package org.apache.hadoop.mapred;

import java.io.File;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.examples.SleepJob;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.http.TestHttpServer;
import org.apache.hadoop.mapred.DefaultJobHistoryParser;
import org.apache.hadoop.mapred.JobHistory;
import org.apache.hadoop.mapred.QueueManager;
import org.apache.hadoop.mapreduce.JobID;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.ShellBasedUnixGroupsMapping;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.HadoopPolicyProvider;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/mapred/TestWebUIAuthorization.class */
public class TestWebUIAuthorization extends ClusterMapReduceTestCase {
    private static final String jobSubmitter = "user1";
    private static final String jobSubmitter1 = "user11";
    private static final String jobSubmitter2 = "user12";
    private static final String jobSubmitter3 = "user13";
    private static final String qAdmin = "user3";
    private static final String mrAdminUser = "user4";
    private static final String mrAdminGroup = "admingroup";
    private static final String mrAdminGroupMember = "user2";
    private static final String viewColleague = "colleague1";
    private static final String modifyColleague = "colleague2";
    private static final String viewAndModifyColleague = "colleague3";
    private static final String unauthorizedUser = "evilJohn";
    private static final Log LOG = LogFactory.getLog(TestWebUIAuthorization.class);
    private static String mrOwner = null;

    /* loaded from: input_file:org/apache/hadoop/mapred/TestWebUIAuthorization$MyGroupsProvider.class */
    public static class MyGroupsProvider extends ShellBasedUnixGroupsMapping {
        static Map<String, List<String>> mapping = new HashMap();

        public List<String> getGroups(String str) throws IOException {
            return mapping.get(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.mapred.ClusterMapReduceTestCase
    public void setUp() throws Exception {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getHttpStatusCode(String str, String str2, String str3) throws IOException {
        LOG.info("Accessing " + str + " as user " + str2);
        HttpURLConnection httpURLConnection = (HttpURLConnection) (str2 == null ? new URL(str) : new URL(str + "&user.name=" + str2)).openConnection();
        httpURLConnection.setRequestMethod(str3);
        if (str3.equals("POST")) {
            String str4 = "action=kill&user.name=" + str2;
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            httpURLConnection.setRequestProperty("Content-Length", Integer.toString(str4.length()));
            httpURLConnection.setDoOutput(true);
            httpURLConnection.getOutputStream().write(str4.getBytes());
        }
        httpURLConnection.connect();
        return httpURLConnection.getResponseCode();
    }

    private void validateViewJob(String str, String str2) throws IOException {
        assertEquals("Incorrect return code for job submitter user1", 200, getHttpStatusCode(str, jobSubmitter, str2));
        assertEquals("Incorrect return code for admin user user4", 200, getHttpStatusCode(str, mrAdminUser, str2));
        assertEquals("Incorrect return code for admingroup-member user2", 200, getHttpStatusCode(str, mrAdminGroupMember, str2));
        assertEquals("Incorrect return code for MR-owner " + mrOwner, 200, getHttpStatusCode(str, mrOwner, str2));
        assertEquals("Incorrect return code for queue admin user3", 200, getHttpStatusCode(str, qAdmin, str2));
        assertEquals("Incorrect return code for user in job-view-acl colleague1", 200, getHttpStatusCode(str, viewColleague, str2));
        assertEquals("Incorrect return code for user in job-view-acl and job-modify-acl colleague3", 200, getHttpStatusCode(str, viewAndModifyColleague, str2));
        assertEquals("Incorrect return code for user in job-modify-acl colleague2", 401, getHttpStatusCode(str, modifyColleague, str2));
        assertEquals("Incorrect return code for unauthorizedUser evilJohn", 401, getHttpStatusCode(str, unauthorizedUser, str2));
    }

    private void validateModifyJob(String str, String str2) throws IOException {
        assertEquals(401, getHttpStatusCode(str, viewColleague, str2));
        assertEquals(401, getHttpStatusCode(str, unauthorizedUser, str2));
        assertEquals(200, getHttpStatusCode(str, modifyColleague, str2));
    }

