You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ew...@apache.org on 2016/03/09 08:40:23 UTC

kafka git commit: KAFKA-3279: Remove checks for JAAS system property

Repository: kafka
Updated Branches:
  refs/heads/trunk 689309135 -> 324b0c85f


KAFKA-3279: Remove checks for JAAS system property

JAAS configuration may be set using other methods and hence the check for System property doesn't  always match where the actual configuration used by Kafka is loaded from.

Author: Rajini Sivaram <ra...@googlemail.com>

Reviewers: Ismael Juma <is...@juma.me.uk>, Sriharsha Chintalapani <ha...@hortonworks.com>, Flavio Junqueira <fp...@apache.org>, Ewen Cheslack-Postava <ew...@confluent.io>

Closes #967 from rajinisivaram/KAFKA-3279


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/324b0c85
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/324b0c85
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/324b0c85

Branch: refs/heads/trunk
Commit: 324b0c85f603005dceee69033b8fbffc7ef95281
Parents: 6893091
Author: Rajini Sivaram <ra...@googlemail.com>
Authored: Tue Mar 8 23:40:09 2016 -0800
Committer: Ewen Cheslack-Postava <me...@ewencp.org>
Committed: Tue Mar 8 23:40:09 2016 -0800

----------------------------------------------------------------------
 .../apache/kafka/common/security/JaasUtils.java | 31 +++++++-------------
 .../kafka/common/security/kerberos/Login.java   |  5 ++--
 .../security/auth/ZkAuthorizationTest.scala     |  5 +++-
 3 files changed, 18 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/324b0c85/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java b/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
index 0467a09..ff5e008 100644
--- a/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
+++ b/clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java
@@ -21,7 +21,6 @@ import javax.security.auth.login.AppConfigurationEntry;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.io.IOException;
-import java.io.File;
 
 import org.apache.kafka.common.KafkaException;
 import org.slf4j.Logger;
@@ -88,25 +87,17 @@ public class JaasUtils {
         boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
         String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");
 
-        String loginConfigFile = System.getProperty(JAVA_LOGIN_CONFIG_PARAM);
-        if (loginConfigFile != null && loginConfigFile.length() > 0) {
-            File configFile = new File(loginConfigFile);
-            if (!configFile.canRead()) {
-                throw new KafkaException("File " + loginConfigFile + "cannot be read.");
-            }
-                
-            try {
-                Configuration loginConf = Configuration.getConfiguration();
-                isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
-            } catch (Exception e) {
-                throw new KafkaException(e);
-            }
-            if (isSecurityEnabled && !zkSaslEnabled) {
-                LOG.error("JAAS file is present, but system property " + 
-                            ZK_SASL_CLIENT + " is set to false, which disables " +
-                            "SASL in the ZooKeeper client");
-                throw new KafkaException("Exception while determining if ZooKeeper is secure");
-            }
+        try {
+            Configuration loginConf = Configuration.getConfiguration();
+            isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
+        } catch (Exception e) {
+            throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e);
+        }
+        if (isSecurityEnabled && !zkSaslEnabled) {
+            LOG.error("JAAS configuration is present, but system property " +
+                        ZK_SASL_CLIENT + " is set to false, which disables " +
+                        "SASL in the ZooKeeper client");
+            throw new KafkaException("Exception while determining if ZooKeeper is secure");
         }
 
         return isSecurityEnabled;

http://git-wip-us.apache.org/repos/asf/kafka/blob/324b0c85/clients/src/main/java/org/apache/kafka/common/security/kerberos/Login.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/security/kerberos/Login.java b/clients/src/main/java/org/apache/kafka/common/security/kerberos/Login.java
index e8afbe6..2e1a056 100644
--- a/clients/src/main/java/org/apache/kafka/common/security/kerberos/Login.java
+++ b/clients/src/main/java/org/apache/kafka/common/security/kerberos/Login.java
@@ -286,11 +286,12 @@ public class Login {
     private synchronized LoginContext login(final String loginContextName) throws LoginException {
         String jaasConfigFile = System.getProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM);
         if (jaasConfigFile == null) {
-            throw new IllegalArgumentException("You must pass " + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + " in secure mode.");
+            log.debug("System property '" + JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is not set, using default JAAS configuration.");
         }
         AppConfigurationEntry[] configEntries = Configuration.getConfiguration().getAppConfigurationEntry(loginContextName);
         if (configEntries == null) {
-            String errorMessage = "Could not find a '" + loginContextName + "' entry in `" + jaasConfigFile + "`.";
+            String errorMessage = "Could not find a '" + loginContextName + "' entry in the JAAS configuration. System property '" +
+                JaasUtils.JAVA_LOGIN_CONFIG_PARAM + "' is " + (jaasConfigFile == null ? "not set" : jaasConfigFile);
             throw new IllegalArgumentException(errorMessage);
         }
 

http://git-wip-us.apache.org/repos/asf/kafka/blob/324b0c85/core/src/test/scala/unit/kafka/security/auth/ZkAuthorizationTest.scala
----------------------------------------------------------------------
diff --git a/core/src/test/scala/unit/kafka/security/auth/ZkAuthorizationTest.scala b/core/src/test/scala/unit/kafka/security/auth/ZkAuthorizationTest.scala
index 2d73f4d..6a533b3 100644
--- a/core/src/test/scala/unit/kafka/security/auth/ZkAuthorizationTest.scala
+++ b/core/src/test/scala/unit/kafka/security/auth/ZkAuthorizationTest.scala
@@ -46,6 +46,7 @@ class ZkAuthorizationTest extends ZooKeeperTestHarness with Logging{
     super.tearDown()
     System.clearProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM)
     System.clearProperty(authProvider)
+    Configuration.setConfiguration(null)
   }
 
   /**
@@ -55,9 +56,11 @@ class ZkAuthorizationTest extends ZooKeeperTestHarness with Logging{
   @Test
   def testIsZkSecurityEnabled() {
     assertTrue(JaasUtils.isZkSecurityEnabled())
+    Configuration.setConfiguration(null)
     System.clearProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM)
     assertFalse(JaasUtils.isZkSecurityEnabled())
-    try {     
+    try {
+      Configuration.setConfiguration(null)
       System.setProperty(JaasUtils.JAVA_LOGIN_CONFIG_PARAM, "no-such-file-exists.conf")
       JaasUtils.isZkSecurityEnabled()
       fail("Should have thrown an exception")