Google Git
Sign in
apache / hbase-site / ff6a80e0a7b88ff9f74661fcd6bc4153c4c3eba8 / . / apidocs / src-html / org / apache / hadoop / hbase / http / InfoServer.html
blob: 9fcf8dcb9c4175bbf353187b634ff87a069121ec [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<!-- Generated by javadoc (17) -->
<title>Source code</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="source: package: org.apache.hadoop.hbase.http, class: InfoServer">
<meta name="generator" content="javadoc/SourceToHTMLConverter">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body class="source-page">
<main role="main">
<div class="source-container">
<pre><span class="source-line-no">001</span><span id="line-1">/*</span>
<span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
<span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span>
<span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
<span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span>
<span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
<span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
<span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span>
<span class="source-line-no">009</span><span id="line-9"> *</span>
<span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span>
<span class="source-line-no">011</span><span id="line-11"> *</span>
<span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
<span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
<span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
<span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
<span class="source-line-no">017</span><span id="line-17"> */</span>
<span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.http;</span>
<span class="source-line-no">019</span><span id="line-19"></span>
<span class="source-line-no">020</span><span id="line-20">import java.io.IOException;</span>
<span class="source-line-no">021</span><span id="line-21">import java.net.URI;</span>
<span class="source-line-no">022</span><span id="line-22">import javax.servlet.ServletContext;</span>
<span class="source-line-no">023</span><span id="line-23">import javax.servlet.http.HttpServlet;</span>
<span class="source-line-no">024</span><span id="line-24">import javax.servlet.http.HttpServletRequest;</span>
<span class="source-line-no">025</span><span id="line-25">import org.apache.hadoop.conf.Configuration;</span>
<span class="source-line-no">026</span><span id="line-26">import org.apache.hadoop.fs.CommonConfigurationKeys;</span>
<span class="source-line-no">027</span><span id="line-27">import org.apache.hadoop.hbase.HBaseConfiguration;</span>
<span class="source-line-no">028</span><span id="line-28">import org.apache.hadoop.security.authorize.AccessControlList;</span>
<span class="source-line-no">029</span><span id="line-29">import org.apache.yetus.audience.InterfaceAudience;</span>
<span class="source-line-no">030</span><span id="line-30"></span>
<span class="source-line-no">031</span><span id="line-31">import org.apache.hbase.thirdparty.com.google.common.net.HostAndPort;</span>
<span class="source-line-no">032</span><span id="line-32">import org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletHolder;</span>
<span class="source-line-no">033</span><span id="line-33"></span>
<span class="source-line-no">034</span><span id="line-34">/**</span>
<span class="source-line-no">035</span><span id="line-35"> * Create a Jetty embedded server to answer http requests. The primary goal is to serve up status</span>
<span class="source-line-no">036</span><span id="line-36"> * information for the server. There are three contexts: "/stacks/" -&amp;gt; points to stack trace</span>
<span class="source-line-no">037</span><span id="line-37"> * "/static/" -&amp;gt; points to common static files (src/hbase-webapps/static) "/" -&amp;gt; the jsp</span>
<span class="source-line-no">038</span><span id="line-38"> * server code from (src/hbase-webapps/&amp;lt;name&amp;gt;)</span>
<span class="source-line-no">039</span><span id="line-39"> */</span>