    private RunningJob startSleepJobAsUser(String str, final JobConf jobConf, MiniMRCluster miniMRCluster) throws Exception {
        new SleepJob().setConf(jobConf);
        RunningJob runningJob = (RunningJob) UserGroupInformation.createRemoteUser(str).doAs(new PrivilegedExceptionAction<RunningJob>() { // from class: org.apache.hadoop.mapred.TestWebUIAuthorization.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public RunningJob run() throws Exception {
                JobClient jobClient = new JobClient(jobConf);
                SleepJob sleepJob = new SleepJob();
                sleepJob.setConf(jobConf);
                return jobClient.submitJob(sleepJob.setupJobConf(1, 0, 900000L, 1, 1000L, 1000));
            }
        });
        getTIPId(miniMRCluster, runningJob.getID());
        return runningJob;
    }

    private TaskID getTIPId(MiniMRCluster miniMRCluster, JobID jobID) throws Exception {
        TaskReport[] mapTaskReports;
        JobClient jobClient = new JobClient(miniMRCluster.createJobConf());
        JobID jobID2 = (JobID) jobID;
        TaskID taskID = null;
        do {
            Thread.sleep(200L);
            mapTaskReports = jobClient.getMapTaskReports(jobID2);
        } while (mapTaskReports.length == 0);
        if (0 < mapTaskReports.length) {
            taskID = mapTaskReports[0].getTaskID();
        }
        JobTracker jobTracker = miniMRCluster.getJobTrackerRunner().getJobTracker();
        while (jobTracker.getTaskStatuses(taskID).length == 0) {
            try {
                Thread.sleep(100L);
            } catch (InterruptedException e) {
                LOG.warn("Interrupted while waiting for map attempt to be started");
            }
        }
        return taskID;
    }

    private void confirmJobDetailsJSPKillJobAsUser(MiniMRCluster miniMRCluster, JobConf jobConf, String str, String str2, String str3) throws Exception {
        RunningJob startSleepJobAsUser = startSleepJobAsUser(jobSubmitter, jobConf, miniMRCluster);
        JobID id = startSleepJobAsUser.getID();
        try {
            assertEquals(200, getHttpStatusCode(str + "/jobdetails.jsp?action=kill&jobid=" + id.toString(), str3, "POST"));
            waitForKillJobToFinish(startSleepJobAsUser);
            assertTrue("killJob failed for a job for which user has job-modify permission", startSleepJobAsUser.isComplete());
            if (startSleepJobAsUser.isComplete()) {
                return;
            }
            LOG.info("Killing job " + id + " from finally block");
            assertEquals(200, getHttpStatusCode(str2 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
        } catch (Throwable th) {
            if (!startSleepJobAsUser.isComplete()) {
                LOG.info("Killing job " + id + " from finally block");
                assertEquals(200, getHttpStatusCode(str2 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
            }
            throw th;
        }
    }

    static void setupGroupsProvider() throws IOException {
        Configuration configuration = new Configuration();
        configuration.set("hadoop.security.group.mapping", MyGroupsProvider.class.getName());
        Groups.getUserToGroupsMappingService(configuration);
        MyGroupsProvider.mapping.put(jobSubmitter, Arrays.asList("group1"));
        MyGroupsProvider.mapping.put(viewColleague, Arrays.asList("group2"));
        MyGroupsProvider.mapping.put(modifyColleague, Arrays.asList("group1"));
        MyGroupsProvider.mapping.put(unauthorizedUser, Arrays.asList("evilSociety"));
        MyGroupsProvider.mapping.put(mrAdminGroupMember, Arrays.asList(mrAdminGroup));
        MyGroupsProvider.mapping.put(viewAndModifyColleague, Arrays.asList("group3"));
        MyGroupsProvider.mapping.put(qAdmin, Arrays.asList("group4"));
        mrOwner = UserGroupInformation.getCurrentUser().getShortUserName();
        MyGroupsProvider.mapping.put(mrOwner, Arrays.asList("group5", "group6"));
        MyGroupsProvider.mapping.put(jobSubmitter1, Arrays.asList("group7"));
        MyGroupsProvider.mapping.put(jobSubmitter2, Arrays.asList("group7"));
        MyGroupsProvider.mapping.put(jobSubmitter3, Arrays.asList("group7"));
        MyGroupsProvider.mapping.put(mrAdminUser, Arrays.asList("group8"));
    }

    public void testAuthorizationForJobHistoryPages() throws Exception {
        checkAuthorizationForJobHistoryPages(new Properties());
    }

