diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java
index ef6fa88..e2274e9 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/CallRunner.java
@@ -23,7 +23,6 @@ import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.hbase.ipc.RpcServer.Call;
import org.apache.hadoop.hbase.monitoring.MonitoredRPCHandler;
import org.apache.hadoop.hbase.monitoring.TaskMonitor;
-import org.apache.hadoop.hbase.security.UserProvider;
import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;
@@ -35,14 +34,13 @@ import com.google.protobuf.Message;
/**
* The request processing logic, which is usually executed in thread pools provided by an
* {@link RpcScheduler}. Call {@link #run()} to actually execute the contained
- * {@link RpcServer.Call}
+ * RpcServer.Call
*/
@InterfaceAudience.Private
public class CallRunner {
private Call call;
private RpcServerInterface rpcServer;
private MonitoredRPCHandler status;
- private UserProvider userProvider;
/**
* On construction, adds the size of this call to the running count of outstanding call sizes.
@@ -50,13 +48,12 @@ public class CallRunner {
* time we occupy heap.
*/
// The constructor is shutdown so only RpcServer in this class can make one of these.
- CallRunner(final RpcServerInterface rpcServer, final Call call, UserProvider userProvider) {
+ CallRunner(final RpcServerInterface rpcServer, final Call call) {
this.call = call;
this.rpcServer = rpcServer;
// Add size of the call to queue size.
this.rpcServer.addCallSize(call.getSize());
this.status = getStatus();
- this.userProvider = userProvider;
}
public Call getCall() {
@@ -70,7 +67,6 @@ public class CallRunner {
this.call = null;
this.rpcServer = null;
this.status = null;
- this.userProvider = null;
}
public void run() {
@@ -101,8 +97,6 @@ public class CallRunner {
if (call.tinfo != null) {
traceScope = Trace.startSpan(call.toTraceString(), call.tinfo);
}
- RequestContext.set(userProvider.create(call.connection.user), RpcServer.getRemoteIp(),
- call.connection.service);
// make the call
resultPair = this.rpcServer.call(call.service, call.md, call.param, call.cellScanner,
call.timestamp, this.status);
@@ -117,11 +111,8 @@ public class CallRunner {
if (traceScope != null) {
traceScope.close();
}
- // Must always clear the request context to avoid leaking
- // credentials between requests.
- RequestContext.clear();
+ RpcServer.CurCall.set(null);
}
- RpcServer.CurCall.set(null);
// Set the response for undelayed calls and delayed calls with
// undelayed responses.
if (!call.isDelayed() || !call.isReturnValueDelayed()) {
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RequestContext.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RequestContext.java
deleted file mode 100644
index a395f2e..0000000
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RequestContext.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Copyright The Apache Software Foundation
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.hbase.ipc;
-
-import org.apache.hadoop.hbase.classification.InterfaceAudience;
-import org.apache.hadoop.hbase.security.User;
-
-import com.google.protobuf.BlockingService;
-
-import org.apache.hadoop.hbase.util.Bytes;
-import org.apache.htrace.Trace;
-
-import java.net.InetAddress;
-
-/**
- * Represents client information (authenticated username, remote address, protocol)
- * for the currently executing request. If called outside the context of a RPC request, all values
- * will be null. The {@link CallRunner} class before it a call and then on
- * its way out, it will clear the thread local.
- */
-@InterfaceAudience.Private
-public class RequestContext {
- private static ThreadLocal instance =
- new ThreadLocal() {
- protected RequestContext initialValue() {
- return new RequestContext(null, null, null);
- }
- };
-
- public static RequestContext get() {
- return instance.get();
- }
-
-
- /**
- * Returns the user credentials associated with the current RPC request or
- * null if no credentials were provided.
- * @return A User
- */
- public static User getRequestUser() {
- RequestContext ctx = instance.get();
- if (ctx != null) {
- return ctx.getUser();
- }
- return null;
- }
-
- /**
- * Returns the username for any user associated with the current RPC
- * request or null if no user is set.