<span class="source-line-no">040</span><span id="line-40">@InterfaceAudience.Private</span>
<span class="source-line-no">041</span><span id="line-41">public class InfoServer {</span>
<span class="source-line-no">042</span><span id="line-42"> private static final String HBASE_APP_DIR = "hbase-webapps";</span>
<span class="source-line-no">043</span><span id="line-43"> private final org.apache.hadoop.hbase.http.HttpServer httpServer;</span>
<span class="source-line-no">044</span><span id="line-44"></span>
<span class="source-line-no">045</span><span id="line-45"> /**</span>
<span class="source-line-no">046</span><span id="line-46"> * Create a status server on the given port. The jsp scripts are taken from</span>
<span class="source-line-no">047</span><span id="line-47"> * src/hbase-webapps/&lt;code&gt;name&lt;/code&gt;.</span>
<span class="source-line-no">048</span><span id="line-48"> * @param name The name of the server</span>
<span class="source-line-no">049</span><span id="line-49"> * @param bindAddress address to bind to</span>
<span class="source-line-no">050</span><span id="line-50"> * @param port The port to use on the server</span>
<span class="source-line-no">051</span><span id="line-51"> * @param findPort whether the server should start at the given port and increment by 1 until</span>
<span class="source-line-no">052</span><span id="line-52"> * it finds a free port.</span>
<span class="source-line-no">053</span><span id="line-53"> * @param c the {@link Configuration} to build the server</span>
<span class="source-line-no">054</span><span id="line-54"> * @throws IOException if getting one of the password fails or the server cannot be created</span>
<span class="source-line-no">055</span><span id="line-55"> */</span>
<span class="source-line-no">056</span><span id="line-56"> public InfoServer(String name, String bindAddress, int port, boolean findPort,</span>
<span class="source-line-no">057</span><span id="line-57"> final Configuration c) throws IOException {</span>
<span class="source-line-no">058</span><span id="line-58"> HttpConfig httpConfig = new HttpConfig(c);</span>
<span class="source-line-no">059</span><span id="line-59"> HttpServer.Builder builder = new org.apache.hadoop.hbase.http.HttpServer.Builder();</span>
<span class="source-line-no">060</span><span id="line-60"></span>
<span class="source-line-no">061</span><span id="line-61"> builder.setName(name)</span>
<span class="source-line-no">062</span><span id="line-62"> .addEndpoint(URI</span>
<span class="source-line-no">063</span><span id="line-63"> .create(httpConfig.getSchemePrefix() + HostAndPort.fromParts(bindAddress, port).toString()))</span>
<span class="source-line-no">064</span><span id="line-64"> .setAppDir(HBASE_APP_DIR).setFindPort(findPort).setConf(c);</span>
<span class="source-line-no">065</span><span id="line-65"> String logDir = System.getProperty("hbase.log.dir");</span>
<span class="source-line-no">066</span><span id="line-66"> if (logDir != null) {</span>
<span class="source-line-no">067</span><span id="line-67"> builder.setLogDir(logDir);</span>
<span class="source-line-no">068</span><span id="line-68"> }</span>
<span class="source-line-no">069</span><span id="line-69"> if (httpConfig.isSecure()) {</span>
<span class="source-line-no">070</span><span id="line-70"> builder</span>
<span class="source-line-no">071</span><span id="line-71"> .keyPassword(HBaseConfiguration.getPassword(c, "ssl.server.keystore.keypassword", null))</span>
<span class="source-line-no">072</span><span id="line-72"> .keyStore(c.get("ssl.server.keystore.location"),</span>
<span class="source-line-no">073</span><span id="line-73"> HBaseConfiguration.getPassword(c, "ssl.server.keystore.password", null),</span>
<span class="source-line-no">074</span><span id="line-74"> c.get("ssl.server.keystore.type", "jks"))</span>
<span class="source-line-no">075</span><span id="line-75"> .trustStore(c.get("ssl.server.truststore.location"),</span>
