You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ga...@apache.org on 2012/12/19 19:18:43 UTC

svn commit: r1423997 - in /hbase/branches/0.94: security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java src/main/java/org/apache/hadoop/hbase/security/User.java

Author: garyh
Date: Wed Dec 19 18:18:42 2012
New Revision: 1423997

URL: http://svn.apache.org/viewvc?rev=1423997&view=rev
Log:
HBASE-7357  Use hbase.security.authentication for client / server security negotiation

Modified:
    hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
    hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
    hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java

Modified: hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java?rev=1423997&r1=1423996&r2=1423997&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java (original)
+++ hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureClient.java Wed Dec 19 18:18:42 2012
@@ -98,7 +98,7 @@ public class SecureClient extends HBaseC
 
       User ticket = remoteId.getTicket();
       Class<?> protocol = remoteId.getProtocol();
-      this.useSasl = User.isSecurityEnabled();
+      this.useSasl = User.isHBaseSecurityEnabled(conf);
       if (useSasl && protocol != null) {
         TokenInfo tokenInfo = protocol.getAnnotation(TokenInfo.class);
         if (tokenInfo != null) {

Modified: hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java?rev=1423997&r1=1423996&r2=1423997&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java (original)
+++ hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/ipc/SecureServer.java Wed Dec 19 18:18:42 2012
@@ -684,7 +684,7 @@ public abstract class SecureServer exten
         conf, serverName, highPriorityLevel);
     this.authorize =
       conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false);
-    this.isSecurityEnabled = UserGroupInformation.isSecurityEnabled();
+    this.isSecurityEnabled = User.isHBaseSecurityEnabled(this.conf);
 
     if (isSecurityEnabled) {
       HBaseSaslRpcServer.init(conf);

Modified: hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java?rev=1423997&r1=1423996&r2=1423997&view=diff
==============================================================================
--- hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java (original)
+++ hbase/branches/0.94/src/main/java/org/apache/hadoop/hbase/security/User.java Wed Dec 19 18:18:42 2012
@@ -22,6 +22,7 @@ package org.apache.hadoop.hbase.security
 
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
 import org.apache.hadoop.hbase.HBaseConfiguration;
 import org.apache.hadoop.hbase.util.Methods;
 import org.apache.hadoop.mapred.JobConf;
@@ -216,12 +217,15 @@ public abstract class User {
   }
 
   /**
-   * Returns whether or not secure authentication is enabled for HBase
-   * (whether <code>hbase.security.authentication</code> is set to
-   * <code>kerberos</code>.
+   * Returns whether or not secure authentication is enabled for HBase.  Note that
+   * HBase security requires HDFS security to provide any guarantees, so this requires that
+   * both <code>hbase.security.authentication</code> and <code>hadoop.security.authentication</code>
+   * are set to <code>kerberos</code>.
    */
   public static boolean isHBaseSecurityEnabled(Configuration conf) {
-    return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY));
+    return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
+        "kerberos".equalsIgnoreCase(
+            conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
   }
 
   /* Concrete implementations */