Permalink
Browse files

Initial permissioning HDFS browser

  • Loading branch information...
1 parent 222a9ba commit 1de5e765e96e9e2393e63cae62acf7718be1a0f8 @rbpark committed Mar 17, 2012
View
8 azkaban/src/java/azkaban/app/AzkabanApplication.java
@@ -108,6 +108,8 @@
private NamedPermitManager _permitManager;
private ReadWriteLockManager _readWriteLockManager;
+ private Props defaultProps;
+
public AzkabanApplication(final List<File> jobDirs, final File logDir, final File tempDir, final boolean enableDevMode) throws IOException {
this._jobDirs = Utils.nonNull(jobDirs);
this._logsDir = Utils.nonNull(logDir);
@@ -132,7 +134,7 @@ public AzkabanApplication(final List<File> jobDirs, final File logDir, final Fil
throw new IllegalArgumentException("No job directory given.");
}
- Props defaultProps = PropsUtils.loadPropsInDirs(_jobDirs, ".properties", ".schema");
+ defaultProps = PropsUtils.loadPropsInDirs(_jobDirs, ".properties", ".schema");
_baseClassLoader = getBaseClassloader();
@@ -443,4 +445,8 @@ public MonitorInternalInterface getInternalMonitor() {
public void reloadJobsFromDisk() {
getJobManager().updateFlowManager();
}
+
+ public Props getDefaultProps() {
+ return defaultProps;
+ }
}
View
40 azkaban/src/java/azkaban/web/pages/HdfsBrowserServlet.java
@@ -18,9 +18,11 @@
import java.io.IOException;
import java.io.OutputStream;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import java.util.Properties;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -32,13 +34,19 @@
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.AccessControlException;
+import org.apache.hadoop.security.SecurityUtil;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.log4j.Logger;
+import azkaban.app.AzkabanApplication;
+import azkaban.common.utils.Props;
import azkaban.common.web.HdfsAvroFileViewer;
import azkaban.common.web.HdfsFileViewer;
import azkaban.common.web.JsonSequenceFileViewer;
import azkaban.common.web.Page;
import azkaban.common.web.TextFileViewer;
+import azkaban.util.SecurityUtils;
import azkaban.web.AbstractAzkabanServlet;
import azkaban.web.WebUtils;
@@ -80,7 +88,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
IOException {
String user = getUserFromRequest(req);
-
+
if (user == null) {
Page page = newPage(req, resp, "azkaban/web/pages/hdfs_browser_login.vm");
page.render();
@@ -126,23 +134,39 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
Page page = newPage(req, resp, "azkaban/web/pages/hdfs_browser_login.vm");
page.render();
} else if(hasParam(req, "login")) {
+ AzkabanApplication app = getApplication();
+ Props prop = app.getDefaultProps();
+ Properties property = prop.toProperties();
+
String user = getParam(req, "login");
setCookieInResponse(resp, SESSION_ID_NAME, user);
-
- FileSystem fs = FileSystem.get(conf);
+ UserGroupInformation ugi = SecurityUtils.getProxiedUser(user, property, logger);
+ FileSystem fs = ugi.doAs(new PrivilegedAction<FileSystem>(){
+ @Override
+ public FileSystem run() {
+ try {
+ return FileSystem.get(conf);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }});
+
try {
handleFSDisplay(fs, user, req, resp);
} catch (IOException e) {
- fs.close();
throw e;
}
+ finally {
+ fs.close();
+ }
fs.close();
}
}
private void handleFSDisplay(FileSystem fs, String user, HttpServletRequest req, HttpServletResponse resp) throws IOException {
String prefix = req.getContextPath() + req.getServletPath();
String fsPath = req.getRequestURI().substring(prefix.length());
+
if(fsPath.length() == 0)
fsPath = "/";
@@ -183,7 +207,13 @@ private void displayDir(FileSystem fs, String user, HttpServletRequest req, Http
page.add("user", user);
page.add("paths", paths);
page.add("segments", segments);
- page.add("subdirs", fs.listStatus(path)); // ??? line
+
+ try {
+ page.add("subdirs", fs.listStatus(path)); // ??? line
+ }
+ catch (AccessControlException e) {
+ page.add("error", "Permission denied. User cannot read file or directory");
+ }
page.render();
}
View
5 azkaban/src/java/azkaban/web/pages/hdfs_browser_dir.vm
@@ -75,7 +75,9 @@ PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
#end
#end
</div>
-
+ #if($error)
+ <h3>${error}</h3>
+ #else
<div class="subdirs">
<table class="fileTable">
<tr>
@@ -108,6 +110,7 @@ PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
#end
</table>
</div>
+ #end
</div>
</div>
</div>

0 comments on commit 1de5e76

Please sign in to comment.