                                 String remoteUser)