    public void testAuthorizationForJobHistoryPagesStandalone() throws Exception {
        Properties properties = new Properties();
        properties.setProperty("mapreduce.history.server.http.address", "localhost:8090");
        properties.setProperty("mapreduce.history.server.embedded", "false");
        checkAuthorizationForJobHistoryPages(properties);
    }

    private void checkAuthorizationForJobHistoryPages(Properties properties) throws Exception {
        String str;
        setupGroupsProvider();
        properties.setProperty("hadoop.http.filter.initializers", TestHttpServer.DummyFilterInitializer.class.getName());
        properties.setProperty("mapred.acls.enabled", String.valueOf(true));
        properties.setProperty(QueueManager.toFullPropertyName("default", QueueManager.QueueACL.ADMINISTER_JOBS.getAclName()), qAdmin);
        properties.setProperty(QueueManager.toFullPropertyName("default", QueueManager.QueueACL.SUBMIT_JOB.getAclName()), jobSubmitter);
        properties.setProperty("dfs.permissions", "false");
        properties.setProperty("mapred.job.tracker.history.completed.location", "historyDoneFolderOnHDFS");
        properties.setProperty("mapreduce.cluster.administrators", "user4 admingroup");
        startCluster(true, properties);
        MiniMRCluster mRCluster = getMRCluster();
        mRCluster.getJobTrackerRunner().getJobTrackerInfoPort();
        JobConf jobConf = new JobConf(mRCluster.createJobConf());
        jobConf.set("mapreduce.job.acl-view-job", "colleague1 group3");
        JobTracker jobTracker = getMRCluster().getJobTrackerRunner().getJobTracker();
        String historyUrlPrefix = JobHistoryServer.getHistoryUrlPrefix(jobTracker.conf);
        if ("false".equals(properties.getProperty("mapreduce.history.server.embedded", "true"))) {
            new JobHistoryServer(mRCluster.getJobTrackerRunner().getJobTracker().conf).start();
            str = historyUrlPrefix;
        } else {
            str = "http://" + JobHistoryServer.getAddress(jobTracker.conf) + historyUrlPrefix;
        }
        jobConf.set("mapreduce.job.acl-modify-job", " group1,group3");
        SleepJob sleepJob = new SleepJob();
        final JobConf jobConf2 = new JobConf(jobConf);
        sleepJob.setConf(jobConf2);
        JobID id = ((RunningJob) UserGroupInformation.createRemoteUser(jobSubmitter).doAs(new PrivilegedExceptionAction<RunningJob>() { // from class: org.apache.hadoop.mapred.TestWebUIAuthorization.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public RunningJob run() throws Exception {
                new JobClient(jobConf2);
                SleepJob sleepJob2 = new SleepJob();
                sleepJob2.setConf(jobConf2);
                return JobClient.runJob(sleepJob2.setupJobConf(1, 0, 1000L, 1, 1000L, 1000));
            }
        })).getID();
        JobConf jobConf3 = jobTracker.getJob(id).getJobConf();
        Path completedJobHistoryLocation = JobHistory.getCompletedJobHistoryLocation();
        while (TestJobHistory.getDoneFile(jobConf3, id, completedJobHistoryLocation) == null) {
            Thread.sleep(2000L);
        }
        Path path = new Path(completedJobHistoryLocation, JobHistory.JobInfo.getDoneJobHistoryFileName(jobConf3, id));
        String encode = URLEncoder.encode(path.toString());
        validateViewJob(str + "/jobdetailshistory.jsp?logFile=" + encode, "GET");
        String str2 = str + "/jobtaskshistory.jsp?logFile=" + encode;
        String[] strArr = {"all", "SUCCEEDED", "FAILED", "KILLED"};
        for (String str3 : new String[]{"JOb_SETUP", "MAP", "REDUCE", "JOB_CLEANUP"}) {
            for (String str4 : strArr) {
                validateViewJob(str2 + "&taskType=" + str3 + "&status=" + str4, "GET");
            }
        }
        JobHistory.JobInfo jobInfo = new JobHistory.JobInfo(id.toString());
        JobHistory.parseHistoryFromFS(path.toString().substring(5), new DefaultJobHistoryParser.JobTasksParseListener(jobInfo), path.getFileSystem(jobConf));
        Map allTasks = jobInfo.getAllTasks();
        for (String str5 : allTasks.keySet()) {
            validateViewJob(str + "/taskdetailshistory.jsp?logFile=" + encode + "&tipid=" + str5.toString(), "GET");
            Map taskAttempts = ((JobHistory.Task) allTasks.get(str5)).getTaskAttempts();
            for (String str6 : taskAttempts.keySet()) {
                validateViewJob(str + "/taskstatshistory.jsp?attemptid=" + str6.toString() + "&logFile=" + encode, "GET");
                validateViewJob(TaskLogServlet.getTaskLogUrl("localhost", ((JobHistory.TaskAttempt) taskAttempts.get(str6)).get(JobHistory.Keys.HTTP_PORT), str6.toString()), "GET");
            }
        }
        new File(new Path(TaskLog.getJobDir(id).toString(), TaskTracker.jobACLsFile).toUri().getPath()).delete();
        Iterator it = allTasks.keySet().iterator();
        while (it.hasNext()) {
            Map taskAttempts2 = ((JobHistory.Task) allTasks.get((String) it.next())).getTaskAttempts();
            for (String str7 : taskAttempts2.keySet()) {
                String taskLogUrl = TaskLogServlet.getTaskLogUrl("localhost", ((JobHistory.TaskAttempt) taskAttempts2.get(str7)).get(JobHistory.Keys.HTTP_PORT), str7.toString());
                assertEquals("Incorrect return code for evilJohn", 200, getHttpStatusCode(taskLogUrl, unauthorizedUser, "GET"));
                FileUtil.fullyDelete(TaskLog.getAttemptDir(TaskAttemptID.forName(str7), false));
                assertEquals("Incorrect return code for user1", 410, getHttpStatusCode(taskLogUrl, jobSubmitter, "GET"));
            }
        }
        validateViewJob(str + "/analysejobhistory.jsp?logFile=" + encode, "GET");
        validateViewJob(str + "/jobconf_history.jsp?logFile=" + encode, "GET");
    }

