You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by rk...@apache.org on 2016/03/28 19:37:48 UTC
hadoop git commit: HADOOP-12954. Add a way to change
hadoop.security.token.service.use_ip (rkanter)
Repository: hadoop
Updated Branches:
refs/heads/trunk 8831b18c6 -> 8cac1bb09
HADOOP-12954. Add a way to change hadoop.security.token.service.use_ip (rkanter)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/8cac1bb0
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/8cac1bb0
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/8cac1bb0
Branch: refs/heads/trunk
Commit: 8cac1bb09f55ff2f285914e349507472ff86f4d7
Parents: 8831b18
Author: Robert Kanter <rk...@apache.org>
Authored: Mon Mar 28 10:36:59 2016 -0700
Committer: Robert Kanter <rk...@apache.org>
Committed: Mon Mar 28 10:36:59 2016 -0700
----------------------------------------------------------------------
.../apache/hadoop/security/SecurityUtil.java | 53 ++++++++++++--------
.../hadoop/security/TestSecurityUtil.java | 16 ++++--
2 files changed, 44 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/8cac1bb0/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
index 61cd516..42abe0e 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
@@ -73,16 +73,38 @@ public class SecurityUtil {
@VisibleForTesting
static HostResolver hostResolver;
+ private static boolean logSlowLookups;
+ private static int slowLookupThresholdMs;
+
static {
- Configuration conf = new Configuration();
+ setConfigurationInternal(new Configuration());
+ }
+
+ @InterfaceAudience.Public
+ @InterfaceStability.Evolving
+ public static void setConfiguration(Configuration conf) {
+ LOG.info("Updating Configuration");
+ setConfigurationInternal(conf);
+ }
+
+ private static void setConfigurationInternal(Configuration conf) {
boolean useIp = conf.getBoolean(
CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP,
CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP_DEFAULT);
setTokenServiceUseIp(useIp);
- }
- private static boolean logSlowLookups = getLogSlowLookupsEnabled();
- private static int slowLookupThresholdMs = getSlowLookupThresholdMs();
+ logSlowLookups = conf.getBoolean(
+ CommonConfigurationKeys
+ .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY,
+ CommonConfigurationKeys
+ .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT);
+
+ slowLookupThresholdMs = conf.getInt(
+ CommonConfigurationKeys
+ .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY,
+ CommonConfigurationKeys
+ .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT);
+ }
/**
* For use only by tests and initialization
@@ -90,6 +112,11 @@ public class SecurityUtil {
@InterfaceAudience.Private
@VisibleForTesting
public static void setTokenServiceUseIp(boolean flag) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Setting "
+ + CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP
+ + " to " + flag);
+ }
useIpForTokenService = flag;
hostResolver = !useIpForTokenService
? new QualifiedHostResolver()
@@ -485,24 +512,6 @@ public class SecurityUtil {
}
}
- private static boolean getLogSlowLookupsEnabled() {
- Configuration conf = new Configuration();
-
- return conf.getBoolean(CommonConfigurationKeys
- .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_KEY,
- CommonConfigurationKeys
- .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_ENABLED_DEFAULT);
- }
-
- private static int getSlowLookupThresholdMs() {
- Configuration conf = new Configuration();
-
- return conf.getInt(CommonConfigurationKeys
- .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_KEY,
- CommonConfigurationKeys
- .HADOOP_SECURITY_DNS_LOG_SLOW_LOOKUPS_THRESHOLD_MS_DEFAULT);
- }
-
/**
* Resolves a host subject to the security requirements determined by
* hadoop.security.token.service.use_ip. Optionally logs slow resolutions.
http://git-wip-us.apache.org/repos/asf/hadoop/blob/8cac1bb0/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
index 14f9091..29932d1 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestSecurityUtil.java
@@ -29,6 +29,7 @@ import java.net.URI;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.token.Token;
@@ -145,7 +146,10 @@ public class TestSecurityUtil {
@Test
public void testBuildDTServiceName() {
- SecurityUtil.setTokenServiceUseIp(true);
+ Configuration conf = new Configuration(false);
+ conf.setBoolean(
+ CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true);
+ SecurityUtil.setConfiguration(conf);
assertEquals("127.0.0.1:123",
SecurityUtil.buildDTServiceName(URI.create("test://LocalHost"), 123)
);
@@ -162,7 +166,10 @@ public class TestSecurityUtil {
@Test
public void testBuildTokenServiceSockAddr() {
- SecurityUtil.setTokenServiceUseIp(true);
+ Configuration conf = new Configuration(false);
+ conf.setBoolean(
+ CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, true);
+ SecurityUtil.setConfiguration(conf);
assertEquals("127.0.0.1:123",
SecurityUtil.buildTokenService(new InetSocketAddress("LocalHost", 123)).toString()
);
@@ -261,7 +268,10 @@ public class TestSecurityUtil {
verifyTokenService(InetSocketAddress addr, String host, String ip, int port, boolean useIp) {
//LOG.info("address:"+addr+" host:"+host+" ip:"+ip+" port:"+port);
- SecurityUtil.setTokenServiceUseIp(useIp);
+ Configuration conf = new Configuration(false);
+ conf.setBoolean(
+ CommonConfigurationKeys.HADOOP_SECURITY_TOKEN_SERVICE_USE_IP, useIp);
+ SecurityUtil.setConfiguration(conf);
String serviceHost = useIp ? ip : StringUtils.toLowerCase(host);
Token<?> token = new Token<TokenIdentifier>();