org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation Java Examples

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL.toString()));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain filterChain) throws IOException, ServletException {
  // include Impersonator User Name in case someone (e.g. logger) wants it
  FilterChain filterChainWrapper = new FilterChain() {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
        throws IOException, ServletException {
      Locale.setDefault(defaultLocale);
      HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;

      UserGroupInformation ugi = HttpUserGroupInformation.get();
      if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
        UserGroupInformation realUserUgi = ugi.getRealUser();
        if (realUserUgi != null) {
          httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
        }
      }
      filterChain.doFilter(servletRequest, servletResponse);
    }
  };

  // A hack until HADOOP-15681 get committed
  Locale.setDefault(Locale.US);
  super.doFilter(request, response, filterChainWrapper);
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain filterChain) throws IOException, ServletException {
  // include Impersonator User Name in case someone (e.g. logger) wants it
  FilterChain filterChainWrapper = new FilterChain() {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
        throws IOException, ServletException {
      Locale.setDefault(defaultLocale);
      HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;

      UserGroupInformation ugi = HttpUserGroupInformation.get();
      if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
        UserGroupInformation realUserUgi = ugi.getRealUser();
        if (realUserUgi != null) {
          httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
        }
      }
      filterChain.doFilter(servletRequest, servletResponse);
    }
  };

  // A hack until HADOOP-15681 get committed
  Locale.setDefault(Locale.US);
  super.doFilter(request, response, filterChainWrapper);
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}
 

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}
 

private static void checkPrivilege(MPrivilege... privileges) {
  AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler();
  UserGroupInformation user = HttpUserGroupInformation.get();
  String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName();
  MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER);
  handler.checkPrivileges(principal, Arrays.asList(privileges));
}
 

/**
 * Binding to handle DELETE requests.
 *
 * @param path the path for operation.
 * @param op the HttpFS operation of the request.
 * @param params the HttpFS parameters of the request.
 *
 * @return the request response.
 *
 * @throws IOException thrown if an IO error occurred. Thrown exceptions are
 * handled by {@link HttpFSExceptionProvider}.
 * @throws FileSystemAccessException thrown if a FileSystemAccess releated
 * error occurred. Thrown exceptions are handled by
 * {@link HttpFSExceptionProvider}.
 */
@DELETE
@Path("{path:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response delete(@PathParam("path") String path,
                       @QueryParam(OperationParam.NAME) OperationParam op,
                       @Context Parameters params,
                       @Context HttpServletRequest request)
  throws IOException, FileSystemAccessException {
  UserGroupInformation user = HttpUserGroupInformation.get();
  Response response;
  path = makeAbsolute(path);
  MDC.put(HttpFSFileSystem.OP_PARAM, op.value().name());
  MDC.put("hostname", request.getRemoteAddr());
  switch (op.value()) {
    case DELETE: {
      Boolean recursive =
        params.get(RecursiveParam.NAME,  RecursiveParam.class);
      AUDIT_LOG.info("[{}] recursive [{}]", path, recursive);
      FSOperations.FSDelete command =
        new FSOperations.FSDelete(path, recursive);
      JSONObject json = fsExecute(user, command);
      response = Response.ok(json).type(MediaType.APPLICATION_JSON).build();
      break;
    }
    default: {
      throw new IOException(
        MessageFormat.format("Invalid HTTP DELETE operation [{0}]",
                             op.value()));
    }
  }
  return response;
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeyVersions method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(name, "name");
    KMSWebApp.getKeyCallsMeter().mark();
    assertAccess(Type.GET, user, KMSOp.GET_KEY_VERSIONS, name, request.getRemoteAddr());
    LOG.debug("Getting key versions for key {}", name);
    List<KeyVersion> ret = user.doAs(new PrivilegedExceptionAction<List<KeyVersion>>() {
      @Override
      public List<KeyVersion> run() throws Exception {
        return provider.getKeyVersions(name);
      }
    });
    Object json = KMSServerJSONUtils.toJSON(ret);
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeyVersions method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
      LOG.error("Exception in getKeyVersions.", e);
    throw e;
  }
 }
 

