private void setIpAddress(Socket socket) { SessionManager.setIpAddress(socket.getInetAddress().toString()); }
@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String clientUserName = null; String clientIpAddress; boolean requireNewCookie = false; try { if (hiveConf.getBoolean(ConfVars.HIVE_SERVER2_XSRF_FILTER_ENABLED.varname, false)) { boolean continueProcessing = Utils.doXsrfFilter(request, response, null, null); if (!continueProcessing) { LOG.warn("Request did not have valid XSRF header, rejecting."); return; } } // If the cookie based authentication is already enabled, parse the // request and validate the request cookies. if (isCookieAuthEnabled) { clientUserName = validateCookie(request); requireNewCookie = (clientUserName == null); if (requireNewCookie) { LOG.info("Could not validate cookie sent, will try to generate a new cookie"); } } // If the cookie based authentication is not enabled or the request does // not have a valid cookie, use the kerberos or password based authentication // depending on the server setup. if (clientUserName == null) { // For a kerberos setup if (isKerberosAuthMode(authType)) { String delegationToken = request.getHeader(HIVE_DELEGATION_TOKEN_HEADER); // Each http request must have an Authorization header if ((delegationToken != null) && (!delegationToken.isEmpty())) { clientUserName = doTokenAuth(request, response); } else { clientUserName = doKerberosAuth(request); } } // For password based authentication else { clientUserName = doPasswdAuth(request, authType); } } LOG.debug("Client username: "******"Client IP Address: " + clientIpAddress); // Set the thread local ip address SessionManager.setIpAddress(clientIpAddress); // get forwarded hosts address String forwarded_for = request.getHeader(X_FORWARDED_FOR); if (forwarded_for != null) { LOG.debug("{}:{}", X_FORWARDED_FOR, forwarded_for); List<String> forwardedAddresses = Arrays.asList(forwarded_for.split(",")); SessionManager.setForwardedAddresses(forwardedAddresses); } else { SessionManager.setForwardedAddresses(Collections.<String>emptyList()); } // Generate new cookie and add it to the response if (requireNewCookie && !authType.equalsIgnoreCase(HiveAuthFactory.AuthTypes.NOSASL.toString())) { String cookieToken = HttpAuthUtils.createCookieToken(clientUserName); Cookie hs2Cookie = createCookie(signer.signCookie(cookieToken)); if (isHttpOnlyCookie) { response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(hs2Cookie)); } else { response.addCookie(hs2Cookie); } LOG.info("Cookie added for clientUserName " + clientUserName); } super.doPost(request, response); } catch (HttpAuthenticationException e) { LOG.error("Error: ", e); // Send a 401 to the client response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); if (isKerberosAuthMode(authType)) { response.addHeader(HttpAuthUtils.WWW_AUTHENTICATE, HttpAuthUtils.NEGOTIATE); } response.getWriter().println("Authentication Error: " + e.getMessage()); } finally { // Clear the thread locals SessionManager.clearUserName(); SessionManager.clearIpAddress(); SessionManager.clearProxyUserName(); SessionManager.clearForwardedAddresses(); } }