- */
- public static String getRequestUserName() {
- User user = getRequestUser();
- if (user != null) {
- return user.getShortName();
- }
- return null;
- }
-
- /**
- * Indicates whether or not the current thread is within scope of executing
- * an RPC request.
- */
- public static boolean isInRequestContext() {
- RequestContext ctx = instance.get();
- if (ctx != null) {
- return ctx.isInRequest();
- }
- return false;
- }
-
- /**
- * Initializes the client credentials for the current request.
- * @param user
- * @param remoteAddress
- * @param service
- */
- public static void set(User user,
- InetAddress remoteAddress, BlockingService service) {
- RequestContext ctx = instance.get();
- ctx.user = user;
- ctx.remoteAddress = remoteAddress;
- ctx.service = service;
- ctx.inRequest = true;
- if (Trace.isTracing()) {
- if (user != null) {
- Trace.currentSpan().addKVAnnotation(Bytes.toBytes("user"), Bytes.toBytes(user.getName()));
- }
- if (remoteAddress != null) {
- Trace.currentSpan().addKVAnnotation(
- Bytes.toBytes("remoteAddress"),
- Bytes.toBytes(remoteAddress.getHostAddress()));
- }
- }
- }
-
- /**
- * Clears out the client credentials for a given request.
- */
- public static void clear() {
- RequestContext ctx = instance.get();
- ctx.user = null;
- ctx.remoteAddress = null;
- ctx.service = null;
- ctx.inRequest = false;
- }
-
- private User user;
- private InetAddress remoteAddress;
- private BlockingService service;
- // indicates we're within a RPC request invocation
- private boolean inRequest;
-
- private RequestContext(User user, InetAddress remoteAddr, BlockingService service) {
- this.user = user;
- this.remoteAddress = remoteAddr;
- this.service = service;
- }
-
- public User getUser() {
- return user;
- }
-
- public InetAddress getRemoteAddress() {
- return remoteAddress;
- }
-
- public BlockingService getService() {
- return this.service;
- }
-
- boolean isInRequest() {
- return inRequest;
- }
-}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java
index fd16346..971fa50 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcCallContext.java
@@ -17,6 +17,10 @@
*/
package org.apache.hadoop.hbase.ipc;
+import java.net.InetAddress;
+
+import org.apache.hadoop.hbase.security.User;
+
public interface RpcCallContext extends Delayable {
/**
@@ -36,4 +40,21 @@ public interface RpcCallContext extends Delayable {
* @return True if the client supports cellblocks, else return all content in pb
*/
boolean isClientCellBlockSupport();
+
+ /**
+ * Returns the user credentials associated with the current RPC request or
+ * null if no credentials were provided.
+ * @return A User
+ */
+ User getRequestUser();
+
+ /**
+ * @return Current request's user name or null if none ongoing.
