1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.rest;
20
21 import java.util.ArrayList;
22 import java.util.HashSet;
23 import java.util.List;
24 import java.util.Map;
25 import java.util.Map.Entry;
26 import java.util.Set;
27
28 import org.apache.commons.cli.CommandLine;
29 import org.apache.commons.cli.HelpFormatter;
30 import org.apache.commons.cli.Options;
31 import org.apache.commons.cli.ParseException;
32 import org.apache.commons.cli.PosixParser;
33 import org.apache.commons.lang.ArrayUtils;
34 import org.apache.commons.logging.Log;
35 import org.apache.commons.logging.LogFactory;
36 import org.apache.hadoop.hbase.classification.InterfaceAudience;
37 import org.apache.hadoop.conf.Configuration;
38 import org.apache.hadoop.hbase.HBaseConfiguration;
39 import org.apache.hadoop.hbase.HBaseInterfaceAudience;
40 import org.apache.hadoop.hbase.http.HttpServer;
41 import org.apache.hadoop.hbase.http.InfoServer;
42 import org.apache.hadoop.hbase.rest.filter.AuthFilter;
43 import org.apache.hadoop.hbase.rest.filter.RestCsrfPreventionFilter;
44 import org.apache.hadoop.hbase.security.UserProvider;
45 import org.apache.hadoop.hbase.util.DNS;
46 import org.apache.hadoop.hbase.util.HttpServerUtil;
47 import org.apache.hadoop.hbase.util.Pair;
48 import org.apache.hadoop.hbase.util.Strings;
49 import org.apache.hadoop.hbase.util.VersionInfo;
50 import org.apache.hadoop.util.StringUtils;
51 import org.mortbay.jetty.Connector;
52 import org.mortbay.jetty.Server;
53 import org.mortbay.jetty.nio.SelectChannelConnector;
54 import org.mortbay.jetty.security.SslSelectChannelConnector;
55 import org.mortbay.jetty.servlet.Context;
56 import org.mortbay.jetty.servlet.FilterHolder;
57 import org.mortbay.jetty.servlet.ServletHolder;
58 import org.mortbay.thread.QueuedThreadPool;
59
60 import com.google.common.base.Preconditions;
61 import com.sun.jersey.api.json.JSONConfiguration;
62 import com.sun.jersey.spi.container.servlet.ServletContainer;
63
64
65
66
67
68
69
70
71
72
73 @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.TOOLS)
74 public class RESTServer implements Constants {
75 static Log LOG = LogFactory.getLog("RESTServer");
76
77 static String REST_CSRF_ENABLED_KEY = "hbase.rest.csrf.enabled";
78 static boolean REST_CSRF_ENABLED_DEFAULT = false;
79 static boolean restCSRFEnabled = false;
80 static String REST_CSRF_CUSTOM_HEADER_KEY ="hbase.rest.csrf.custom.header";
81 static String REST_CSRF_CUSTOM_HEADER_DEFAULT = "X-XSRF-HEADER";
82 static String REST_CSRF_METHODS_TO_IGNORE_KEY = "hbase.rest.csrf.methods.to.ignore";
83 static String REST_CSRF_METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
84
85 private static void printUsageAndExit(Options options, int exitCode) {
86 HelpFormatter formatter = new HelpFormatter();
87 formatter.printHelp("bin/hbase rest start", "", options,
88 "\nTo run the REST server as a daemon, execute " +
89 "bin/hbase-daemon.sh start|stop rest [--infoport <port>] [-p <port>] [-ro]\n", true);
90 System.exit(exitCode);
91 }
92
93
94
95
96
97
98
99
100
101
102 private static List<String> getTrimmedStringList(Configuration conf,
103 String name, String defaultValue) {
104 String valueString = conf.get(name, defaultValue);
105 if (valueString == null) {
106 return new ArrayList<>();
107 }
108 return new ArrayList<>(StringUtils.getTrimmedStringCollection(valueString));
109 }
110
111 static String REST_CSRF_BROWSER_USERAGENTS_REGEX_KEY = "hbase.rest-csrf.browser-useragents-regex";
