Java 类org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation 实例源码

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_PAIR_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersionPair(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyPairVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyPairVersion>() {
        @Override
        public KeyPairVersion run() throws Exception {
          return provider.getCurrentKeyPair(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_PAIR_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersionPair(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyPairVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyPairVersion>() {
        @Override
        public KeyPairVersion run() throws Exception {
          return provider.getKeyPairVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_PAIR_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyPairVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyPairVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyPairVersion>>() {
        @Override
        public List<KeyPairVersion> run() throws Exception {
          return provider.getKeyPairVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSONPair(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_VERSION_RESOURCE + "/{versionName:.*}")
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersion(
    @PathParam("versionName") final String versionName) throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(versionName, "versionName");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSION);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getKeyVersion(versionName);
        }
      }
  );

  if (keyVersion != null) {
    kmsAudit.ok(user, KMSOp.GET_KEY_VERSION, keyVersion.getName(), "");
  }
  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.VERSIONS_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyVersions(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_KEY_VERSIONS, name);

  List<KeyVersion> ret = user.doAs(
      new PrivilegedExceptionAction<List<KeyVersion>>() {
        @Override
        public List<KeyVersion> run() throws Exception {
          return provider.getKeyVersions(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(ret);
  kmsAudit.ok(user, KMSOp.GET_KEY_VERSIONS, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain)
    throws IOException, ServletException {
  try {
    DATA_TL.remove();
    UserGroupInformation ugi = HttpUserGroupInformation.get();
    String method = ((HttpServletRequest) request).getMethod();
    StringBuffer requestURL = ((HttpServletRequest) request).getRequestURL();
    String queryString = ((HttpServletRequest) request).getQueryString();
    if (queryString != null) {
      requestURL.append("?").append(queryString);
    }
    DATA_TL.set(new Data(ugi, method, requestURL));
    chain.doFilter(request, response);
  } finally {
    DATA_TL.remove();
  }
}

@DELETE
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}")
public Response deleteKey(@PathParam("name") final String name)
    throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.DELETE, user, KMSOp.DELETE_KEY, name);
  KMSClientProvider.checkNotEmpty(name, "name");

  user.doAs(new PrivilegedExceptionAction<Void>() {
    @Override
    public Void run() throws Exception {
      provider.deleteKey(name);
      provider.flush();
      return null;
    }
  });

  kmsAudit.ok(user, KMSOp.DELETE_KEY, name, "");

  return Response.ok().build();
}

@GET
@Path(KMSRESTConstants.KEYS_METADATA_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeysMetadata(@QueryParam(KMSRESTConstants.KEY)
    List<String> keyNamesList) throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  final String[] keyNames = keyNamesList.toArray(
      new String[keyNamesList.size()]);
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_KEYS_METADATA);

  KeyProvider.Metadata[] keysMeta = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata[]>() {
        @Override
        public KeyProvider.Metadata[] run() throws Exception {
          return provider.getKeysMetadata(keyNames);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyNames, keysMeta);
  kmsAudit.ok(user, KMSOp.GET_KEYS_METADATA, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEYS_NAMES_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getKeyNames() throws Exception {
  KMSWebApp.getAdminCallsMeter().mark();
  UserGroupInformation user = HttpUserGroupInformation.get();
  assertAccess(KMSACLs.Type.GET_KEYS, user, KMSOp.GET_KEYS);

  List<String> json = user.doAs(
      new PrivilegedExceptionAction<List<String>>() {
        @Override
        public List<String> run() throws Exception {
          return provider.getKeys();
        }
      }
  );

  kmsAudit.ok(user, KMSOp.GET_KEYS, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.METADATA_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getMetadata(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getAdminCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET_METADATA, user, KMSOp.GET_METADATA, name);

  KeyProvider.Metadata metadata = user.doAs(
      new PrivilegedExceptionAction<KeyProvider.Metadata>() {
        @Override
        public KeyProvider.Metadata run() throws Exception {
          return provider.getMetadata(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(name, metadata);
  kmsAudit.ok(user, KMSOp.GET_METADATA, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}

@GET
@Path(KMSRESTConstants.KEY_RESOURCE + "/{name:.*}/" +
    KMSRESTConstants.CURRENT_VERSION_SUB_RESOURCE)
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentVersion(@PathParam("name") final String name)
    throws Exception {
  UserGroupInformation user = HttpUserGroupInformation.get();
  KMSClientProvider.checkNotEmpty(name, "name");
  KMSWebApp.getKeyCallsMeter().mark();
  assertAccess(KMSACLs.Type.GET, user, KMSOp.GET_CURRENT_KEY, name);

  KeyVersion keyVersion = user.doAs(
      new PrivilegedExceptionAction<KeyVersion>() {
        @Override
        public KeyVersion run() throws Exception {
          return provider.getCurrentKey(name);
        }
      }
  );

  Object json = KMSServerJSONUtils.toJSON(keyVersion);
  kmsAudit.ok(user, KMSOp.GET_CURRENT_KEY, name, "");
  return Response.ok().type(MediaType.APPLICATION_JSON).entity(json).build();
}