+ */
+ String getRequestUserName();
+
+ /**
+ * @return Address of remote client if a request is ongoing, else null
+ */
+ InetAddress getRemoteAddress();
}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
index 07921db..770f4cd 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java
@@ -96,6 +96,7 @@ import org.apache.hadoop.hbase.security.AccessDeniedException;
import org.apache.hadoop.hbase.security.AuthMethod;
import org.apache.hadoop.hbase.security.HBasePolicyProvider;
import org.apache.hadoop.hbase.security.HBaseSaslRpcServer;
+import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.HBaseSaslRpcServer.SaslDigestCallbackHandler;
import org.apache.hadoop.hbase.security.HBaseSaslRpcServer.SaslGssCallbackHandler;
import org.apache.hadoop.hbase.security.SaslStatus;
@@ -299,9 +300,12 @@ public class RpcServer implements RpcServerInterface {
protected TraceInfo tinfo;
private ByteBuffer cellBlock = null;
+ private User user;
+ private InetAddress remoteAddress;
+
Call(int id, final BlockingService service, final MethodDescriptor md, RequestHeader header,
Message param, CellScanner cellScanner, Connection connection, Responder responder,
- long size, TraceInfo tinfo) {
+ long size, TraceInfo tinfo, final InetAddress remoteAddress) {
this.id = id;
this.service = service;
this.md = md;
@@ -316,6 +320,8 @@ public class RpcServer implements RpcServerInterface {
this.isError = false;
this.size = size;
this.tinfo = tinfo;
+ this.user = connection.user == null? null: userProvider.create(connection.user);
+ this.remoteAddress = remoteAddress;
}
/**
@@ -522,6 +528,22 @@ public class RpcServer implements RpcServerInterface {
public UserGroupInformation getRemoteUser() {
return connection.user;
}
+
+ @Override
+ public User getRequestUser() {
+ return user;
+ }
+
+ @Override
+ public String getRequestUserName() {
+ User user = getRequestUser();
+ return user == null? null: user.getShortName();
+ }
+
+ @Override
+ public InetAddress getRemoteAddress() {
+ return remoteAddress;
+ }
}
/** Listens on the socket. Creates jobs for the handler threads*/
@@ -1196,13 +1218,14 @@ public class RpcServer implements RpcServerInterface {
// Fake 'call' for failed authorization response
private static final int AUTHORIZATION_FAILED_CALLID = -1;
private final Call authFailedCall =
- new Call(AUTHORIZATION_FAILED_CALLID, null, null, null, null, null, this, null, 0, null);
+ new Call(AUTHORIZATION_FAILED_CALLID, null, null, null, null, null, this, null, 0, null,
+ null);
private ByteArrayOutputStream authFailedResponse =
new ByteArrayOutputStream();
// Fake 'call' for SASL context setup
private static final int SASL_CALLID = -33;
private final Call saslCall =
- new Call(SASL_CALLID, this.service, null, null, null, null, this, null, 0, null);
+ new Call(SASL_CALLID, this.service, null, null, null, null, this, null, 0, null, null);
public UserGroupInformation attemptingUser = null; // user name before auth
@@ -1590,7 +1613,7 @@ public class RpcServer implements RpcServerInterface {
private int doBadPreambleHandling(final String msg, final Exception e) throws IOException {
LOG.warn(msg);
- Call fakeCall = new Call(-1, null, null, null, null, null, this, responder, -1, null);
+ Call fakeCall = new Call(-1, null, null, null, null, null, this, responder, -1, null, null);
setupResponse(null, fakeCall, e, msg);
responder.doRespond(fakeCall);
// Returning -1 closes out the connection.
@@ -1749,7 +1772,7 @@ public class RpcServer implements RpcServerInterface {
if ((totalRequestSize + callQueueSize.get()) > maxQueueSize) {
final Call callTooBig =
new Call(id, this.service, null, null, null, null, this,
- responder, totalRequestSize, null);
+ responder, totalRequestSize, null, null);
ByteArrayOutputStream responseBuffer = new ByteArrayOutputStream();
setupResponse(responseBuffer, callTooBig, new CallQueueTooBigException(),
"Call queue is full on " + getListenerAddress() +
@@ -1794,7 +1817,7 @@ public class RpcServer implements RpcServerInterface {
final Call readParamsFailedCall =
new Call(id, this.service, null, null, null, null, this,
- responder, totalRequestSize, null);
+ responder, totalRequestSize, null, null);
ByteArrayOutputStream responseBuffer = new ByteArrayOutputStream();
setupResponse(responseBuffer, readParamsFailedCall, t,
msg + "; " + t.getMessage());
@@ -1806,9 +1829,8 @@ public class RpcServer implements RpcServerInterface {
? new TraceInfo(header.getTraceInfo().getTraceId(), header.getTraceInfo().getParentId())
: null;
Call call = new Call(id, this.service, md, header, param, cellScanner, this, responder,
- totalRequestSize,
- traceInfo);
- scheduler.dispatch(new CallRunner(RpcServer.this, call, userProvider));
+ totalRequestSize, traceInfo, RpcServer.getRemoteIp());
+ scheduler.dispatch(new CallRunner(RpcServer.this, call));
}
private boolean authorizeConnection() throws IOException {
@@ -2346,6 +2368,33 @@ public class RpcServer implements RpcServerInterface {
}
/**
+ * Returns the user credentials associated with the current RPC request or
+ * null if no credentials were provided.