112 static void addCSRFFilter(Context context, Configuration conf) {
113 restCSRFEnabled = conf.getBoolean(REST_CSRF_ENABLED_KEY, REST_CSRF_ENABLED_DEFAULT);
114 if (restCSRFEnabled) {
115 String[] urls = { "/*" };
116 Set<String> restCsrfMethodsToIgnore = new HashSet<>();
117 restCsrfMethodsToIgnore.addAll(getTrimmedStringList(conf,
118 REST_CSRF_METHODS_TO_IGNORE_KEY, REST_CSRF_METHODS_TO_IGNORE_DEFAULT));
119 Map<String, String> restCsrfParams = RestCsrfPreventionFilter
120 .getFilterParams(conf, "hbase.rest-csrf.");
121 HttpServer.defineFilter(context, "csrf", RestCsrfPreventionFilter.class.getName(),
122 restCsrfParams, urls);
123 }
124 }
125
126
127 private static Pair<FilterHolder, Class<? extends ServletContainer>> loginServerPrincipal(
128 UserProvider userProvider, Configuration conf) throws Exception {
129 Class<? extends ServletContainer> containerClass = ServletContainer.class;
130 if (userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled()) {
131 String machineName = Strings.domainNamePointerToHostName(
132 DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"),
133 conf.get(REST_DNS_NAMESERVER, "default")));
134 String keytabFilename = conf.get(REST_KEYTAB_FILE);
135 Preconditions.checkArgument(keytabFilename != null && !keytabFilename.isEmpty(),
136 REST_KEYTAB_FILE + " should be set if security is enabled");
137 String principalConfig = conf.get(REST_KERBEROS_PRINCIPAL);
138 Preconditions.checkArgument(principalConfig != null && !principalConfig.isEmpty(),
139 REST_KERBEROS_PRINCIPAL + " should be set if security is enabled");
140 userProvider.login(REST_KEYTAB_FILE, REST_KERBEROS_PRINCIPAL, machineName);
141 if (conf.get(REST_AUTHENTICATION_TYPE) != null) {
142 containerClass = RESTServletContainer.class;
143 FilterHolder authFilter = new FilterHolder();
144 authFilter.setClassName(AuthFilter.class.getName());
145 authFilter.setName("AuthenticationFilter");
146 return new Pair<FilterHolder, Class<? extends ServletContainer>>(authFilter,containerClass);
147 }
148 }
149 return new Pair<FilterHolder, Class<? extends ServletContainer>>(null, containerClass);
150 }
151
152 private static void parseCommandLine(String[] args, RESTServlet servlet) {
153 Options options = new Options();
154 options.addOption("p", "port", true, "Port to bind to [default: 8080]");
155 options.addOption("ro", "readonly", false, "Respond only to GET HTTP " +
156 "method requests [default: false]");
157 options.addOption(null, "infoport", true, "Port for web UI");
158
159 CommandLine commandLine = null;
160 try {
161 commandLine = new PosixParser().parse(options, args);
162 } catch (ParseException e) {
163 LOG.error("Could not parse: ", e);
164 printUsageAndExit(options, -1);
165 }
166
167
168 if (commandLine != null && commandLine.hasOption("port")) {
169 String val = commandLine.getOptionValue("port");
170 servlet.getConfiguration()
171 .setInt("hbase.rest.port", Integer.valueOf(val));
172 LOG.debug("port set to " + val);
173 }
174
175
176 if (commandLine != null && commandLine.hasOption("readonly")) {
177 servlet.getConfiguration().setBoolean("hbase.rest.readonly", true);
178 LOG.debug("readonly set to true");
179 }
180
181
182 if (commandLine != null && commandLine.hasOption("infoport")) {
183 String val = commandLine.getOptionValue("infoport");
184 servlet.getConfiguration()
185 .setInt("hbase.rest.info.port", Integer.valueOf(val));
186 LOG.debug("Web UI port set to " + val);
187 }
188
189 @SuppressWarnings("unchecked")
