diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java index 19ae9dc..e87187f 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java @@ -23,6 +23,7 @@ import java.io.OutputStream; import java.io.PrintWriter; import java.net.InetAddress; +import java.net.Socket; import java.net.URI; import java.net.URISyntaxException; import java.net.URLEncoder; @@ -32,6 +33,7 @@ import java.util.HashSet; import java.util.List; +import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -44,9 +46,13 @@ import org.apache.commons.httpclient.cookie.CookiePolicy; import org.apache.commons.httpclient.methods.GetMethod; import org.apache.commons.httpclient.params.HttpClientParams; +import org.apache.commons.httpclient.params.HttpConnectionParams; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.io.IOUtils; +import org.apache.hadoop.security.ssl.SSLFactory; import org.apache.hadoop.yarn.api.records.ApplicationId; import org.apache.hadoop.yarn.api.records.ApplicationReport; import org.apache.hadoop.yarn.conf.YarnConfiguration; @@ -98,6 +104,60 @@ public WebAppProxyServlet() TrackingUriPlugin.class); this.rmAppPageUrlBase = StringHelper.pjoin( WebAppUtils.getResolvedRMWebAppURLWithScheme(conf), "cluster", "app"); + configureHttpClientForSSL(); + + } + + /** + * Attempting to configure for SSL for an HTTP client instance does not work + * for the RM proxy scenarios since if your register a protocol handler with + * the appropriate SSL socket factory, it still gets overwritten during a + * redirect. In other words, the initial HTTP request over SSL will succeed, + * return a 302 status and a redirect location, and the + * subsequent redirect will fail since the protocol handler originally + * configured has been overwritten. I would call that a bug in HTTP Client... + * + * The alternative is to do what this method does: simply create and register + * the HTTPS protocol handler as the default handler for all https requests + * leveraging HTTP client in the Resource Manager. Individual instances can + * configure their own protocol handlers via the HTTP client HostConfiguration. + */ + private void configureHttpClientForSSL() { + try { + final SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); + sslFactory.init(); + Protocol.registerProtocol("https", new Protocol("https", + new ProtocolSocketFactory() { + SSLSocketFactory sslSocketFactory = sslFactory.createSSLSocketFactory(); + @Override + public Socket createSocket(String host, + int port, + InetAddress localAddress, + int localPort) + throws IOException { + return sslSocketFactory.createSocket(host, port, localAddress, localPort); + } + + @Override + public Socket createSocket(String host, + int port, + InetAddress localAddress, + int localPort, + HttpConnectionParams httpConnectionParams) + throws IOException { + return sslSocketFactory.createSocket(host, port, localAddress, localPort); + } + + @Override + public Socket createSocket(String host, int port) throws IOException { + return sslSocketFactory.createSocket(host, port); + } + }, 443)); + } catch (Exception e) { + LOG.warn("Unable to create and register an HTTP Client protocol handler " + + "for HTTPS that leverages the Hadoop configured client trust" + + " store. The default HTTPS handler will be utilized", e); + } } /** @@ -147,7 +207,7 @@ private static void warnUserPage(HttpServletResponse resp, String link, * @param c the cookie to set if any * @throws IOException on any error. */ - private static void proxyLink(HttpServletRequest req, + private static void proxyLink(HttpServletRequest req, HttpServletResponse resp, URI link, Cookie c, String proxyHost) throws IOException { org.apache.commons.httpclient.URI uri = @@ -199,7 +259,7 @@ private static void proxyLink(HttpServletRequest req, method.releaseConnection(); } } - + private static String getCheckCookieName(ApplicationId id){ return "checked_"+id; }