+ * @return A User
+ */
+ public static User getRequestUser() {
+ RpcCallContext ctx = getCurrentCall();
+ return ctx == null? null: ctx.getRequestUser();
+ }
+
+ /**
+ * Returns the username for any user associated with the current RPC
+ * request or null if no user is set.
+ */
+ public static String getRequestUserName() {
+ User user = getRequestUser();
+ return user == null? null: user.getShortName();
+ }
+
+ /**
+ * @return Address of remote client if a request is ongoing, else null
+ */
+ public static InetAddress getRemoteAddress() {
+ RpcCallContext ctx = getCurrentCall();
+ return ctx == null? null: ctx.getRemoteAddress();
+ }
+
+ /**
* @param serviceName Some arbitrary string that represents a 'service'.
* @param services Available service instances
* @return Matching BlockingServiceAndInterface pair
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
index cc7c2a1..581e3c9 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java
@@ -81,7 +81,6 @@ import org.apache.hadoop.hbase.client.TableState;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.exceptions.DeserializationException;
import org.apache.hadoop.hbase.executor.ExecutorType;
-import org.apache.hadoop.hbase.ipc.RequestContext;
import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.ipc.ServerNotRunningYetException;
import org.apache.hadoop.hbase.master.MasterRpcServices.BalanceSwitchMode;
@@ -1192,8 +1191,7 @@ public class HMaster extends HRegionServer implements MasterServices, Server {
* @return Client info for use as prefix on an audit log string; who did an action
*/
String getClientIdAuditPrefix() {
- return "Client=" + RequestContext.getRequestUserName() + "/" +
- RequestContext.get().getRemoteAddress();
+ return "Client=" + RpcServer.getRequestUserName() + "/" + RpcServer.getRemoteAddress();
}
/**
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/handler/CreateTableHandler.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/handler/CreateTableHandler.java
index b60733e..b884544 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/handler/CreateTableHandler.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/handler/CreateTableHandler.java
@@ -43,7 +43,7 @@ import org.apache.hadoop.hbase.client.RegionReplicaUtil;
import org.apache.hadoop.hbase.client.TableState;
import org.apache.hadoop.hbase.executor.EventHandler;
import org.apache.hadoop.hbase.executor.EventType;
-import org.apache.hadoop.hbase.ipc.RequestContext;
+import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.master.AssignmentManager;
import org.apache.hadoop.hbase.master.HMaster;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
@@ -104,9 +104,8 @@ public class CreateTableHandler extends EventHandler {
// If we are creating the table in service to an RPC request, record the
// active user for later, so proper permissions will be applied to the
// new table by the AccessController if it is active
- if (RequestContext.isInRequestContext()) {
- this.activeUser = RequestContext.getRequestUser();
- } else {
+ this.activeUser = RpcServer.getRequestUser();
+ if (this.activeUser == null) {
this.activeUser = UserProvider.instantiate(conf).getCurrent();
}
} catch (InterruptedException e) {
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
index b7a891d..177ced2 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/master/snapshot/SnapshotManager.java