    private void validateJobDetailsJSPKillJob(MiniMRCluster miniMRCluster, JobConf jobConf, String str) throws Exception {
        JobConf jobConf2 = new JobConf(miniMRCluster.createJobConf());
        jobConf2.set("mapreduce.job.acl-view-job", "colleague1 group3");
        jobConf2.set("mapreduce.job.acl-modify-job", " group1,group3");
        String str2 = str + "/jobtracker.jsp?a=b";
        RunningJob startSleepJobAsUser = startSleepJobAsUser(jobSubmitter, jobConf2, miniMRCluster);
        JobID id = startSleepJobAsUser.getID();
        String str3 = str + "/jobdetails.jsp?action=kill&jobid=" + id.toString();
        try {
            assertEquals(401, getHttpStatusCode(str3, viewColleague, "POST"));
            assertEquals(401, getHttpStatusCode(str3, unauthorizedUser, "POST"));
            assertEquals(401, getHttpStatusCode(str3, modifyColleague, "POST"));
            assertEquals(200, getHttpStatusCode(str3, viewAndModifyColleague, "POST"));
            waitForKillJobToFinish(startSleepJobAsUser);
            assertTrue("killJob using jobdetails.jsp failed for a job for which user has job-view and job-modify permissions", startSleepJobAsUser.isComplete());
            if (!startSleepJobAsUser.isComplete()) {
                LOG.info("Killing job " + id + " from finally block");
                assertEquals(200, getHttpStatusCode(str2 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
            }
            confirmJobDetailsJSPKillJobAsUser(miniMRCluster, jobConf2, str, str2, jobSubmitter);
            confirmJobDetailsJSPKillJobAsUser(miniMRCluster, jobConf2, str, str2, mrOwner);
            confirmJobDetailsJSPKillJobAsUser(miniMRCluster, jobConf2, str, str2, mrAdminUser);
            confirmJobDetailsJSPKillJobAsUser(miniMRCluster, jobConf2, str, str2, mrAdminGroupMember);
            confirmJobDetailsJSPKillJobAsUser(miniMRCluster, jobConf2, str, str2, qAdmin);
        } catch (Throwable th) {
            if (!startSleepJobAsUser.isComplete()) {
                LOG.info("Killing job " + id + " from finally block");
                assertEquals(200, getHttpStatusCode(str2 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
            }
            throw th;
        }
    }

