You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ga...@apache.org on 2012/12/19 19:18:43 UTC
svn commit: r1423997 - in /hbase/branches/0.94:
security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
src/main/java/org/apache/hadoop/hbase/security/User.java
Author: garyh
Date: Wed Dec 19 18:18:42 2012
New Revision: 1423997
URL: http://svn.apache.org/viewvc?rev=1423997&view=rev
Log:
HBASE-7357 Use hbase.security.authentication for client / server security negotiation
Modified:
hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java
Modified: hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java?rev=1423997&r1=1423996&r2=1423997&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java (original)
+++ hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java Wed Dec 19 18:18:42 2012
@@ -98,7 +98,7 @@ public class SecureClient extends HBaseC
User ticket = remoteId.getTicket();
Class<?> protocol = remoteId.getProtocol();
- this.useSasl = User.isSecurityEnabled();
+ this.useSasl = User.isHBaseSecurityEnabled(conf);
if (useSasl && protocol != null) {
TokenInfo tokenInfo = protocol.getAnnotation(TokenInfo.class);
if (tokenInfo != null) {
Modified: hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java?rev=1423997&r1=1423996&r2=1423997&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java (original)
+++ hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java Wed Dec 19 18:18:42 2012
@@ -684,7 +684,7 @@ public abstract class SecureServer exten
conf, serverName, highPriorityLevel);
this.authorize =
conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false);
- this.isSecurityEnabled = UserGroupInformation.isSecurityEnabled();
+ this.isSecurityEnabled = User.isHBaseSecurityEnabled(this.conf);
if (isSecurityEnabled) {
HBaseSaslRpcServer.init(conf);
Modified: hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java?rev=1423997&r1=1423996&r2=1423997&view=diff
==============================================================================
--- hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java (original)
+++ hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java Wed Dec 19 18:18:42 2012
@@ -22,6 +22,7 @@ package org.apache.hadoop.hbase.security
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.util.Methods;
import org.apache.hadoop.mapred.JobConf;
@@ -216,12 +217,15 @@ public abstract class User {
}
/**
- * Returns whether or not secure authentication is enabled for HBase
- * (whether <code>hbase.security.authentication</code> is set to
- * <code>kerberos</code>.
+ * Returns whether or not secure authentication is enabled for HBase. Note that
+ * HBase security requires HDFS security to provide any guarantees, so this requires that
+ * both <code>hbase.security.authentication</code> and <code>hadoop.security.authentication</code>
+ * are set to <code>kerberos</code>.
*/
public static boolean isHBaseSecurityEnabled(Configuration conf) {
- return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY));
+ return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
+ "kerberos".equalsIgnoreCase(
+ conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
}
/* Concrete implementations */