@@ -47,7 +47,7 @@ import org.apache.hadoop.hbase.classification.InterfaceStability;
import org.apache.hadoop.hbase.client.TableState;
import org.apache.hadoop.hbase.errorhandling.ForeignException;
import org.apache.hadoop.hbase.executor.ExecutorService;
-import org.apache.hadoop.hbase.ipc.RequestContext;
+import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.master.AssignmentManager;
import org.apache.hadoop.hbase.master.MasterCoprocessorHost;
import org.apache.hadoop.hbase.master.MasterFileSystem;
@@ -567,7 +567,7 @@ public class SnapshotManager extends MasterProcedureManager implements Stoppable
if (!snapshot.hasVersion()) {
builder.setVersion(SnapshotDescriptionUtils.SNAPSHOT_LAYOUT_VERSION);
}
- User user = RequestContext.getRequestUser();
+ User user = RpcServer.getRequestUser();
if (User.isHBaseSecurityEnabled(master.getConfiguration()) && user != null) {
builder.setOwner(user.getShortName());
}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerQuotaManager.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerQuotaManager.java
index a6c3e84..0a63c13 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerQuotaManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/quotas/RegionServerQuotaManager.java
@@ -27,7 +27,7 @@ import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.hbase.classification.InterfaceStability;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.ipc.RpcScheduler;
-import org.apache.hadoop.hbase.ipc.RequestContext;
+import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.protobuf.generated.ClientProtos;
import org.apache.hadoop.hbase.regionserver.Region;
import org.apache.hadoop.hbase.regionserver.RegionServerServices;
@@ -176,9 +176,10 @@ public class RegionServerQuotaManager {
private OperationQuota checkQuota(final Region region,
final int numWrites, final int numReads, final int numScans)
throws IOException, ThrottlingException {
+ User user = RpcServer.getRequestUser();
UserGroupInformation ugi;
- if (RequestContext.isInRequestContext()) {
- ugi = RequestContext.getRequestUser().getUGI();
+ if (user != null) {
+ ugi = user.getUGI();
} else {
ugi = User.getCurrent().getUGI();
}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 3a211d2..2bab7e8 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -75,7 +75,7 @@ import org.apache.hadoop.hbase.filter.CompareFilter;
import org.apache.hadoop.hbase.filter.Filter;
import org.apache.hadoop.hbase.filter.FilterList;
import org.apache.hadoop.hbase.io.hfile.HFile;
-import org.apache.hadoop.hbase.ipc.RequestContext;
+import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.master.MasterServices;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.ResponseConverter;
@@ -372,11 +372,7 @@ public class AccessController extends BaseMasterAndRegionObserver
private void logResult(AuthResult result) {
if (AUDITLOG.isTraceEnabled()) {
- RequestContext ctx = RequestContext.get();
- InetAddress remoteAddr = null;
- if (ctx != null) {
- remoteAddr = ctx.getRemoteAddress();
- }
+ InetAddress remoteAddr = RpcServer.getRemoteAddress();
AUDITLOG.trace("Access " + (result.isAllowed() ? "allowed" : "denied") +
" for user " + (result.getUser() != null ? result.getUser().getShortName() : "UNKNOWN") +
"; reason: " + result.getReason() +
@@ -392,8 +388,8 @@ public class AccessController extends BaseMasterAndRegionObserver
* otherwise the currently logged in user is used.
