STORM-3244 allow logviewer to use independent filter settings from ui

hecsalazar · Oct 3, 2018 · 9cad341 · 9cad341
1 parent a6f76df
commit 9cad341
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 8 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -50,6 +50,8 @@ Some form of Authentication is typically required; e.g., by using java servlet f
 ```yaml
 ui.filter: "filter.class"
 ui.filter.params: "param1":"value1"
+logviewer.filter: "filter.class"
+logviewer.filter.params: "param1":"value1"
 ```
 or by restricting the UI/log-viewers ports to only accept connections from localhost,
 and then front them with another web server, like Apache httpd, that can
@@ -62,7 +64,7 @@ The servlet filters are preferred because they allow individual topologies to
 specify who is (and who is not) allowed to access the pages associated with
 each topology.
 
-The Storm UI can be configured to use `AuthenticationFilter` from hadoop-auth.
+The Storm UI (or logviewer) can be configured to use `AuthenticationFilter` from hadoop-auth.
 ```yaml
 ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
 ui.filter.params:

diff --git a/conf/defaults.yaml b/conf/defaults.yaml
@@ -106,6 +106,8 @@ logviewer.appender.name: "A1"
 logviewer.max.sum.worker.logs.size.mb: 4096
 logviewer.max.per.worker.logs.size.mb: 2048
 logviewer.disable.http.binding: true
+logviewer.filter: null
+logviewer.filter.params: null
 
 logs.users: null
 

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
@@ -55,6 +55,8 @@ Some form of Authentication is typically required, with using java servlet filte
 ```yaml
 ui.filter: "filter.class"
 ui.filter.params: "param1":"value1"
+logviewer.filter: "filter.class"
+logviewer.filter.params: "param1":"value1"
 ```
 or by restricting the UI/log viewers ports to only accept connections from local
 hosts, and then front them with another web server, like Apache httpd, that can
@@ -67,7 +69,7 @@ The servlet filters are preferred because it allows individual topologies to
 specificy who is and who is not allowed to access the pages associated with
 them.  
 
-Storm UI can be configured to use AuthenticationFilter from hadoop-auth.
+Storm UI (or logviewer) can be configured to use AuthenticationFilter from hadoop-auth.
 ```yaml
 ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
 ui.filter.params:

diff --git a/storm-server/src/main/java/org/apache/storm/DaemonConfig.java b/storm-server/src/main/java/org/apache/storm/DaemonConfig.java
@@ -460,6 +460,18 @@ public class DaemonConfig implements Validated {
     @isString
     public static final String LOGVIEWER_APPENDER_NAME = "logviewer.appender.name";
 
+    /**
+     * A class implementing javax.servlet.Filter for authenticating/filtering Logviewer requests.
+     */
+    @isString
+    public static final String LOGVIEWER_FILTER = "logviewer.filter";
+
+    /**
+     * Initialization parameters for the javax.servlet.Filter for Logviewer.
+     */
+    @isMapEntryType(keyType = String.class, valueType = String.class)
+    public static final String LOGVIEWER_FILTER_PARAMS = "logviewer.filter.params";
+
     /**
      * Childopts for Storm UI Java process.
      */
@@ -473,7 +485,7 @@ public class DaemonConfig implements Validated {
     public static final String UI_FILTER = "ui.filter";
 
     /**
-     * Initialization parameters for the javax.servlet.Filter.
+     * Initialization parameters for the javax.servlet.Filter for UI.
      */
     @isMapEntryType(keyType = String.class, valueType = String.class)
     public static final String UI_FILTER_PARAMS = "ui.filter.params";

diff --git a/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/LogviewerServer.java b/storm-webapp/src/main/java/org/apache/storm/daemon/logviewer/LogviewerServer.java
@@ -21,8 +21,6 @@
 import static org.apache.storm.DaemonConfig.UI_HEADER_BUFFER_BYTES;
 
 import com.codahale.metrics.Meter;
-import com.codahale.metrics.Metric;
-import com.codahale.metrics.MetricSet;
 import com.google.common.annotations.VisibleForTesting;
 
 import java.io.File;
@@ -66,10 +64,9 @@ private static Server mkHttpServer(StormMetricsRegistry metricsRegistry, Map<Str
         Server ret = null;
         if (logviewerHttpPort != null && logviewerHttpPort >= 0) {
             LOG.info("Starting Logviewer HTTP servers...");
-            Integer headerBufferSize = ObjectReader.getInt(conf.get(UI_HEADER_BUFFER_BYTES));
-            String filterClass = (String) (conf.get(DaemonConfig.UI_FILTER));
+            String filterClass = (String) (conf.get(DaemonConfig.LOGVIEWER_FILTER));
             @SuppressWarnings("unchecked")
-            Map<String, String> filterParams = (Map<String, String>) (conf.get(DaemonConfig.UI_FILTER_PARAMS));
+            Map<String, String> filterParams = (Map<String, String>) (conf.get(DaemonConfig.LOGVIEWER_FILTER_PARAMS));
             FilterConfiguration filterConfiguration = new FilterConfiguration(filterClass, filterParams);
             final List<FilterConfiguration> filterConfigurations = Arrays.asList(filterConfiguration);