    private void confirmJobTrackerJSPKillJobAsUser(MiniMRCluster miniMRCluster, JobConf jobConf, String str, String str2) throws Exception {
        String str3 = str + "/jobtracker.jsp?a=b";
        RunningJob startSleepJobAsUser = startSleepJobAsUser(jobSubmitter, jobConf, miniMRCluster);
        JobID id = startSleepJobAsUser.getID();
        try {
            assertEquals(200, getHttpStatusCode(str3 + "&killJobs=true&jobCheckBox=" + id.toString(), str2, "POST"));
            waitForKillJobToFinish(startSleepJobAsUser);
            assertTrue("killJob failed for a job for which user has job-modify permission", startSleepJobAsUser.isComplete());
            if (startSleepJobAsUser.isComplete()) {
                return;
            }
            LOG.info("Killing job " + id + " from finally block");
            assertEquals(200, getHttpStatusCode(str3 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
        } catch (Throwable th) {
            if (!startSleepJobAsUser.isComplete()) {
                LOG.info("Killing job " + id + " from finally block");
                assertEquals(200, getHttpStatusCode(str3 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
            }
            throw th;
        }
    }

    void waitForKillJobToFinish(RunningJob runningJob) throws IOException {
        while (!runningJob.isComplete()) {
            try {
                Thread.sleep(200L);
            } catch (InterruptedException e) {
                LOG.warn("Interrupted while waiting for killJob() to finish for " + runningJob.getID());
            }
        }
    }

    private void validateKillMultipleJobs(MiniMRCluster miniMRCluster, JobConf jobConf, String str) throws Exception {
        jobConf.set("mapreduce.job.acl-view-job", " ");
        jobConf.set("mapreduce.job.acl-modify-job", " ");
        RunningJob startSleepJobAsUser = startSleepJobAsUser(jobSubmitter, jobConf, miniMRCluster);
        String concat = ((str + "/jobtracker.jsp?a=b") + "&killJobs=true").concat("&jobCheckBox=" + startSleepJobAsUser.getID().toString());
        RunningJob startSleepJobAsUser2 = startSleepJobAsUser(jobSubmitter1, jobConf, miniMRCluster);
        String concat2 = concat.concat("&jobCheckBox=" + startSleepJobAsUser2.getID().toString());
        RunningJob startSleepJobAsUser3 = startSleepJobAsUser(jobSubmitter2, jobConf, miniMRCluster);
        String concat3 = concat2.concat("&jobCheckBox=" + startSleepJobAsUser3.getID().toString());
        jobConf.set("mapreduce.job.acl-modify-job", jobSubmitter1);
        RunningJob startSleepJobAsUser4 = startSleepJobAsUser(jobSubmitter3, jobConf, miniMRCluster);
        String concat4 = concat3.concat("&jobCheckBox=" + startSleepJobAsUser4.getID().toString());
        try {
            assertEquals(401, getHttpStatusCode(concat4, jobSubmitter1, "POST"));
            waitForKillJobToFinish(startSleepJobAsUser2);
            assertTrue("killJob failed for a job for which user has job-modify permission", startSleepJobAsUser2.isComplete());
            waitForKillJobToFinish(startSleepJobAsUser4);
            assertTrue("killJob failed for a job for which user has job-modify permission", startSleepJobAsUser4.isComplete());
            assertFalse("killJob succeeded for a job for which user doesnot  have job-modify permission", startSleepJobAsUser.isComplete());
            assertFalse("killJob succeeded for a job for which user doesnot  have job-modify permission", startSleepJobAsUser3.isComplete());
            assertEquals(200, getHttpStatusCode(concat4, mrOwner, "GET"));
        } catch (Throwable th) {
            assertEquals(200, getHttpStatusCode(concat4, mrOwner, "GET"));
            throw th;
        }
    }

