You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by aa...@apache.org on 2019/04/08 01:03:47 UTC
[hadoop] branch trunk updated: HADOOP-10848. Cleanup calling of
sun.security.krb5.Config.
This is an automated email from the ASF dual-hosted git repository.
aajisaka pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/trunk by this push:
new 0d47d28 HADOOP-10848. Cleanup calling of sun.security.krb5.Config.
0d47d28 is described below
commit 0d47d283a611b10cb7a842712cb01fa0c043bdc4
Author: Akira Ajisaka <aa...@apache.org>
AuthorDate: Mon Apr 8 10:02:34 2019 +0900
HADOOP-10848. Cleanup calling of sun.security.krb5.Config.
---
.../security/authentication/util/KerberosUtil.java | 49 +++++++++++-----------
.../registry/client/impl/zk/RegistrySecurity.java | 17 ++------
2 files changed, 29 insertions(+), 37 deletions(-)
diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
index 4459928..4319aa5 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
@@ -24,7 +24,6 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
@@ -44,6 +43,7 @@ import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KeyTab;
@@ -90,36 +90,37 @@ public class KerberosUtil {
return (Oid)oidField.get(oidClass);
}
- public static String getDefaultRealm()
- throws ClassNotFoundException, NoSuchMethodException,
- IllegalArgumentException, IllegalAccessException,
+ /**
+ * Return the default realm for this JVM.
+ *
+ * @return The default realm
+ * @throws IllegalArgumentException If the default realm does not exist.
+ * @throws ClassNotFoundException Not thrown. Exists for compatibility.
+ * @throws NoSuchMethodException Not thrown. Exists for compatibility.
+ * @throws IllegalAccessException Not thrown. Exists for compatibility.
+ * @throws InvocationTargetException Not thrown. Exists for compatibility.
+ */
+ public static String getDefaultRealm()
+ throws ClassNotFoundException, NoSuchMethodException,
+ IllegalArgumentException, IllegalAccessException,
InvocationTargetException {
- Object kerbConf;
- Class<?> classRef;
- Method getInstanceMethod;
- Method getDefaultRealmMethod;
- if (IBM_JAVA) {
- classRef = Class.forName("com.ibm.security.krb5.internal.Config");
- } else {
- classRef = Class.forName("sun.security.krb5.Config");
- }
- getInstanceMethod = classRef.getMethod("getInstance", new Class[0]);
- kerbConf = getInstanceMethod.invoke(classRef, new Object[0]);
- getDefaultRealmMethod = classRef.getDeclaredMethod("getDefaultRealm",
- new Class[0]);
- return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
+ // Any name is okay.
+ return new KerberosPrincipal("tmp", 1).getRealm();
}
+ /**
+ * Return the default realm for this JVM.
+ * If the default realm does not exist, this method returns null.
+ *
+ * @return The default realm
+ */
public static String getDefaultRealmProtected() {
- String realmString = null;
try {
- realmString = getDefaultRealm();
- } catch (RuntimeException rte) {
- //silently catch everything
+ return getDefaultRealm();
} catch (Exception e) {
- //silently return null
+ //silently catch everything
+ return null;
}
- return realmString;
}
/*
diff --git a/hadoop-common-project/hadoop-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java b/hadoop-common-project/hadoop-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
index 12a4133..dac1135 100644
--- a/hadoop-common-project/hadoop-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
+++ b/hadoop-common-project/hadoop-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
@@ -42,7 +42,6 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.login.AppConfigurationEntry;
import java.io.File;
import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
@@ -1039,19 +1038,11 @@ public class RegistrySecurity extends AbstractService {
* could be determined
*/
public static String getDefaultRealmInJVM() {
- try {
- return KerberosUtil.getDefaultRealm();
- // JDK7
- } catch (ClassNotFoundException ignored) {
- // ignored
- } catch (NoSuchMethodException ignored) {
- // ignored
- } catch (IllegalAccessException ignored) {
- // ignored
- } catch (InvocationTargetException ignored) {
- // ignored
+ String realm = KerberosUtil.getDefaultRealmProtected();
+ if (realm == null) {
+ realm = "";
}
- return "";
+ return realm;
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org