You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by bz...@apache.org on 2015/04/09 00:33:53 UTC
oozie git commit: OOZIE-1726 Oozie does not support _HOST when
configuring kerberos security (venkatnrangan via bzhang)
Repository: oozie
Updated Branches:
refs/heads/master 05916d2be -> 3fb549f3a
OOZIE-1726 Oozie does not support _HOST when configuring kerberos security (venkatnrangan via bzhang)
Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/3fb549f3
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/3fb549f3
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/3fb549f3
Branch: refs/heads/master
Commit: 3fb549f3ad9c35e133a55287099e325ab2f45715
Parents: 05916d2
Author: Bowen Zhang <bo...@yahoo.com>
Authored: Wed Apr 8 15:32:48 2015 -0700
Committer: Bowen Zhang <bo...@yahoo.com>
Committed: Wed Apr 8 15:33:46 2015 -0700
----------------------------------------------------------------------
.../oozie/service/HadoopAccessorService.java | 5 ++++-
.../java/org/apache/oozie/servlet/AuthFilter.java | 18 +++++++++++++++++-
release-log.txt | 1 +
3 files changed, 22 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/oozie/blob/3fb549f3/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java b/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
index 18de48a..47d44cd 100644
--- a/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
+++ b/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java
@@ -41,6 +41,7 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivilegedExceptionAction;
@@ -164,7 +165,9 @@ public class HadoopAccessorService implements Service {
if (keytabFile.length() == 0) {
throw new ServiceException(ErrorCode.E0026, KERBEROS_KEYTAB);
}
- String principal = ConfigurationService.get(serviceConf, KERBEROS_PRINCIPAL);
+ String principal = SecurityUtil.getServerPrincipal(
+ serviceConf.get(KERBEROS_PRINCIPAL, "oozie/localhost@LOCALHOST"),
+ InetAddress.getLocalHost().getCanonicalHostName());
if (principal.length() == 0) {
throw new ServiceException(ErrorCode.E0026, KERBEROS_PRINCIPAL);
}
http://git-wip-us.apache.org/repos/asf/oozie/blob/3fb549f3/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java b/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java
index a2bc2c5..b5b477d 100644
--- a/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java
+++ b/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java
@@ -21,6 +21,7 @@ package org.apache.oozie.servlet;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
import org.apache.hadoop.conf.Configuration;
import org.apache.oozie.service.Services;
+import org.apache.hadoop.security.SecurityUtil;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -32,6 +33,8 @@ import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Map;
import java.util.Properties;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
import org.apache.oozie.service.JobsConcurrencyService;
import org.apache.oozie.util.ZKUtils;
@@ -41,6 +44,7 @@ import org.apache.oozie.util.ZKUtils;
*/
public class AuthFilter extends AuthenticationFilter {
public static final String OOZIE_PREFIX = "oozie.authentication.";
+ private static final String KERBEROS_PRINCIPAL_CONFIG = "kerberos.principal";
private HttpServlet optionsServlet;
private ZKUtils zkUtils = null;
@@ -105,7 +109,19 @@ public class AuthFilter extends AuthenticationFilter {
if (name.startsWith(OOZIE_PREFIX)) {
String value = conf.get(name);
name = name.substring(OOZIE_PREFIX.length());
- props.setProperty(name, value);
+ if (name.equals(KERBEROS_PRINCIPAL_CONFIG)) {
+ String hostName = "localhost";
+ String principal = value;
+ try {
+ hostName = InetAddress.getLocalHost().getCanonicalHostName();
+ principal = SecurityUtil.getServerPrincipal(value, hostName);
+ } catch (IOException ioe) {
+ // ignore.
+ }
+ props.setProperty(name, principal);
+ } else {
+ props.setProperty(name, value);
+ }
}
}
http://git-wip-us.apache.org/repos/asf/oozie/blob/3fb549f3/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index aa1b380..ae581ac 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 4.2.0 release (trunk - unreleased)
+OOZIE-1726 Oozie does not support _HOST when configuring kerberos security (venkatnrangan via bzhang)
OOZIE-2197 ooziedb.cmd command failed due to classpath being too long on windows (me.venkatr via bzhang)
OOZIE-2182 SLA alert commands are not in sync with doc (puru)
OOZIE-2191 Upgrade jackson version for hadoop-2 profile (ryota)