<span class="source-line-no">076</span><span id="line-76"> HBaseConfiguration.getPassword(c, "ssl.server.truststore.password", null),</span>
<span class="source-line-no">077</span><span id="line-77"> c.get("ssl.server.truststore.type", "jks"));</span>
<span class="source-line-no">078</span><span id="line-78"> builder.excludeCiphers(c.get("ssl.server.exclude.cipher.list"));</span>
<span class="source-line-no">079</span><span id="line-79"> }</span>
<span class="source-line-no">080</span><span id="line-80"> // Enable SPNEGO authentication</span>
<span class="source-line-no">081</span><span id="line-81"> if ("kerberos".equalsIgnoreCase(c.get(HttpServer.HTTP_UI_AUTHENTICATION, null))) {</span>
<span class="source-line-no">082</span><span id="line-82"> builder.setUsernameConfKey(HttpServer.HTTP_SPNEGO_AUTHENTICATION_PRINCIPAL_KEY)</span>
<span class="source-line-no">083</span><span id="line-83"> .setKeytabConfKey(HttpServer.HTTP_SPNEGO_AUTHENTICATION_KEYTAB_KEY)</span>
<span class="source-line-no">084</span><span id="line-84"> .setKerberosNameRulesKey(HttpServer.HTTP_SPNEGO_AUTHENTICATION_KRB_NAME_KEY)</span>
<span class="source-line-no">085</span><span id="line-85"> .setSignatureSecretFileKey(HttpServer.HTTP_AUTHENTICATION_SIGNATURE_SECRET_FILE_KEY)</span>
<span class="source-line-no">086</span><span id="line-86"> .setSecurityEnabled(true);</span>
<span class="source-line-no">087</span><span id="line-87"></span>
<span class="source-line-no">088</span><span id="line-88"> // Set an admin ACL on sensitive webUI endpoints</span>
<span class="source-line-no">089</span><span id="line-89"> AccessControlList acl = buildAdminAcl(c);</span>
<span class="source-line-no">090</span><span id="line-90"> builder.setACL(acl);</span>
<span class="source-line-no">091</span><span id="line-91"> }</span>
<span class="source-line-no">092</span><span id="line-92"> this.httpServer = builder.build();</span>
<span class="source-line-no">093</span><span id="line-93"> }</span>
<span class="source-line-no">094</span><span id="line-94"></span>
<span class="source-line-no">095</span><span id="line-95"> /**</span>
<span class="source-line-no">096</span><span id="line-96"> * Builds an ACL that will restrict the users who can issue commands to endpoints on the UI which</span>
<span class="source-line-no">097</span><span id="line-97"> * are meant only for administrators.</span>
<span class="source-line-no">098</span><span id="line-98"> */</span>
<span class="source-line-no">099</span><span id="line-99"> AccessControlList buildAdminAcl(Configuration conf) {</span>
<span class="source-line-no">100</span><span id="line-100"> final String userGroups = conf.get(HttpServer.HTTP_SPNEGO_AUTHENTICATION_ADMIN_USERS_KEY, null);</span>
<span class="source-line-no">101</span><span id="line-101"> final String adminGroups =</span>
<span class="source-line-no">102</span><span id="line-102"> conf.get(HttpServer.HTTP_SPNEGO_AUTHENTICATION_ADMIN_GROUPS_KEY, null);</span>
<span class="source-line-no">103</span><span id="line-103"> if (userGroups == null &amp;&amp; adminGroups == null) {</span>
<span class="source-line-no">104</span><span id="line-104"> // Backwards compatibility - if the user doesn't have anything set, allow all users in.</span>
<span class="source-line-no">105</span><span id="line-105"> return new AccessControlList("*", null);</span>
<span class="source-line-no">106</span><span id="line-106"> }</span>
<span class="source-line-no">107</span><span id="line-107"> return new AccessControlList(userGroups, adminGroups);</span>
<span class="source-line-no">108</span><span id="line-108"> }</span>
<span class="source-line-no">109</span><span id="line-109"></span>
<span class="source-line-no">110</span><span id="line-110"> /**</span>
<span class="source-line-no">111</span><span id="line-111"> * Explicitly invoke {@link #addPrivilegedServlet(String, String, Class)} or</span>
<span class="source-line-no">112</span><span id="line-112"> * {@link #addUnprivilegedServlet(String, String, Class)} instead of this method. This method will</span>
