@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
resp.setContentType("application/json");
final PrintWriter out = resp.getWriter();
HttpSession session = req.getSession(false);
if (session != null) {
Subject subject = (Subject) session.getAttribute("subject");
if (subject == null) {
LOG.warn("No security subject stored in existing session, invalidating");
session.invalidate();
Helpers.doForbidden(resp);
return;
}
sendResponse(session, subject, out);
return;
}
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
if (subject == null) {
Helpers.doForbidden(resp);
return;
}
Set<Principal> principals = subject.getPrincipals();
String username = null;
if (principals != null) {
for (Principal principal : principals) {
if (principal.getClass().getSimpleName().equals("UserPrincipal")) {
username = principal.getName();
LOG.debug("Authorizing user {}", username);
}
}
}
session = req.getSession(true);
session.setAttribute("subject", subject);
session.setAttribute("user", username);
session.setAttribute("org.osgi.service.http.authentication.remote.user", username);
session.setAttribute(
"org.osgi.service.http.authentication.type", HttpServletRequest.BASIC_AUTH);
session.setAttribute("loginTime", GregorianCalendar.getInstance().getTimeInMillis());
if (timeout != null) {
session.setMaxInactiveInterval(timeout);
}
if (LOG.isDebugEnabled()) {
LOG.debug(
"Http session timeout for user {} is {} sec.",
username,
session.getMaxInactiveInterval());
}
sendResponse(session, subject, out);
}
/**
* Return the current user, including any doAs in the current stack.
*
* @return the current user
* @throws IOException if login fails
*/
public static UserGroupInformation getCurrentUser() throws IOException {
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
return getLoginUser();
} else {
return new UserGroupInformation(subject);
}
}
@Override
public String value() {
final Subject currentSubject = Subject.getSubject(AccessController.getContext());
if (currentSubject == null || currentSubject.getPrincipals().isEmpty()) {
return null;
}
final Principal principal = currentSubject.getPrincipals().iterator().next();
return (principal != null ? principal.getName() : null);
}
/**
* This Sample PrivilegedAction performs the following operations:
*
* <ul>
* <li>Access the System property, <i>java.home</i>
* <li>Access the System property, <i>user.home</i>
* <li>Access the file, <i>foo.txt</i>
* </ul>
*
* @return <code>null</code> in all cases.
* @exception SecurityException if the caller does not have permission to perform the operations
* listed above.
*/
public Object run() {
Subject currentSubject = Subject.getSubject(AccessController.getContext());
Iterator iter = currentSubject.getPrincipals().iterator();
String dir = "";
Principal p = null;
while (iter.hasNext()) {
p = (Principal) iter.next();
dir = dir + p.getName() + " ";
}
if ((p.getName()).equals("Admin")) {
String choice;
while (!(choice = System.console().readLine("choice : ")).equals("exit")) {
if (choice.equals("add")) {
String directory = System.console().readLine("directory : ");
String filename = System.console().readLine("name : ");
String content = System.console().readLine("content : ");
try {
BufferedWriter bw =
new BufferedWriter(
new FileWriter("sample/db/" + directory + "/" + filename + ".txt"));
bw.write(content);
bw.close();
System.out.println(filename + ".txt generated.");
} catch (Exception e) {
System.out.println(e.toString());
continue;
}
} else if (choice.equals("rm")) {
try {
String filename = System.console().readLine("name : ");
File f = new File(searchMovie(dir, filename));
if (f.exists()) {
f.delete();
System.out.println(filename + ".txt deleted.");
}
} catch (Exception e) {
System.out.println(e.toString());
continue;
}
} else if (choice.equals("read")) {
String filename = System.console().readLine("Movie to watch : ");
promptUser(dir, filename, p);
} else {
System.out.println("Invalid selection ( add, rm, read, exit )");
}
}
} else {
String filename;
while (!(filename = System.console().readLine("Movie to watch : ")).equals("exit")) {
promptUser(dir, filename, p);
}
}
return null;
}
/**
* Return the current user <code>Subject</code>.
