You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ga...@apache.org on 2012/12/15 05:06:37 UTC
svn commit: r1422185 - in
/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase:
ipc/HBaseClient.java ipc/HBaseServer.java ipc/ProtobufRpcEngine.java
security/User.java
Author: garyh
Date: Sat Dec 15 04:06:35 2012
New Revision: 1422185
URL: http://svn.apache.org/viewvc?rev=1422185&view=rev
Log:
HBASE-7357 Use hbase.security.authentication for HBaseClient / HBaseServer negotiation
Modified:
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java Sat Dec 15 04:06:35 2012
@@ -349,7 +349,7 @@ public class HBaseClient {
UserGroupInformation ticket = remoteId.getTicket().getUGI();
Class<?> protocol = remoteId.getProtocol();
- this.useSasl = UserGroupInformation.isSecurityEnabled();
+ this.useSasl = User.isHBaseSecurityEnabled(conf);
if (useSasl && protocol != null) {
TokenInfo tokenInfo = protocol.getAnnotation(TokenInfo.class);
if (tokenInfo != null) {
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java Sat Dec 15 04:06:35 2012
@@ -124,7 +124,7 @@ import org.cloudera.htrace.Trace;
@InterfaceAudience.Private
public abstract class HBaseServer implements RpcServer {
private final boolean authorize;
- private boolean isSecurityEnabled;
+ protected boolean isSecurityEnabled;
/**
* The first four bytes of Hadoop RPC connections
*/
@@ -1929,7 +1929,7 @@ public abstract class HBaseServer implem
responder = new Responder();
this.authorize =
conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false);
- this.isSecurityEnabled = UserGroupInformation.isSecurityEnabled();
+ this.isSecurityEnabled = User.isHBaseSecurityEnabled(this.conf);
if (isSecurityEnabled) {
HBaseSaslRpcServer.init(conf);
}
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java Sat Dec 15 04:06:35 2012
@@ -264,7 +264,7 @@ class ProtobufRpcEngine implements RpcEn
new ConcurrentHashMap<String, Method>();
private AuthenticationTokenSecretManager createSecretManager(){
- if (!User.isSecurityEnabled() ||
+ if (!isSecurityEnabled ||
!(instance instanceof org.apache.hadoop.hbase.Server)) {
return null;
}
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java Sat Dec 15 04:06:35 2012
@@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFac
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.hbase.util.Methods;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapreduce.Job;
@@ -184,12 +185,15 @@ public abstract class User {
}
/**
- * Returns whether or not secure authentication is enabled for HBase
- * (whether <code>hbase.security.authentication</code> is set to
- * <code>kerberos</code>.
+ * Returns whether or not secure authentication is enabled for HBase. Note that
+ * HBase security requires HDFS security to provide any guarantees, so this requires that
+ * both <code>hbase.security.authentication</code> and <code>hadoop.security.authentication</code>
+ * are set to <code>kerberos</code>.
*/
public static boolean isHBaseSecurityEnabled(Configuration conf) {
- return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY));
+ return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
+ "kerberos".equalsIgnoreCase(
+ conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
}
/* Concrete implementations */