    @Test
    public void testWebUIAuthorization() throws Exception {
        setupGroupsProvider();
        Properties properties = new Properties();
        properties.setProperty("hadoop.http.filter.initializers", TestHttpServer.DummyFilterInitializer.class.getName());
        properties.setProperty("mapred.acls.enabled", String.valueOf(true));
        properties.setProperty(QueueManager.toFullPropertyName("default", QueueManager.QueueACL.ADMINISTER_JOBS.getAclName()), qAdmin);
        properties.setProperty(QueueManager.toFullPropertyName("default", QueueManager.QueueACL.SUBMIT_JOB.getAclName()), "user1,user11,user12,user13");
        properties.setProperty("dfs.permissions", "false");
        properties.setProperty("mapred.tasktracker.map.tasks.maximum", "6");
        properties.setProperty("webinterface.private.actions", "true");
        properties.setProperty("mapreduce.cluster.administrators", "user4 admingroup");
        startCluster(true, properties);
        MiniMRCluster mRCluster = getMRCluster();
        int jobTrackerInfoPort = mRCluster.getJobTrackerRunner().getJobTrackerInfoPort();
        JobConf createJobConf = mRCluster.createJobConf();
        JobConf jobConf = new JobConf(createJobConf);
        jobConf.set("mapreduce.job.acl-view-job", "colleague1 group3");
        jobConf.set("mapreduce.job.acl-modify-job", " group1,group3");
        RunningJob startSleepJobAsUser = startSleepJobAsUser(jobSubmitter, jobConf, mRCluster);
        JobID id = startSleepJobAsUser.getID();
        String str = "http://localhost:" + jobTrackerInfoPort;
        String str2 = str + "/jobtracker.jsp?a=b";
        try {
            validateJobTrackerJSPAccess(str);
            validateJobDetailsJSPAccess(id, str);
            validateTaskGraphServletAccess(id, str);
            validateJobTasksJSPAccess(id, str);
            validateJobConfJSPAccess(id, str);
            validateJobFailuresJSPAccess(id, str);
            valiateJobBlacklistedTrackerJSPAccess(id, str);
            validateJobTrackerJSPSetPriorityAction(id, str);
            TaskID tIPId = getTIPId(mRCluster, id);
            validateTaskStatsJSPAccess(id, str, tIPId);
            validateTaskDetailsJSPAccess(id, str, tIPId);
            validateJobTrackerJSPKillJobAction(startSleepJobAsUser, str);
            if (!startSleepJobAsUser.isComplete()) {
                LOG.info("Killing job " + id + " from finally block");
                assertEquals(200, getHttpStatusCode(str2 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
            }
            validateJobDetailsJSPKillJob(mRCluster, createJobConf, str);
            confirmJobTrackerJSPKillJobAsUser(mRCluster, jobConf, str, viewAndModifyColleague);
            confirmJobTrackerJSPKillJobAsUser(mRCluster, jobConf, str, jobSubmitter);
            confirmJobTrackerJSPKillJobAsUser(mRCluster, jobConf, str, mrOwner);
            confirmJobTrackerJSPKillJobAsUser(mRCluster, jobConf, str, mrAdminUser);
            confirmJobTrackerJSPKillJobAsUser(mRCluster, jobConf, str, mrAdminGroupMember);
            confirmJobTrackerJSPKillJobAsUser(mRCluster, jobConf, str, qAdmin);
            validateKillMultipleJobs(mRCluster, jobConf, str);
        } catch (Throwable th) {
            if (!startSleepJobAsUser.isComplete()) {
                LOG.info("Killing job " + id + " from finally block");
                assertEquals(200, getHttpStatusCode(str2 + "&killJobs=true&jobCheckBox=" + id.toString(), jobSubmitter, "GET"));
            }
            throw th;
        }
    }

    public void testWebUIAuthorizationForCommonServlets() throws Exception {
        setupGroupsProvider();
        Properties properties = new Properties();
        properties.setProperty("hadoop.http.filter.initializers", TestHttpServer.DummyFilterInitializer.class.getName());
        properties.setProperty("hadoop.security.authorization", "true");
        properties.setProperty("hadoop.security.authorization.policyprovider", HadoopPolicyProvider.class.getName());
        properties.setProperty("hadoop.security.instrumentation.requires.admin", "true");
        properties.setProperty("mapreduce.cluster.administrators", "user4 admingroup");
        startCluster(true, properties);
        validateCommonServlets(getMRCluster());
    }

    private void validateCommonServlets(MiniMRCluster miniMRCluster) throws IOException {
        String str = "http://localhost:" + miniMRCluster.getJobTrackerRunner().getJobTrackerInfoPort();
        for (String str2 : new String[]{"logs", "stacks", "logLevel"}) {
            checkAccessToCommonServlet(str + "/" + str2);
        }
        String str3 = "http://localhost:" + miniMRCluster.getTaskTrackerRunner(0).getTaskTracker().getHttpPort();
        for (String str4 : new String[]{"logs", "stacks", "logLevel"}) {
            checkAccessToCommonServlet(str3 + "/" + str4);
        }
    }