*/
private User getActiveUser() throws IOException {
- User user = RequestContext.getRequestUser();
- if (!RequestContext.isInRequestContext()) {
+ User user = RpcServer.getRequestUser();
+ if (user == null) {
// for non-rpc handling, fallback to system user
user = userProvider.getCurrent();
}
@@ -2024,14 +2020,11 @@ public class AccessController extends BaseMasterAndRegionObserver
* If so, we assume that access control is correctly enforced based on
* the checks performed in preScannerOpen()
*/
- private void requireScannerOwner(InternalScanner s)
- throws AccessDeniedException {
- if (RequestContext.isInRequestContext()) {
- String requestUserName = RequestContext.getRequestUserName();
- String owner = scannerOwners.get(s);
- if (owner != null && !owner.equals(requestUserName)) {
- throw new AccessDeniedException("User '"+ requestUserName +"' is not the scanner owner!");
- }
+ private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
+ String requestUserName = RpcServer.getRequestUserName();
+ String owner = scannerOwners.get(s);
+ if (owner != null && !owner.equals(requestUserName)) {
+ throw new AccessDeniedException("User '"+ requestUserName +"' is not the scanner owner!");
}
}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java
index e1c49ec..6abc358 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java
@@ -39,7 +39,7 @@ import org.apache.hadoop.hbase.coprocessor.BulkLoadObserver;
import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
import org.apache.hadoop.hbase.coprocessor.ObserverContext;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
-import org.apache.hadoop.hbase.ipc.RequestContext;
+import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.ResponseConverter;
import org.apache.hadoop.hbase.protobuf.generated.ClientProtos;
@@ -336,8 +336,8 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService
}
private User getActiveUser() {
- User user = RequestContext.getRequestUser();
- if (!RequestContext.isInRequestContext()) {
+ User user = RpcServer.getRequestUser();
+ if (user == null) {
return null;
}
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
index 568d6fd..6548194 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/token/TokenProvider.java
@@ -31,7 +31,6 @@ import org.apache.hadoop.hbase.CoprocessorEnvironment;
import org.apache.hadoop.hbase.coprocessor.CoprocessorService;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
import org.apache.hadoop.hbase.ipc.RpcServer;
-import org.apache.hadoop.hbase.ipc.RequestContext;
import org.apache.hadoop.hbase.ipc.RpcServerInterface;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.ResponseConverter;
@@ -111,7 +110,7 @@ public class TokenProvider implements AuthenticationProtos.AuthenticationService
"No secret manager configured for token authentication");
}
- User currentUser = RequestContext.getRequestUser();
+ User currentUser = RpcServer.getRequestUser();
UserGroupInformation ugi = null;
if (currentUser != null) {
ugi = currentUser.getUGI();
@@ -137,7 +136,7 @@ public class TokenProvider implements AuthenticationProtos.AuthenticationService
@Override
public void whoAmI(RpcController controller, AuthenticationProtos.WhoAmIRequest request,
RpcCallback done) {
- User requestUser = RequestContext.getRequestUser();
+ User requestUser = RpcServer.getRequestUser();
AuthenticationProtos.WhoAmIResponse.Builder response =
AuthenticationProtos.WhoAmIResponse.newBuilder();
if (requestUser != null) {
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
index fbfc333..5fb0234 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java
@@ -73,7 +73,7 @@ import org.apache.hadoop.hbase.filter.Filter;
import org.apache.hadoop.hbase.filter.FilterBase;
import org.apache.hadoop.hbase.filter.FilterList;
import org.apache.hadoop.hbase.io.hfile.HFile;
-import org.apache.hadoop.hbase.ipc.RequestContext;
+import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.master.MasterServices;
import org.apache.hadoop.hbase.protobuf.ResponseConverter;
import org.apache.hadoop.hbase.protobuf.generated.ClientProtos.RegionActionResult;
@@ -596,12 +596,11 @@ public class VisibilityController extends BaseMasterAndRegionObserver implements
* access control is correctly enforced based on the checks performed in preScannerOpen()
*/
private void requireScannerOwner(InternalScanner s) throws AccessDeniedException {
- if (RequestContext.isInRequestContext()) {
- String requestUName = RequestContext.getRequestUserName();
- String owner = scannerOwners.get(s);
- if (owner != null && !owner.equals(requestUName)) {
- throw new AccessDeniedException("User '" + requestUName + "' is not the scanner owner!");
- }
+ // This is duplicated code!
