You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2011/12/19 17:24:30 UTC
svn commit: r1220827 - in /hbase/branches/0.92: CHANGES.txt
src/main/java/org/apache/hadoop/hbase/rest/Main.java
src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
src/main/java/org/apache/hadoop/hbase/util/Strings.java
Author: stack
Date: Mon Dec 19 16:24:30 2011
New Revision: 1220827
URL: http://svn.apache.org/viewvc?rev=1220827&view=rev
Log:
HBASE-5062 Missing logons if security is enabled
Modified:
hbase/branches/0.92/CHANGES.txt
hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/rest/Main.java
hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/util/Strings.java
Modified: hbase/branches/0.92/CHANGES.txt
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/CHANGES.txt?rev=1220827&r1=1220826&r2=1220827&view=diff
==============================================================================
--- hbase/branches/0.92/CHANGES.txt (original)
+++ hbase/branches/0.92/CHANGES.txt Mon Dec 19 16:24:30 2011
@@ -491,6 +491,7 @@ Release 0.92.0 - Unreleased
HBASE-5049 TestHLogSplit.testLogRollAfterSplitStart not working due to HBASE-5006
(Jimmy Xiang)
HBASE-5040 Secure HBase builds fail
+ HBASE-5062 Missing logons if security is enabled
TESTS
HBASE-4492 TestRollingRestart fails intermittently
Modified: hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/rest/Main.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/rest/Main.java?rev=1220827&r1=1220826&r2=1220827&view=diff
==============================================================================
--- hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/rest/Main.java (original)
+++ hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/rest/Main.java Mon Dec 19 16:24:30 2011
@@ -31,7 +31,10 @@ import org.apache.commons.logging.LogFac
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.rest.filter.GzipFilter;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.hbase.util.VersionInfo;
+import org.apache.hadoop.net.DNS;
import java.util.List;
import java.util.ArrayList;
@@ -137,6 +140,16 @@ public class Main implements Constants {
context.addServlet(sh, "/*");
context.addFilter(GzipFilter.class, "/*", 0);
+ // login the server principal (if using secure Hadoop)
+ if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
+ String machineName = Strings.domainNamePointerToHostName(
+ DNS.getDefaultHost(conf.get("hbase.rest.dns.interface", "default"),
+ conf.get("hbase.rest.dns.nameserver", "default")));
+ User.login(conf, "hbase.rest.keytab.file", "hbase.rest.kerberos.principal",
+ machineName);
+ }
+
+ // start server
server.start();
server.join();
}
Modified: hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java?rev=1220827&r1=1220826&r2=1220827&view=diff
==============================================================================
--- hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java (original)
+++ hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java Mon Dec 19 16:24:30 2011
@@ -58,6 +58,7 @@ import org.apache.hadoop.hbase.filter.Fi
import org.apache.hadoop.hbase.filter.PrefixFilter;
import org.apache.hadoop.hbase.filter.WhileMatchFilter;
import org.apache.hadoop.hbase.filter.ParseFilter;
+import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.thrift.generated.AlreadyExists;
import org.apache.hadoop.hbase.thrift.generated.BatchMutation;
import org.apache.hadoop.hbase.thrift.generated.ColumnDescriptor;
@@ -70,7 +71,9 @@ import org.apache.hadoop.hbase.thrift.ge
import org.apache.hadoop.hbase.thrift.generated.TRowResult;
import org.apache.hadoop.hbase.thrift.generated.TScan;
import org.apache.hadoop.hbase.util.Bytes;
+import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.hbase.util.VersionInfo;
+import org.apache.hadoop.net.DNS;
import org.apache.thrift.TException;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.protocol.TCompactProtocol;
@@ -1041,6 +1044,16 @@ public class ThriftServer {
server = new TThreadPoolServer(serverArgs);
}
+ // login the server principal (if using secure Hadoop)
+ Configuration conf = handler.conf;
+ if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
+ String machineName = Strings.domainNamePointerToHostName(
+ DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"),
+ conf.get("hbase.thrift.dns.nameserver", "default")));
+ User.login(conf, "hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal",
+ machineName);
+ }
+
server.serve();
}
Modified: hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/util/Strings.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/util/Strings.java?rev=1220827&r1=1220826&r2=1220827&view=diff
==============================================================================
--- hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/util/Strings.java (original)
+++ hbase/branches/0.92/src/main/java/org/apache/hadoop/hbase/util/Strings.java Mon Dec 19 16:24:30 2011
@@ -58,4 +58,18 @@ public class Strings {
}
return sb.append(key).append(separator).append(value);
}
+
+ /**
+ * Given a PTR string generated via reverse DNS lookup, return everything
+ * except the trailing period. Example for host.example.com., return
+ * host.example.com
+ * @param dnPtr a domain name pointer (PTR) string.
+ * @return Sanitized hostname with last period stripped off.
+ *
+ */
+ public static String domainNamePointerToHostName(String dnPtr) {
+ if (dnPtr == null)
+ return null;
+ return dnPtr.endsWith(".") ? dnPtr.substring(0, dnPtr.length()-1) : dnPtr;
+ }
}
\ No newline at end of file