You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by zg...@apache.org on 2019/06/11 03:35:46 UTC
[hbase] 01/02: Revert "HBASE-22116 Added keytab and principal
support for HttpDoAsClient."
This is an automated email from the ASF dual-hosted git repository.
zghao pushed a commit to branch branch-2.2
in repository https://gitbox.apache.org/repos/asf/hbase.git
commit 4d8ff6055573a917e1eefe501bce87f529e7b4ad
Author: Guanghao Zhang <zg...@apache.org>
AuthorDate: Tue Jun 11 10:28:05 2019 +0800
Revert "HBASE-22116 Added keytab and principal support for HttpDoAsClient."
This reverts commit 16425bd7bbd8d71bba898338051c312adebc81da.
---
.../apache/hadoop/hbase/thrift/HttpDoAsClient.java | 105 ++++++---------------
1 file changed, 27 insertions(+), 78 deletions(-)
diff --git a/hbase-examples/src/main/java/org/apache/hadoop/hbase/thrift/HttpDoAsClient.java b/hbase-examples/src/main/java/org/apache/hadoop/hbase/thrift/HttpDoAsClient.java
index 59890ce..f4cb616 100644
--- a/hbase-examples/src/main/java/org/apache/hadoop/hbase/thrift/HttpDoAsClient.java
+++ b/hbase-examples/src/main/java/org/apache/hadoop/hbase/thrift/HttpDoAsClient.java
@@ -18,25 +18,20 @@
*/
package org.apache.hadoop.hbase.thrift;
-import java.io.File;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
-import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
-import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
@@ -71,13 +66,11 @@ public class HttpDoAsClient {
private static boolean secure = false;
static protected String doAsUser = null;
static protected String principal = null;
- static protected String keyTab = null;
public static void main(String[] args) throws Exception {
- if (args.length < 3 || args.length > 6) {
+ if (args.length < 3 || args.length > 4) {
System.out.println("Invalid arguments!");
- System.out.println(
- "Usage: HttpDoAsClient host port doAsUserName [security=true] [principal] [keytab]");
+ System.out.println("Usage: HttpDoAsClient host port doAsUserName [security=true]");
System.exit(-1);
}
@@ -86,16 +79,7 @@ public class HttpDoAsClient {
doAsUser = args[2];
if (args.length > 3) {
secure = Boolean.parseBoolean(args[3]);
- if (args.length > 4) {
- principal = args[4];
- keyTab = args[5];
- if (!new File(keyTab).exists()) {
- System.err.printf("ERROR: KeyTab File %s not found %n", keyTab);
- System.exit(-1);
- }
- } else {
- principal = getSubject().getPrincipals().iterator().next().getName();
- }
+ principal = getSubject().getPrincipals().iterator().next().getName();
}
final HttpDoAsClient client = new HttpDoAsClient();
@@ -271,66 +255,31 @@ public class HttpDoAsClient {
* To authenticate the DemoClient, kinit should be invoked ahead.
* Here we try to get the Kerberos credential from the ticket cache.
*/
- LoginContext context;
-
- if (keyTab != null) {
- // To authenticate the HttpDoAsClient using principal and keyTab
- Set<Principal> principals = new HashSet<>();
- principals.add(new KerberosPrincipal(principal));
- Subject subject =
- new Subject(false, principals, new HashSet<>(), new HashSet<>());
-
- context = new LoginContext("", subject, null, new KerberosConfiguration(principal, keyTab));
- } else {
- /*
- * To authenticate the HttpDoAsClient, kinit should be invoked ahead. Here we try to
- * get the Kerberos credential from the ticket cache.
- */
- context = new LoginContext("", new Subject(), null, new KerberosConfiguration());
- }
+ LoginContext context = new LoginContext("", new Subject(), null,
+ new Configuration() {
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ Map<String, String> options = new HashMap<>();
+ options.put("useKeyTab", "false");
+ options.put("storeKey", "false");
+ options.put("doNotPrompt", "true");
+ options.put("useTicketCache", "true");
+ options.put("renewTGT", "true");
+ options.put("refreshKrb5Config", "true");
+ options.put("isInitiator", "true");
+ String ticketCache = System.getenv("KRB5CCNAME");
+ if (ticketCache != null) {
+ options.put("ticketCache", ticketCache);
+ }
+ options.put("debug", "true");
+
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ options)};
+ }
+ });
context.login();
return context.getSubject();
}
-
- private static class KerberosConfiguration extends Configuration {
- private String principal;
- private String keyTab;
-
- public KerberosConfiguration() {
- // Empty constructor will have no principal or keyTab values
- }
-
- public KerberosConfiguration(String principal, String keyTab) {
- this.principal = principal;
- this.keyTab = keyTab;
- }
-
- @Override
- public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
- Map<String, String> options = new HashMap<>();
- if (principal != null && keyTab != null) {
- options.put("principal", principal);
- options.put("keyTab", keyTab);
- options.put("useKeyTab", "true");
- options.put("storeKey", "true");
- } else {
- options.put("useKeyTab", "false");
- options.put("storeKey", "false");
- }
- options.put("doNotPrompt", "true");
- options.put("useTicketCache", "true");
- options.put("renewTGT", "true");
- options.put("refreshKrb5Config", "true");
- options.put("isInitiator", "true");
- String ticketCache = System.getenv("KRB5CCNAME");
- if (ticketCache != null) {
- options.put("ticketCache", ticketCache);
- }
- options.put("debug", "true");
-
- return new AppConfigurationEntry[] {
- new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
- AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options) };
- }
- }
}