+ String requestUName = RpcServer.getRequestUserName();
+ String owner = scannerOwners.get(s);
+ if (owner != null && !owner.equals(requestUName)) {
+ throw new AccessDeniedException("User '" + requestUName + "' is not the scanner owner!");
}
}
@@ -825,12 +824,8 @@ public class VisibilityController extends BaseMasterAndRegionObserver implements
private void logResult(boolean isAllowed, String request, String reason, byte[] user,
List labelAuths, String regex) {
if (AUDITLOG.isTraceEnabled()) {
- RequestContext ctx = RequestContext.get();
- InetAddress remoteAddr = null;
- if (ctx != null) {
- remoteAddr = ctx.getRemoteAddress();
- }
-
+ // This is more duplicated code!
+ InetAddress remoteAddr = RpcServer.getRemoteAddress();
List labelAuthsStr = new ArrayList<>();
if (labelAuths != null) {
int labelAuthsSize = labelAuths.size();
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
index d495b69..916a34c 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityUtils.java
@@ -44,7 +44,7 @@ import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.hbase.exceptions.DeserializationException;
import org.apache.hadoop.hbase.filter.Filter;
import org.apache.hadoop.hbase.io.util.StreamUtils;
-import org.apache.hadoop.hbase.ipc.RequestContext;
+import org.apache.hadoop.hbase.ipc.RpcServer;
import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.MultiUserAuthorizations;
import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.UserAuthorizations;
@@ -326,8 +326,8 @@ public class VisibilityUtils {
* @throws IOException When there is IOE in getting the system user (During non-RPC handling).
*/
public static User getActiveUser() throws IOException {
- User user = RequestContext.getRequestUser();
- if (!RequestContext.isInRequestContext()) {
+ User user = RpcServer.getRequestUser();
+ if (user == null) {
user = User.getCurrent();
}
if (LOG.isTraceEnabled()) {
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestCallRunner.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestCallRunner.java
index be16529..6080bca 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestCallRunner.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestCallRunner.java
@@ -35,7 +35,7 @@ public class TestCallRunner {
Mockito.when(mockRpcServer.isStarted()).thenReturn(true);
RpcServer.Call mockCall = Mockito.mock(RpcServer.Call.class);
mockCall.connection = Mockito.mock(RpcServer.Connection.class);
- CallRunner cr = new CallRunner(mockRpcServer, mockCall, new UserProvider());
+ CallRunner cr = new CallRunner(mockRpcServer, mockCall);
cr.run();
}
}
\ No newline at end of file
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java
index 3bd20b2..6bb2765 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/token/TestTokenAuthentication.java
@@ -51,7 +51,6 @@ import org.apache.hadoop.hbase.client.HTableInterface;
import org.apache.hadoop.hbase.coprocessor.RegionCoprocessorEnvironment;
import org.apache.hadoop.hbase.ipc.BlockingRpcCallback;
import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
-import org.apache.hadoop.hbase.ipc.RequestContext;
import org.apache.hadoop.hbase.ipc.RpcClient;
import org.apache.hadoop.hbase.ipc.RpcClientFactory;
import org.apache.hadoop.hbase.ipc.RpcServer;
@@ -295,7 +294,7 @@ public class TestTokenAuthentication {
public AuthenticationProtos.GetAuthenticationTokenResponse getAuthenticationToken(
RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request)
throws ServiceException {
- LOG.debug("Authentication token request from "+RequestContext.getRequestUserName());
+ LOG.debug("Authentication token request from " + RpcServer.getRequestUserName());
// ignore passed in controller -- it's always null
ServerRpcController serverController = new ServerRpcController();
BlockingRpcCallback callback =
@@ -313,7 +312,7 @@ public class TestTokenAuthentication {
public AuthenticationProtos.WhoAmIResponse whoAmI(
RpcController controller, AuthenticationProtos.WhoAmIRequest request)
throws ServiceException {
- LOG.debug("whoAmI() request from "+RequestContext.getRequestUserName());
+ LOG.debug("whoAmI() request from " + RpcServer.getRequestUserName());
// ignore passed in controller -- it's always null
ServerRpcController serverController = new ServerRpcController();
BlockingRpcCallback callback =