    private void checkAccessToCommonServlet(String str) throws IOException {
        String str2 = str + "?a=b";
        assertEquals(200, getHttpStatusCode(str2, mrAdminUser, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrAdminGroupMember, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrOwner, "GET"));
        assertEquals(401, getHttpStatusCode(str2, jobSubmitter, "GET"));
    }

    private void validateJobTrackerJSPKillJobAction(RunningJob runningJob, String str) throws IOException {
        validateModifyJob((str + "/jobtracker.jsp?a=b") + "&killJobs=true&jobCheckBox=" + runningJob.getID().toString(), "GET");
        waitForKillJobToFinish(runningJob);
        assertTrue("killJob failed for a job for which user has job-modify permission", runningJob.isComplete());
    }

    private void validateTaskDetailsJSPAccess(JobID jobID, String str, TaskID taskID) throws IOException {
        validateViewJob(str + "/taskdetails.jsp?jobid=" + jobID.toString() + "&tipid=" + taskID, "GET");
    }

    private void validateTaskStatsJSPAccess(JobID jobID, String str, TaskID taskID) throws IOException {
        validateViewJob(str + "/taskstats.jsp?jobid=" + jobID.toString() + "&tipid=" + taskID, "GET");
    }

    private void validateJobTrackerJSPSetPriorityAction(JobID jobID, String str) throws IOException {
        String str2 = (str + "/jobtracker.jsp?a=b") + "&changeJobPriority=true&setJobPriority=HIGH&jobCheckBox=" + jobID.toString();
        validateModifyJob(str2, "GET");
        assertEquals(200, getHttpStatusCode(str2, jobSubmitter, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrAdminUser, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrAdminGroupMember, "GET"));
        assertEquals(200, getHttpStatusCode(str2, qAdmin, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrOwner, "GET"));
    }

    private void valiateJobBlacklistedTrackerJSPAccess(JobID jobID, String str) throws IOException {
        validateViewJob(str + "/jobblacklistedtrackers.jsp?jobid=" + jobID.toString(), "GET");
    }

    private void validateJobFailuresJSPAccess(JobID jobID, String str) throws IOException {
        validateViewJob(str + "/jobfailures.jsp?jobid=" + jobID.toString(), "GET");
    }

    private void validateJobConfJSPAccess(JobID jobID, String str) throws IOException {
        validateViewJob(str + "/jobconf.jsp?jobid=" + jobID.toString(), "GET");
    }

    private void validateJobTasksJSPAccess(JobID jobID, String str) throws IOException {
        validateViewJob(str + "/jobtasks.jsp?jobid=" + jobID.toString() + "&type=map&pagenum=1&state=running", "GET");
    }

    private void validateTaskGraphServletAccess(JobID jobID, String str) throws IOException {
        String str2 = str + "/taskgraph?type=map&jobid=" + jobID.toString();
        validateViewJob(str2, "GET");
        assertEquals("Incorrect return code for null user", 401, getHttpStatusCode(str2, null, "GET"));
        String str3 = str + "/taskgraph?type=reduce&jobid=" + jobID.toString();
        validateViewJob(str3, "GET");
        assertEquals("Incorrect return code for null user", 401, getHttpStatusCode(str3, null, "GET"));
    }

    private void validateJobDetailsJSPAccess(JobID jobID, String str) throws IOException {
        validateViewJob(str + "/jobdetails.jsp?jobid=" + jobID.toString(), "GET");
    }

    private void validateJobTrackerJSPAccess(String str) throws IOException {
        String str2 = str + "/jobtracker.jsp?a=b";
        assertEquals(200, getHttpStatusCode(str2, jobSubmitter, "GET"));
        assertEquals(200, getHttpStatusCode(str2, viewColleague, "GET"));
        assertEquals(200, getHttpStatusCode(str2, unauthorizedUser, "GET"));
        assertEquals(200, getHttpStatusCode(str2, modifyColleague, "GET"));
        assertEquals(200, getHttpStatusCode(str2, viewAndModifyColleague, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrOwner, "GET"));
        assertEquals(200, getHttpStatusCode(str2, qAdmin, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrAdminUser, "GET"));
        assertEquals(200, getHttpStatusCode(str2, mrAdminGroupMember, "GET"));
    }
}
