1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.rest;
20
21 import java.io.IOException;
22
23 import javax.servlet.ServletException;
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpServletResponse;
26
27 import org.apache.hadoop.classification.InterfaceAudience;
28
29 import com.sun.jersey.spi.container.servlet.ServletContainer;
30
31 import org.apache.hadoop.security.UserGroupInformation;
32 import org.apache.hadoop.security.authorize.AuthorizationException;
33 import org.apache.hadoop.security.authorize.ProxyUsers;
34 import org.apache.hadoop.conf.Configuration;
35
36
37
38
39
40 @InterfaceAudience.Private
41 public class RESTServletContainer extends ServletContainer {
42 private static final long serialVersionUID = -2474255003443394314L;
43
44
45
46
47
48
49 @Override
50 public void service(final HttpServletRequest request,
51 final HttpServletResponse response) throws ServletException, IOException {
52 final String doAsUserFromQuery = request.getParameter("doAs");
53 Configuration conf = RESTServlet.getInstance().getConfiguration();
54 final boolean proxyConfigured = conf.getBoolean("hbase.rest.support.proxyuser", false);
55 if (doAsUserFromQuery != null && !proxyConfigured) {
56 throw new ServletException("Support for proxyuser is not configured");
57 }
58 UserGroupInformation ugi = RESTServlet.getInstance().getRealUser();
59 if (doAsUserFromQuery != null) {
60
61
62 ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi);
63
64 try {
65 ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
66 } catch(AuthorizationException e) {
67 throw new ServletException(e.getMessage());
68 }
69 } else {
70
71
72 ugi = UserGroupInformation.createProxyUser(request.getRemoteUser(), ugi);
73 }
74 RESTServlet.getInstance().setEffectiveUser(ugi);
75 super.service(request, response);
76 }
77 }