View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.rest;
20  
21  import java.io.IOException;
22  import java.security.PrivilegedExceptionAction;
23  
24  import javax.servlet.ServletException;
25  import javax.servlet.http.HttpServletRequest;
26  import javax.servlet.http.HttpServletResponse;
27  
28  import org.apache.hadoop.classification.InterfaceAudience;
29  import org.apache.hadoop.security.UserGroupInformation;
30  
31  import com.sun.jersey.spi.container.servlet.ServletContainer;
32  
33  /**
34   * REST servlet container. It is used to get the remote request user
35   * without going through @HttpContext, so that we can minimize code changes.
36   */
37  @InterfaceAudience.Private
38  public class RESTServletContainer extends ServletContainer {
39    private static final long serialVersionUID = -2474255003443394314L;
40  
41    /**
42     * This container is used only if authentication and
43     * impersonation is enabled. The remote request user is used
44     * as a proxy user for impersonation in invoking any REST service.
45     */
46    @Override
47    public void service(final HttpServletRequest request,
48        final HttpServletResponse response) throws ServletException, IOException {
49      UserGroupInformation effectiveUser = UserGroupInformation.createProxyUser(
50        request.getRemoteUser(), RESTServlet.getInstance().getUser());
51      try {
52        effectiveUser.doAs(new PrivilegedExceptionAction<Void>() {
53          @Override
54           public Void run() throws ServletException, IOException {
55              callService(request, response);
56              return null;
57            }
58          });
59      } catch (InterruptedException e) {
60        Thread.currentThread().interrupt();
61        throw new IOException(e);
62      }
63    }
64  
65    /**
66     * A helper method used to invoke super.service()
67     * on behalf of an effective user with doAs.
68     */
69    void callService(HttpServletRequest request,
70        HttpServletResponse response) throws ServletException, IOException {
71      super.service(request, response);
72    }
73  }