diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java index 5ffe17a..daf25ea 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-client/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java @@ -72,6 +72,7 @@ private static final Log LOG = LogFactory.getLog(TimelineClientImpl.class); private static final String RESOURCE_URI_STR = "/ws/v1/timeline/"; + private static final String URL_PARAM_USER_NAME = "user.name"; private static final Joiner JOINER = Joiner.on(""); private static Options opts; static { @@ -84,17 +85,18 @@ private Client client; private URI resURI; private boolean isEnabled; - private TimelineAuthenticatedURLConnectionFactory urlFactory; + private KerberosAuthenticatedURLConnectionFactory urlFactory; public TimelineClientImpl() { super(TimelineClientImpl.class.getName()); ClientConfig cc = new DefaultClientConfig(); cc.getClasses().add(YarnJacksonJaxbJsonProvider.class); if (UserGroupInformation.isSecurityEnabled()) { - urlFactory = new TimelineAuthenticatedURLConnectionFactory(); + urlFactory = new KerberosAuthenticatedURLConnectionFactory(); client = new Client(new URLConnectionClientHandler(urlFactory), cc); } else { - client = Client.create(cc); + client = new Client(new URLConnectionClientHandler( + new PseudoAuthenticatedURLConnectionFactory()), cc); } } @@ -177,7 +179,23 @@ public ClientResponse doPostingEntities(TimelineEntities entities) { .post(ClientResponse.class, entities); } - private static class TimelineAuthenticatedURLConnectionFactory + private static class PseudoAuthenticatedURLConnectionFactory + implements HttpURLConnectionFactory { + + @Override + public HttpURLConnection getHttpURLConnection(URL url) throws IOException { + Map params = new HashMap(); + params.put(URL_PARAM_USER_NAME, + UserGroupInformation.getCurrentUser().getShortUserName()); + url = TimelineAuthenticator.appendParams(url, params); + if (LOG.isDebugEnabled()) { + LOG.debug("URL with delegation token: " + url); + } + return (HttpURLConnection) url.openConnection(); + } + + } + private static class KerberosAuthenticatedURLConnectionFactory implements HttpURLConnectionFactory { private AuthenticatedURL.Token token; @@ -185,7 +203,7 @@ public ClientResponse doPostingEntities(TimelineEntities entities) { private Token dToken; private Text service; - public TimelineAuthenticatedURLConnectionFactory() { + public KerberosAuthenticatedURLConnectionFactory() { token = new AuthenticatedURL.Token(); authenticator = new TimelineAuthenticator(); } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml index 0c1628e..02f8f8f 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml @@ -1218,6 +1218,24 @@ + yarn.timeline-service.http.authentication.type + simple + + Defines authentication used for the timeline server HTTP endpoint. + Supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME# + + + + + yarn.timeline-service.http.authentication.simple.anonymous.allowed + true + + Indicates if anonymous requests are allowed by the timeline server when using + 'simple' authentication. + + + + The Kerberos principal for the timeline server. yarn.timeline-service.principal diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java index dfd8c29..02a3bb1 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/applicationhistoryservice/ApplicationHistoryServer.java @@ -28,7 +28,6 @@ import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem; import org.apache.hadoop.metrics2.source.JvmMetrics; import org.apache.hadoop.security.SecurityUtil; -import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.service.CompositeService; import org.apache.hadoop.service.Service; import org.apache.hadoop.util.ExitUtil; @@ -178,23 +177,20 @@ protected TimelineACLsManager createTimelineACLsManager(Configuration conf) { protected void startWebApp() { Configuration conf = getConfig(); - // Play trick to make the customized filter will only be loaded by the - // timeline server when security is enabled and Kerberos authentication - // is used. - if (UserGroupInformation.isSecurityEnabled() - && conf - .get(TimelineAuthenticationFilterInitializer.PREFIX + "type", "") - .equals("kerberos")) { - String initializers = conf.get("hadoop.http.filter.initializers"); - initializers = - initializers == null || initializers.length() == 0 ? "" : "," - + initializers; - if (!initializers.contains( - TimelineAuthenticationFilterInitializer.class.getName())) { - conf.set("hadoop.http.filter.initializers", - TimelineAuthenticationFilterInitializer.class.getName() - + initializers); - } + // Always load pseudo authentication filter to parse "user.name" in an URL + // to identify a HTTP request's user in insecure mode. + // When Kerberos authentication type is set (i.e., secure mode is turned on), + // the customized filter will be loaded by the timeline server to do Kerberos + // + DT authentication. + String initializers = conf.get("hadoop.http.filter.initializers"); + initializers = + initializers == null || initializers.length() == 0 ? "" : "," + + initializers; + if (!initializers.contains( + TimelineAuthenticationFilterInitializer.class.getName())) { + conf.set("hadoop.http.filter.initializers", + TimelineAuthenticationFilterInitializer.class.getName() + + initializers); } String bindAddress = WebAppUtils.getAHSWebAppURLWithoutScheme(conf); LOG.info("Instantiating AHSWebApp at " + bindAddress); diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineACLsManager.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineACLsManager.java index 848ad0b..c7a8359 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineACLsManager.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineACLsManager.java @@ -51,7 +51,8 @@ public TimelineACLsManager(Configuration conf) { public boolean checkAccess(UserGroupInformation callerUGI, TimelineEntity entity) throws YarnException, IOException { if (LOG.isDebugEnabled()) { - LOG.debug("Verifying the access of " + callerUGI.getShortUserName() + LOG.debug("Verifying the access of " + + (callerUGI == null ? null : callerUGI.getShortUserName()) + " on the timeline entity " + new EntityIdentifier(entity.getEntityId(), entity.getEntityType())); } @@ -72,9 +73,12 @@ public boolean checkAccess(UserGroupInformation callerUGI, // TODO: Currently we just check the user is the admin or the timeline // entity owner. In the future, we need to check whether the user is in the // allowed user/group list - if (callerUGI != null - && (adminAclsManager.isAdmin(callerUGI) || - callerUGI.getShortUserName().equals(owner))) { + boolean isAdmin = + callerUGI == null ? false : adminAclsManager.isAdmin(callerUGI); + boolean isOwner = + callerUGI == null ? false : callerUGI.getShortUserName().equals(owner); + boolean unOwned = owner == null || owner.length() == 0; + if (isAdmin || isOwner || unOwned) { return true; } return false; diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilter.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilter.java index e6690a6..8e31362 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilter.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilter.java @@ -38,7 +38,8 @@ protected Properties getConfiguration(String configPrefix, // to replace the name here to use the customized Kerberos + DT service // instead of the standard Kerberos handler. Properties properties = super.getConfiguration(configPrefix, filterConfig); - if (properties.getProperty(AUTH_TYPE).equals("kerberos")) { + String authType = properties.getProperty(AUTH_TYPE); + if (authType != null && authType.equals("kerberos")) { properties.setProperty( AUTH_TYPE, TimelineClientAuthenticationService.class.getName()); } diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java index 8aeb438..569378b 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/main/java/org/apache/hadoop/yarn/server/timeline/security/TimelineAuthenticationFilterInitializer.java @@ -47,7 +47,7 @@ public class TimelineAuthenticationFilterInitializer extends FilterInitializer { /** - * The configuration prefix of timeline Kerberos + DT authentication + * The configuration prefix of timeline HTTP authentication */ public static final String PREFIX = "yarn.timeline-service.http.authentication."; diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager.java index 5825e7e..fc41986 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/security/TestTimelineACLsManager.java @@ -69,6 +69,15 @@ public void testYarnACLsEnabled() throws Exception { "Admin should be allowed to access", timelineACLsManager.checkAccess( UserGroupInformation.createRemoteUser("admin"), entity)); + + // if entity owner is empty, anonymous users should be able to access + entity = new TimelineEntity(); + entity.addPrimaryFilter( + TimelineStore.SystemFilter.ENTITY_OWNER + .toString(), ""); + Assert.assertTrue( + "Anonymous should be allowed to access", + timelineACLsManager.checkAccess(null, entity)); } @Test diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java index 832a79a..da8774f 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-applicationhistoryservice/src/test/java/org/apache/hadoop/yarn/server/timeline/webapp/TestTimelineWebServices.java @@ -19,26 +19,26 @@ package org.apache.hadoop.yarn.server.timeline.webapp; import static org.junit.Assert.assertEquals; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.doNothing; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.when; -import java.io.IOException; +import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; -import javax.inject.Singleton; -import javax.servlet.Filter; -import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; import javax.ws.rs.core.MediaType; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.authentication.server.AuthenticationFilter; +import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; import org.apache.hadoop.yarn.api.records.timeline.TimelineEntities; import org.apache.hadoop.yarn.api.records.timeline.TimelineEntity; import org.apache.hadoop.yarn.api.records.timeline.TimelineEvent; @@ -46,12 +46,11 @@ import org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse; import