<span class="source-line-no">113</span><span id="line-113"> * add a servlet which any authenticated user can access.</span>
<span class="source-line-no">114</span><span id="line-114"> * @deprecated Use {@link #addUnprivilegedServlet(String, String, Class)} or</span>
<span class="source-line-no">115</span><span id="line-115"> * {@link #addPrivilegedServlet(String, String, Class)} instead of this method which</span>
<span class="source-line-no">116</span><span id="line-116"> * does not state outwardly what kind of authz rules will be applied to this servlet.</span>
<span class="source-line-no">117</span><span id="line-117"> */</span>
<span class="source-line-no">118</span><span id="line-118"> @Deprecated</span>
<span class="source-line-no">119</span><span id="line-119"> public void addServlet(String name, String pathSpec, Class&lt;? extends HttpServlet&gt; clazz) {</span>
<span class="source-line-no">120</span><span id="line-120"> addUnprivilegedServlet(name, pathSpec, clazz);</span>
<span class="source-line-no">121</span><span id="line-121"> }</span>
<span class="source-line-no">122</span><span id="line-122"></span>
<span class="source-line-no">123</span><span id="line-123"> /**</span>
<span class="source-line-no">124</span><span id="line-124"> * Adds a servlet in the server that any user can access.</span>
<span class="source-line-no">125</span><span id="line-125"> * @see HttpServer#addUnprivilegedServlet(String, String, Class)</span>
<span class="source-line-no">126</span><span id="line-126"> */</span>
<span class="source-line-no">127</span><span id="line-127"> public void addUnprivilegedServlet(String name, String pathSpec,</span>
<span class="source-line-no">128</span><span id="line-128"> Class&lt;? extends HttpServlet&gt; clazz) {</span>
<span class="source-line-no">129</span><span id="line-129"> this.httpServer.addUnprivilegedServlet(name, pathSpec, clazz);</span>
<span class="source-line-no">130</span><span id="line-130"> }</span>
<span class="source-line-no">131</span><span id="line-131"></span>
<span class="source-line-no">132</span><span id="line-132"> /**</span>
<span class="source-line-no">133</span><span id="line-133"> * Adds a servlet in the server that any user can access.</span>
<span class="source-line-no">134</span><span id="line-134"> * @see HttpServer#addUnprivilegedServlet(String, ServletHolder)</span>
<span class="source-line-no">135</span><span id="line-135"> */</span>
<span class="source-line-no">136</span><span id="line-136"> public void addUnprivilegedServlet(String name, String pathSpec, ServletHolder holder) {</span>
<span class="source-line-no">137</span><span id="line-137"> if (name != null) {</span>
<span class="source-line-no">138</span><span id="line-138"> holder.setName(name);</span>
<span class="source-line-no">139</span><span id="line-139"> }</span>
<span class="source-line-no">140</span><span id="line-140"> this.httpServer.addUnprivilegedServlet(pathSpec, holder);</span>
<span class="source-line-no">141</span><span id="line-141"> }</span>
<span class="source-line-no">142</span><span id="line-142"></span>
<span class="source-line-no">143</span><span id="line-143"> /**</span>
<span class="source-line-no">144</span><span id="line-144"> * Adds a servlet in the server that any user can access.</span>
<span class="source-line-no">145</span><span id="line-145"> * @see HttpServer#addPrivilegedServlet(String, String, Class)</span>
<span class="source-line-no">146</span><span id="line-146"> */</span>
<span class="source-line-no">147</span><span id="line-147"> public void addPrivilegedServlet(String name, String pathSpec,</span>
<span class="source-line-no">148</span><span id="line-148"> Class&lt;? extends HttpServlet&gt; clazz) {</span>
<span class="source-line-no">149</span><span id="line-149"> this.httpServer.addPrivilegedServlet(name, pathSpec, clazz);</span>
<span class="source-line-no">150</span><span id="line-150"> }</span>
