knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmin...@apache.org
Subject knox git commit: [KNOX-502] - Invalid requests (404s) should be logged and audited
Date Wed, 27 Jan 2016 23:58:26 GMT
Repository: knox
Updated Branches:
  refs/heads/master b036065f7 -> 933e848a6


[KNOX-502] - Invalid requests (404s) should be logged and audited


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/933e848a
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/933e848a
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/933e848a

Branch: refs/heads/master
Commit: 933e848a627b7ee82c351d103983a564f1046b01
Parents: b036065
Author: Kevin Minder <kminder@apache.org>
Authored: Wed Jan 27 18:47:24 2016 -0500
Committer: Kevin Minder <kminder@apache.org>
Committed: Wed Jan 27 18:50:48 2016 -0500

----------------------------------------------------------------------
 CHANGES                                         |  1 +
 .../gateway/GatewayForwardingServlet.java       | 88 ++++++++++++++------
 .../apache/hadoop/gateway/GatewayResources.java |  3 +
 .../gateway/GatewayForwardingServletTest.java   |  5 +-
 4 files changed, 71 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index c6aa3c1..d042e5e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,7 @@ Release Notes - Apache Knox - Version 0.8.0
 ** New Feature
 ** Improvement
     * [KNOX-650] - Add posixGroups support for LDAP groups lookup
+    * [KNOX-502] - Invalid requests (404s) should be logged and audited
 ** Bug
 
 ------------------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
index e31a31c..f2d21be 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java
@@ -17,6 +17,11 @@
  */
 package org.apache.hadoop.gateway;
 
+import org.apache.hadoop.gateway.audit.api.*;
+import org.apache.hadoop.gateway.audit.log4j.audit.AuditConstants;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+import org.apache.hadoop.gateway.i18n.resources.ResourcesFactory;
+
 import java.io.*;
 
 import javax.servlet.*;
@@ -24,7 +29,18 @@ import javax.servlet.http.*;
 
 public class GatewayForwardingServlet extends HttpServlet{
 
-  private static final long serialVersionUID = 1L;  
+  private static final long serialVersionUID = 1L;
+
+  private static final String AUDIT_ACTION = "forward";
+
+  private static final GatewayResources RES = ResourcesFactory.get( GatewayResources.class
);
+  private static final GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
+
+  private static AuditService auditService = AuditServiceFactory.getAuditService();
+  private static Auditor auditor = AuditServiceFactory.getAuditService()
+          .getAuditor( AuditConstants.DEFAULT_AUDITOR_NAME,
+                  AuditConstants.KNOX_SERVICE_NAME, AuditConstants.KNOX_COMPONENT_NAME );
+
   private String redirectToContext = null;
 
   @Override
@@ -68,34 +84,58 @@ public class GatewayForwardingServlet extends HttpServlet{
                     HttpServletResponse response)
             throws ServletException, IOException
   {
-    String path = "";
-    String pathInfo = request.getPathInfo();
-    if (pathInfo != null && pathInfo.length() > 0) {
-      path = path + pathInfo;
+    String origPath = getRequestPath( request );
+    try {
+      auditService.createContext();
+
+      String origRequest = getRequestLine( request );
+
+      auditor.audit(
+              AUDIT_ACTION, origPath, ResourceType.URI,
+              ActionOutcome.UNAVAILABLE, RES.forwardToDefaultTopology( request.getMethod(),
redirectToContext ) );
+
+      // Perform cross context dispatch to the configured topology context
+      ServletContext ctx = getServletContext().getContext(redirectToContext);
+      RequestDispatcher dispatcher = ctx.getRequestDispatcher(origRequest);
+
+      dispatcher.forward(request, response);
+
+      auditor.audit(
+              AUDIT_ACTION, origPath, ResourceType.URI,
+              ActionOutcome.SUCCESS, RES.responseStatus( response.getStatus() ) );
+
+    } catch( ServletException | IOException | RuntimeException e ) {
+      auditor.audit(
+              AUDIT_ACTION, origPath, ResourceType.URI,
+              ActionOutcome.FAILURE );
+      throw e;
+    } catch( Throwable e ) {
+      auditor.audit(
+              AUDIT_ACTION, origPath, ResourceType.URI,
+              ActionOutcome.FAILURE );
+      throw new ServletException(e);
+    } finally {
+      auditService.detachContext();
     }
-    String qstr =  request.getQueryString();
-    if (qstr != null && qstr.length() > 0) {
-      path = path + "?" + qstr;
-    }
-
-    // Perform cross context dispatch to the configured topology context
-    ServletContext ctx = getServletContext().getContext(redirectToContext);
-    RequestDispatcher dispatcher = ctx.getRequestDispatcher(path);
-    dispatcher.forward(request, response);    
   }
 
-  public static class MyRequest extends HttpServletRequestWrapper {
-    private String redirectTo = null;
-    
-    public MyRequest(HttpServletRequest request, String redirectTo) {
-        super(request);
+  private static final String getRequestPath( final HttpServletRequest request ) {
+    final String path = request.getPathInfo();
+    if( path == null ) {
+      return "";
+    } else {
+      return path;
     }
+  }
 
-    @Override    
-    public String getContextPath() {
-        return redirectTo;
+  private static final String getRequestLine( final HttpServletRequest request ) {
+    final String path = getRequestPath( request );
+    final String query = request.getQueryString();
+    if( query == null ) {
+      return path;
+    } else {
+      return path + "?" + query;
     }
-
   }
 
-} 
\ No newline at end of file
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
index af9b7d6..ca73279 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayResources.java
@@ -82,4 +82,7 @@ public interface GatewayResources {
 
   @Resource( text="Request method: {0}" )
   String requestMethod( String method );
+
+  @Resource( text="Forward method: {0} to default context: {1}" )
+  String forwardToDefaultTopology(String method, String context );
 }

http://git-wip-us.apache.org/repos/asf/knox/blob/933e848a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
b/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
index 6d32188..38eddae 100644
--- a/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
+++ b/gateway-server/src/test/java/org/apache/hadoop/gateway/GatewayForwardingServletTest.java
@@ -44,9 +44,10 @@ public class GatewayForwardingServletTest {
     EasyMock.expect(config.getServletName()).andStubReturn("default");
     EasyMock.expect(config.getServletContext()).andStubReturn(context);
     EasyMock.expect(config.getInitParameter("redirectTo")).andReturn("/gateway/sandbox");
-    EasyMock.expect(request.getMethod()).andReturn("GET");
-    EasyMock.expect(request.getPathInfo()).andReturn("/webhdfs/v1/tmp");
+    EasyMock.expect(request.getMethod()).andReturn("GET").anyTimes();
+    EasyMock.expect(request.getPathInfo()).andReturn("/webhdfs/v1/tmp").anyTimes();
     EasyMock.expect(request.getQueryString()).andReturn("op=LISTSTATUS");
+    EasyMock.expect(response.getStatus()).andReturn(200).anyTimes();
     EasyMock.expect(context.getContext("/gateway/sandbox")).andReturn(context);
     EasyMock.expect(context.getRequestDispatcher("/webhdfs/v1/tmp?op=LISTSTATUS")).andReturn(dispatcher);
     dispatcher.forward(request, response);


Mime
View raw message