190 List<String> remainingArgs = commandLine != null ?
191 commandLine.getArgList() : new ArrayList<String>();
192 if (remainingArgs.size() != 1) {
193 printUsageAndExit(options, 1);
194 }
195
196 String command = remainingArgs.get(0);
197 if ("start".equals(command)) {
198
199 } else if ("stop".equals(command)) {
200 System.exit(1);
201 } else {
202 printUsageAndExit(options, 1);
203 }
204 }
205
206
207
208
209
210
211 public static void main(String[] args) throws Exception {
212 VersionInfo.logVersion();
213 Configuration conf = HBaseConfiguration.create();
214 UserProvider userProvider = UserProvider.instantiate(conf);
215 Pair<FilterHolder, Class<? extends ServletContainer>> pair = loginServerPrincipal(
216 userProvider, conf);
217 FilterHolder authFilter = pair.getFirst();
218 Class<? extends ServletContainer> containerClass = pair.getSecond();
219 RESTServlet servlet = RESTServlet.getInstance(conf, userProvider);
220
221 parseCommandLine(args, servlet);
222
223
224 ServletHolder sh = new ServletHolder(containerClass);
225 sh.setInitParameter(
226 "com.sun.jersey.config.property.resourceConfigClass",
227 ResourceConfig.class.getCanonicalName());
228 sh.setInitParameter("com.sun.jersey.config.property.packages",
229 "jetty");
230
231
232
233
234
235
236
237 ServletHolder shPojoMap = new ServletHolder(containerClass);
238 @SuppressWarnings("unchecked")
239 Map<String, String> shInitMap = sh.getInitParameters();
240 for (Entry<String, String> e : shInitMap.entrySet()) {
241 shPojoMap.setInitParameter(e.getKey(), e.getValue());
242 }
243 shPojoMap.setInitParameter(JSONConfiguration.FEATURE_POJO_MAPPING, "true");
244
245
246
247 Server server = new Server();
248
249 Connector connector = new SelectChannelConnector();
250 if(conf.getBoolean(REST_SSL_ENABLED, false)) {
251 SslSelectChannelConnector sslConnector = new SslSelectChannelConnector();
252 String keystore = conf.get(REST_SSL_KEYSTORE_STORE);
253 String password = HBaseConfiguration.getPassword(conf,
254 REST_SSL_KEYSTORE_PASSWORD, null);
255 String keyPassword = HBaseConfiguration.getPassword(conf,
256 REST_SSL_KEYSTORE_KEYPASSWORD, password);
257 sslConnector.setKeystore(keystore);
258 sslConnector.setPassword(password);
259 sslConnector.setKeyPassword(keyPassword);
260 connector = sslConnector;
261 }
262 connector.setPort(servlet.getConfiguration().getInt("hbase.rest.port", 8080));
263 connector.setHost(servlet.getConfiguration().get("hbase.rest.host", "0.0.0.0"));
264 connector.setHeaderBufferSize(65536);
265
266 server.addConnector(connector);
267
268
269
270
271
272
273 int maxThreads = servlet.getConfiguration().getInt("hbase.rest.threads.max", 100);
274 int minThreads = servlet.getConfiguration().getInt("hbase.rest.threads.min", 2);
275 QueuedThreadPool threadPool = new QueuedThreadPool(maxThreads);
276 threadPool.setMinThreads(minThreads);
277 server.setThreadPool(threadPool);
278
279 server.setSendServerVersion(false);
280 server.setSendDateHeader(false);
281 server.setStopAtShutdown(true);
282
283 Context context = new Context(server, "/", Context.SESSIONS);
284 context.addServlet(shPojoMap, "/status/cluster");
285 context.addServlet(sh, "/*");
286 if (authFilter != null) {
287 context.addFilter(authFilter, "/*", 1);
288 }
289
290
291 String[] filterClasses = servlet.getConfiguration().getStrings(FILTER_CLASSES,
292 ArrayUtils.EMPTY_STRING_ARRAY);
293 for (String filter : filterClasses) {
294 filter = filter.trim();
295 context.addFilter(Class.forName(filter), "/*", 0);
296 }
297 addCSRFFilter(context, conf);
298 HttpServerUtil.constrainHttpMethods(context);
299
300
301 int port = conf.getInt("hbase.rest.info.port", 8085);
302 if (port >= 0) {
303 conf.setLong("startcode", System.currentTimeMillis());
304 String a = conf.get("hbase.rest.info.bindAddress", "0.0.0.0");
305 InfoServer infoServer = new InfoServer("rest", a, port, false, conf);
306 infoServer.setAttribute("hbase.conf", conf);
307 infoServer.start();
308 }
309
310 server.start();
311 server.join();
312 }
313 }