*
* @return the current user <code>Subject</code>
*/
static Subject getCurrentUser() {
return Subject.getSubject(AccessController.getContext());
}
private void setPrincipal() {
Subject subject = Subject.getSubject(AccessController.getContext());
Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class);
principal = principals.iterator().next().getName();
}
@Override
public Object invoke(final Packet packet, final Method method, final Object... aobj)
throws InvocationTargetException, IllegalAccessException {
final T portType = ScoutInstanceResolver.this.resolve(packet);
if (portType == null) {
throw new WebServiceException("No port type found");
}
Subject subject = null;
try {
subject = Subject.getSubject(AccessController.getContext());
} catch (Exception e) {
LOG.error("Failed to get subject of calling access context", e);
}
if (subject == null) {
throw new WebServiceException(
"Webservice request was NOT dispatched due to security reasons: request must run on behalf of a subject context.");
}
IServerSession session = getSession(m_context.getMessageContext());
if (session == null) {
LOG.warn(
"Webservice request is not run in a session context as no server session is configured.");
return method.invoke(portType, aobj);
}
try {
final ObjectHolder resultHolder = new ObjectHolder();
final Holder<InvocationTargetException> invocationTargetExceptionHolder =
new Holder<InvocationTargetException>(InvocationTargetException.class);
final Holder<IllegalAccessException> illegalAccessExceptionHolder =
new Holder<IllegalAccessException>(IllegalAccessException.class);
final Holder<RuntimeException> runtimeExceptionHolder =
new Holder<RuntimeException>(RuntimeException.class);
// run server job
final IServerJobFactory jobFactory =
SERVICES.getService(IServerJobService.class).createJobFactory(session, subject);
ServerJob serverJob =
jobFactory.create(
"Tx",
new ITransactionRunnable() {
@Override
public IStatus run(IProgressMonitor monitor) throws ProcessingException {
try {
resultHolder.setValue(method.invoke(portType, aobj));
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
ThreadContext.getTransaction().addFailure(cause); // rollback transaction
if (cause instanceof RuntimeException) {
LOG.warn(
"Webservice processing exception occured. Please handle faults by respective checked SOAP faults.",
cause);
invocationTargetExceptionHolder.setValue(
new InvocationTargetException(
new WebServiceException("Internal Server Error")));
} else {
// business exception (SOAP faults are checked exceptions)
LOG.info("Webservice processing exception occured.", cause);
invocationTargetExceptionHolder.setValue(e);
}
} catch (IllegalAccessException e) {
ThreadContext.getTransaction().addFailure(e); // rollback transaction
LOG.error(
"Illegal access exception occured while dispatching webservice request. This might be caused because of Java security settings.",
e);
illegalAccessExceptionHolder.setValue(e);
} catch (RuntimeException e) {
ThreadContext.getTransaction().addFailure(e); // rollback transaction
LOG.error(
"Unexpected error occured while dispatching webservice request.", e);
runtimeExceptionHolder.setValue(e);
}
return Status.OK_STATUS;
}
});
serverJob.setSystem(true);
serverJob.runNow(new NullProgressMonitor());
if (invocationTargetExceptionHolder.getValue() != null) {
throw invocationTargetExceptionHolder.getValue();
}
if (illegalAccessExceptionHolder.getValue() != null) {
throw illegalAccessExceptionHolder.getValue();
}
if (runtimeExceptionHolder.getValue() != null) {
throw runtimeExceptionHolder.getValue();
}
return resultHolder.getValue();
} finally {
postInvoke(packet, portType);
}
}
private void validateHadoopFS(List<ConfigIssue> issues) {
boolean validHapoopFsUri = true;
hadoopConf = getHadoopConfiguration(issues);
String hdfsUriInConf;
if (hdfsUri != null && !hdfsUri.isEmpty()) {
hadoopConf.set(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY, hdfsUri);
} else {
hdfsUriInConf = hadoopConf.get(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY);
if (hdfsUriInConf == null) {
issues.add(
getContext().createConfigIssue(Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_19));
return;
} else {
hdfsUri = hdfsUriInConf;
}
}
if (hdfsUri.contains("://")) {
try {
URI uri = new URI(hdfsUri);
if (!"hdfs".equals(uri.getScheme())) {
issues.add(
getContext()
.createConfigIssue(
Groups.HADOOP_FS.name(),
"hdfsUri",
Errors.HADOOPFS_12,
hdfsUri,
uri.getScheme()));
validHapoopFsUri = false;
} else if (uri.getAuthority() == null) {
issues.add(
getContext()
.createConfigIssue(
Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_13, hdfsUri));
validHapoopFsUri = false;
}
} catch (Exception ex) {
issues.add(
getContext()
.createConfigIssue(
Groups.HADOOP_FS.name(),
"hdfsUri",
Errors.HADOOPFS_22,
hdfsUri,
ex.getMessage(),
ex));
validHapoopFsUri = false;
}
} else {
issues.add(
getContext()
.createConfigIssue(Groups.HADOOP_FS.name(), "hdfsUri", Errors.HADOOPFS_02, hdfsUri));
validHapoopFsUri = false;
}
StringBuilder logMessage = new StringBuilder();
try {
// forcing UGI to initialize with the security settings from the stage
UserGroupInformation.setConfiguration(hadoopConf);
Subject subject = Subject.getSubject(AccessController.getContext());
if (UserGroupInformation.isSecurityEnabled()) {
loginUgi = UserGroupInformation.getUGIFromSubject(subject);
} else {
UserGroupInformation.loginUserFromSubject(subject);
loginUgi = UserGroupInformation.getLoginUser();
}
LOG.info(
"Subject = {}, Principals = {}, Login UGI = {}",
subject,
subject == null ? "null" : subject.getPrincipals(),
loginUgi);
if (hdfsKerberos) {
logMessage.append("Using Kerberos");
if (loginUgi.getAuthenticationMethod()
!= UserGroupInformation.AuthenticationMethod.KERBEROS) {
issues.add(
getContext()
.createConfigIssue(
Groups.HADOOP_FS.name(),
"hdfsKerberos",
Errors.HADOOPFS_00,
loginUgi.getAuthenticationMethod(),
UserGroupInformation.AuthenticationMethod.KERBEROS));
}
} else {
logMessage.append("Using Simple");
hadoopConf.set(
CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
UserGroupInformation.AuthenticationMethod.SIMPLE.name());
}
if (validHapoopFsUri) {
getUGI()
.doAs(
new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
try (FileSystem fs = getFileSystemForInitDestroy()) { // to trigger the close
}
return null;
}
});
}
} catch (Exception ex) {
LOG.info("Error connecting to FileSystem: " + ex, ex);
issues.add(
getContext()
.createConfigIssue(
Groups.HADOOP_FS.name(),
null,
Errors.HADOOPFS_11,
hdfsUri,
String.valueOf(ex),
ex));
}
LOG.info("Authentication Config: " + logMessage);
}