@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName, @Context HttpServletRequest request) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeyVersion method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(versionName, "versionName");
    KMSWebApp.getKeyCallsMeter().mark();
    assertAccess(Type.GET, user, KMSOp.GET_KEY_VERSION, request.getRemoteAddr());
    LOG.debug("Getting key with version name {}.", versionName);
    KeyVersion keyVersion = user.doAs(new PrivilegedExceptionAction<KeyVersion>() {
      @Override
      public KeyVersion run() throws Exception {
        return provider.getKeyVersion(versionName);
      }
    });
    if (keyVersion != null) {
      kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
    }
    Object json = KMSUtil.toJSON(keyVersion);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeyVersion method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getKeyVersion.", e);
    throw e;
  }
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getCurrentVersion method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(name, "name");
    KMSWebApp.getKeyCallsMeter().mark();
    assertAccess(Type.GET, user, KMSOp.GET_CURRENT_KEY, name, request.getRemoteAddr());
    LOG.debug("Getting key version for key with name {}.", name);
    KeyVersion keyVersion = user.doAs(new PrivilegedExceptionAction<KeyVersion>() {
      @Override
      public KeyVersion run() throws Exception {
        return provider.getCurrentKey(name);
      }
    });
    Object json = KMSUtil.toJSON(keyVersion);
    kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
    if (LOG.isDebugEnabled()) {
      LOG.debug("Exiting getCurrentVersion method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getCurrentVersion.", e);
    throw e;
  }
}
 

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getMetadata method.");
    }
    UserGroupInformation user = HttpUserGroupInformation.get();
    checkNotEmpty(name, "name");
    KMSWebApp.getAdminCallsMeter().mark();
    assertAccess(Type.GET_METADATA, user, KMSOp.GET_METADATA, name, request.getRemoteAddr());
    LOG.debug("Getting metadata for key with name {}.", name);
    KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
      @Override
      public KeyProvider.Metadata run() throws Exception {
        return provider.getMetadata(name);
      }
    });
    Object json = KMSServerJSONUtils.toJSON(name, metadata);
    kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getMetadata method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getMetadata.", e);
    throw e;
  }
}
 

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames(@Context HttpServletRequest request) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeyNames method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    UserGroupInformation user = HttpUserGroupInformation.get();
    assertAccess(Type.GET_KEYS, user, KMSOp.GET_KEYS, request.getRemoteAddr());
    List<String> json = user.doAs(new PrivilegedExceptionAction<List<String>>() {
      @Override
      public List<String> run() throws Exception {
        return provider.getKeys();
      }
    });
    kmsAudit.ok(user, KMSOp.GET_KEYS, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeyNames method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getkeyNames.", e);
    throw e;
  }
}
 

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList, @Context HttpServletRequest request) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering getKeysMetadata method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    UserGroupInformation user = HttpUserGroupInformation.get();
    final String[] keyNames = keyNamesList.toArray( new String[keyNamesList.size()]);
    assertAccess(Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA, request.getRemoteAddr());
    KeyProvider.Metadata[] keysMeta = user.doAs(new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
      @Override
      public KeyProvider.Metadata[] run() throws Exception {
        return provider.getKeysMetadata(keyNames);
      }
    });
    Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
    kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting getKeysMetadata method.");
    }
    return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
  } catch (Exception e) {
    LOG.error("Exception in getKeysmetadata.", e);
    throw e;
  }
}
 

@POST
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" + KMSRESTConstants.INVALIDATECACHE_RESOURCE)
public Response invalidateCache(@PathParam("name") final String name) throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering invalidateCache Method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    checkNotEmpty(name, "name");
    UserGroupInformation user = HttpUserGroupInformation.get();
    assertAccess(Type.ROLLOVER, user, KMSOp.INVALIDATE_CACHE, name);
    LOG.debug("Invalidating cache with key name {}.", name);
    user.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        provider.invalidateCache(name);
        provider.flush();
        return null;
      }
    });
    kmsAudit.ok(user, KMSOp.INVALIDATE_CACHE, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting invalidateCache for key name {}.", name);
    }
    return Response.ok().build();
  } catch (Exception e) {
    LOG.error("Exception in invalidateCache for key name {}.", name, e);
    throw e;
  }
}
 

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name, @Context HttpServletRequest request)
    throws Exception {
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Entering deleteKey method.");
    }
    KMSWebApp.getAdminCallsMeter().mark();
    UserGroupInformation user = HttpUserGroupInformation.get();
    assertAccess(Type.DELETE, user, KMSOp.DELETE_KEY, name, request.getRemoteAddr());
    checkNotEmpty(name, "name");
    LOG.debug("Deleting key with name {}.", name);
    user.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        provider.deleteKey(name);
        provider.flush();
        return null;
      }
    });
    kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");
    if (LOG.isDebugEnabled()) {
        LOG.debug("Exiting deleteKey method.");
    }
    return Response.ok().build();
  } catch (Exception e) {
    LOG.error("Exception in deleteKey.", e);
    throw e;
    }
}
 

/**
 * Get username specified by custom username HTTP header.
 *
 * @return Name of user sending the request
 */
public String getUserName() {
  if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) {
    return HttpUserGroupInformation.get().getShortUserName();
  } else {
    return request.getParameter(PseudoAuthenticator.USER_NAME);
  }
}