org.apache.hadoop.yarn.api.records.timeline.TimelinePutResponse.TimelinePutError; import org.apache.hadoop.yarn.conf.YarnConfiguration; -import org.apache.hadoop.yarn.exceptions.YarnException; import org.apache.hadoop.yarn.security.AdminACLsManager; import org.apache.hadoop.yarn.server.timeline.TestMemoryTimelineStore; import org.apache.hadoop.yarn.server.timeline.TimelineStore; import org.apache.hadoop.yarn.server.timeline.security.TimelineACLsManager; -import org.apache.hadoop.yarn.server.timeline.webapp.TimelineWebServices.AboutInfo; +import org.apache.hadoop.yarn.server.timeline.security.TimelineAuthenticationFilter; import org.apache.hadoop.yarn.webapp.GenericExceptionHandler; import org.apache.hadoop.yarn.webapp.YarnJacksonJaxbJsonProvider; import org.junit.Assert; @@ -74,11 +73,11 @@ private static TimelineStore store; private static TimelineACLsManager timelineACLsManager; private static AdminACLsManager adminACLsManager; - private static String remoteUser; private long beforeTime; private Injector injector = Guice.createInjector(new ServletModule() { + @SuppressWarnings("unchecked") @Override protected void configureServlets() { bind(YarnJacksonJaxbJsonProvider.class); @@ -98,7 +97,35 @@ protected void configureServlets() { adminACLsManager = new AdminACLsManager(conf); bind(TimelineACLsManager.class).toInstance(timelineACLsManager); serve("/*").with(GuiceContainer.class); - filter("/*").through(TestFilter.class); + TimelineAuthenticationFilter taFilter = new TimelineAuthenticationFilter(); + FilterConfig filterConfig = mock(FilterConfig.class); + when(filterConfig.getInitParameter(AuthenticationFilter.CONFIG_PREFIX)) + .thenReturn(null); + when(filterConfig.getInitParameter(AuthenticationFilter.AUTH_TYPE)) + .thenReturn("simple"); + when(filterConfig.getInitParameter( + PseudoAuthenticationHandler.ANONYMOUS_ALLOWED)).thenReturn("true"); + Enumeration names = mock(Enumeration.class); + when(names.hasMoreElements()).thenReturn(true, true, false); + when(names.nextElement()).thenReturn( + AuthenticationFilter.AUTH_TYPE, + PseudoAuthenticationHandler.ANONYMOUS_ALLOWED); + when(filterConfig.getInitParameterNames()).thenReturn(names); + try { + taFilter.init(filterConfig); + } catch (ServletException e) { + Assert.fail("Unable to initialize TimelineAuthenticationFilter: " + + e.getMessage()); + } + + taFilter = spy(taFilter); + try { + doNothing().when(taFilter).init(any(FilterConfig.class)); + } catch (ServletException e) { + Assert.fail("Unable to initialize TimelineAuthenticationFilter: " + + e.getMessage()); + } + filter("/*").through(taFilter); } }); @@ -425,7 +452,6 @@ public void testPostEntities() throws Exception { public void testPostEntitiesWithYarnACLsEnabled() throws Exception { AdminACLsManager oldAdminACLsManager = timelineACLsManager.setAdminACLsManager(adminACLsManager); - remoteUser = "tester"; try { TimelineEntities entities = new TimelineEntities(); TimelineEntity entity = new TimelineEntity(); @@ -435,6 +461,7 @@ public void testPostEntitiesWithYarnACLsEnabled() throws Exception { entities.addEntity(entity); WebResource r = resource(); ClientResponse response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "tester") .accept(MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_JSON) .post(ClientResponse.class, entities); @@ -444,8 +471,8 @@ public void testPostEntitiesWithYarnACLsEnabled() throws Exception { Assert.assertEquals(0, putResponse.getErrors().size()); // override/append timeline data in the same entity with different user - remoteUser = "other"; response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "other") .accept(MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_JSON) .post(ClientResponse.class, entities); @@ -457,7 +484,6 @@ public void testPostEntitiesWithYarnACLsEnabled() throws Exception { putResponse.getErrors().get(0).getErrorCode()); } finally { timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); - remoteUser = null; } } @@ -465,7 +491,6 @@ public void testPostEntitiesWithYarnACLsEnabled() throws Exception { public void testGetEntityWithYarnACLsEnabled() throws Exception { AdminACLsManager oldAdminACLsManager = timelineACLsManager.setAdminACLsManager(adminACLsManager); - remoteUser = "tester"; try { TimelineEntities entities = new TimelineEntities(); TimelineEntity entity = new TimelineEntity(); @@ -475,6 +500,7 @@ public void testGetEntityWithYarnACLsEnabled() throws Exception { entities.addEntity(entity); WebResource r = resource(); ClientResponse response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "tester") .accept(MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_JSON) .post(ClientResponse.class, entities); @@ -482,6 +508,7 @@ public void testGetEntityWithYarnACLsEnabled() throws Exception { // 1. No field specification response = r.path("ws").path("v1").path("timeline") .path("test type 3").path("test id 3") + .queryParam("user.name", "tester") .accept(MediaType.APPLICATION_JSON) .get(ClientResponse.class); assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); @@ -492,6 +519,7 @@ public void