<span class="source-line-no">151</span><span id="line-151"></span>
<span class="source-line-no">152</span><span id="line-152"> public void setAttribute(String name, Object value) {</span>
<span class="source-line-no">153</span><span id="line-153"> this.httpServer.setAttribute(name, value);</span>
<span class="source-line-no">154</span><span id="line-154"> }</span>
<span class="source-line-no">155</span><span id="line-155"></span>
<span class="source-line-no">156</span><span id="line-156"> public void start() throws IOException {</span>
<span class="source-line-no">157</span><span id="line-157"> this.httpServer.start();</span>
<span class="source-line-no">158</span><span id="line-158"> }</span>
<span class="source-line-no">159</span><span id="line-159"></span>
<span class="source-line-no">160</span><span id="line-160"> /**</span>
<span class="source-line-no">161</span><span id="line-161"> * @return the port of the info server</span>
<span class="source-line-no">162</span><span id="line-162"> * @deprecated Since 0.99.0</span>
<span class="source-line-no">163</span><span id="line-163"> */</span>
<span class="source-line-no">164</span><span id="line-164"> @Deprecated</span>
<span class="source-line-no">165</span><span id="line-165"> public int getPort() {</span>
<span class="source-line-no">166</span><span id="line-166"> return this.httpServer.getPort();</span>
<span class="source-line-no">167</span><span id="line-167"> }</span>
<span class="source-line-no">168</span><span id="line-168"></span>
<span class="source-line-no">169</span><span id="line-169"> public void stop() throws Exception {</span>
<span class="source-line-no">170</span><span id="line-170"> this.httpServer.stop();</span>
<span class="source-line-no">171</span><span id="line-171"> }</span>
<span class="source-line-no">172</span><span id="line-172"></span>
<span class="source-line-no">173</span><span id="line-173"> /**</span>
<span class="source-line-no">174</span><span id="line-174"> * Returns true if and only if UI authentication (spnego) is enabled, UI authorization is enabled,</span>
<span class="source-line-no">175</span><span id="line-175"> * and the requesting user is defined as an administrator. If the UI is set to readonly, this</span>
<span class="source-line-no">176</span><span id="line-176"> * method always returns false.</span>
<span class="source-line-no">177</span><span id="line-177"> */</span>
<span class="source-line-no">178</span><span id="line-178"> public static boolean canUserModifyUI(HttpServletRequest req, ServletContext ctx,</span>
<span class="source-line-no">179</span><span id="line-179"> Configuration conf) {</span>
<span class="source-line-no">180</span><span id="line-180"> if (conf.getBoolean("hbase.master.ui.readonly", false)) {</span>
<span class="source-line-no">181</span><span id="line-181"> return false;</span>
<span class="source-line-no">182</span><span id="line-182"> }</span>
<span class="source-line-no">183</span><span id="line-183"> String remoteUser = req.getRemoteUser();</span>
<span class="source-line-no">184</span><span id="line-184"> if (</span>
<span class="source-line-no">185</span><span id="line-185"> "kerberos".equalsIgnoreCase(conf.get(HttpServer.HTTP_UI_AUTHENTICATION))</span>
<span class="source-line-no">186</span><span id="line-186"> &amp;&amp; conf.getBoolean(CommonConfigurationKeys.HADOOP_SECURITY_AUTHORIZATION, false)</span>
<span class="source-line-no">187</span><span id="line-187"> &amp;&amp; remoteUser != null</span>
<span class="source-line-no">188</span><span id="line-188"> ) {</span>
<span class="source-line-no">189</span><span id="line-189"> return HttpServer.userHasAdministratorAccess(ctx, remoteUser);</span>
<span class="source-line-no">190</span><span id="line-190"> }</span>
<span class="source-line-no">191</span><span id="line-191"> return false;</span>
<span class="source-line-no">192</span><span id="line-192"> }</span>
<span class="source-line-no">193</span><span id="line-193">}</span>
</pre>
</div>
</main>
</body>
</html>