testGetEntityWithYarnACLsEnabled() throws Exception { response = r.path("ws").path("v1").path("timeline") .path("test type 3").path("test id 3") .queryParam("fields", "relatedentities") + .queryParam("user.name", "tester") .accept(MediaType.APPLICATION_JSON) .get(ClientResponse.class); assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); @@ -502,6 +530,7 @@ public void testGetEntityWithYarnACLsEnabled() throws Exception { response = r.path("ws").path("v1").path("timeline") .path("test type 3").path("test id 3") .queryParam("fields", "primaryfilters") + .queryParam("user.name", "tester") .accept(MediaType.APPLICATION_JSON) .get(ClientResponse.class); assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); @@ -510,9 +539,9 @@ public void testGetEntityWithYarnACLsEnabled() throws Exception { TimelineStore.SystemFilter.ENTITY_OWNER.toString())); // get entity with other user - remoteUser = "other"; response = r.path("ws").path("v1").path("timeline") .path("test type 3").path("test id 3") + .queryParam("user.name", "other") .accept(MediaType.APPLICATION_JSON) .get(ClientResponse.class); assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getType()); @@ -520,7 +549,6 @@ public void testGetEntityWithYarnACLsEnabled() throws Exception { response.getClientResponseStatus()); } finally { timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); - remoteUser = null; } } @@ -528,7 +556,6 @@ public void testGetEntityWithYarnACLsEnabled() throws Exception { public void testGetEntitiesWithYarnACLsEnabled() { AdminACLsManager oldAdminACLsManager = timelineACLsManager.setAdminACLsManager(adminACLsManager); - remoteUser = "tester"; try { TimelineEntities entities = new TimelineEntities(); TimelineEntity entity = new TimelineEntity(); @@ -538,11 +565,11 @@ public void testGetEntitiesWithYarnACLsEnabled() { entities.addEntity(entity); WebResource r = resource(); ClientResponse response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "tester") .accept(MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_JSON) .post(ClientResponse.class, entities); - remoteUser = "other"; entities = new TimelineEntities(); entity = new TimelineEntity(); entity.setEntityId("test id 5"); @@ -551,11 +578,13 @@ public void testGetEntitiesWithYarnACLsEnabled() { entities.addEntity(entity); r = resource(); response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "other") .accept(MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_JSON) .post(ClientResponse.class, entities); response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "other") .path("test type 4") .accept(MediaType.APPLICATION_JSON) .get(ClientResponse.class); @@ -566,7 +595,6 @@ public void testGetEntitiesWithYarnACLsEnabled() { assertEquals("test id 5", entities.getEntities().get(0).getEntityId()); } finally { timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); - remoteUser = null; } } @@ -574,7 +602,6 @@ public void testGetEntitiesWithYarnACLsEnabled() { public void testGetEventsWithYarnACLsEnabled() { AdminACLsManager oldAdminACLsManager = timelineACLsManager.setAdminACLsManager(adminACLsManager); - remoteUser = "tester"; try { TimelineEntities entities = new TimelineEntities(); TimelineEntity entity = new TimelineEntity(); @@ -588,11 +615,11 @@ public void testGetEventsWithYarnACLsEnabled() { entities.addEntity(entity); WebResource r = resource(); ClientResponse response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "tester") .accept(MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_JSON) .post(ClientResponse.class, entities); - remoteUser = "other"; entities = new TimelineEntities(); entity = new TimelineEntity(); entity.setEntityId("test id 6"); @@ -605,12 +632,14 @@ public void testGetEventsWithYarnACLsEnabled() { entities.addEntity(entity); r = resource(); response = r.path("ws").path("v1").path("timeline") + .queryParam("user.name", "other") .accept(MediaType.APPLICATION_JSON) .type(MediaType.APPLICATION_JSON) .post(ClientResponse.class, entities); response = r.path("ws").path("v1").path("timeline") .path("test type 5").path("events") + .queryParam("user.name", "other") .queryParam("entityId", "test id 5,test id 6") .accept(MediaType.APPLICATION_JSON) .get(ClientResponse.class); @@ -620,43 +649,7 @@ public void testGetEventsWithYarnACLsEnabled() { assertEquals("test id 6", events.getAllEvents().get(0).getEntityId()); } finally { timelineACLsManager.setAdminACLsManager(oldAdminACLsManager); - remoteUser = null; } } - @Singleton - private static class TestFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - if (request instanceof HttpServletRequest) { - request = - new TestHttpServletRequestWrapper((HttpServletRequest) request); - } - chain.doFilter(request, response); - } - - @Override - public void destroy() { - } - - } - - private static class TestHttpServletRequestWrapper extends HttpServletRequestWrapper { - - public TestHttpServletRequestWrapper(HttpServletRequest request) { - super(request); - } - - @Override - public String getRemoteUser() { - return TestTimelineWebServices.remoteUser; - } - - } }