You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Alejandro Abdelnur (JIRA)" <ji...@apache.org> on 2012/08/02 23:55:03 UTC
[jira] [Created] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Alejandro Abdelnur created HADOOP-8644:
------------------------------------------
Summary: AuthenticatedURL should be able to use SSLFactory
Key: HADOOP-8644
URL: https://issues.apache.org/jira/browse/HADOOP-8644
Project: Hadoop Common
Issue Type: New Feature
Components: security
Affects Versions: 2.2.0-alpha
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
Priority: Critical
Fix For: 2.2.0-alpha
This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429195#comment-13429195 ]
Daryn Sharp commented on HADOOP-8644:
-------------------------------------
Thanks, that clarifies the intention, although I'm still confused why {{SSLFactory}} is involved in a non-ssl connection? If the scheme isn't https, shouldn't it not even be passed in order to avoid other possible unintended consequences?
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8644:
---------------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Status: Resolved (was: Patch Available)
Committed to trunk and branch-2.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Suresh Srinivas (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429606#comment-13429606 ]
Suresh Srinivas commented on HADOOP-8644:
-----------------------------------------
@Alejandro, sounds good :)
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429392#comment-13429392 ]
Daryn Sharp commented on HADOOP-8644:
-------------------------------------
+1 for me too
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13428303#comment-13428303 ]
Alejandro Abdelnur commented on HADOOP-8644:
--------------------------------------------
It makes sense, this should be done in all places where AuthenticatedURL is being used. But I think it should be done as part of a separate JIRA as this one is not introducing such regression. Makes sense?
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13428231#comment-13428231 ]
Daryn Sharp commented on HADOOP-8644:
-------------------------------------
That particular class/method doesn't necessarily have to be used, but we need to carry over the setting of timeouts.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13428110#comment-13428110 ]
Daryn Sharp commented on HADOOP-8644:
-------------------------------------
This appears to be regressing {{URLUtils.openConnection}} that sets connect and read timeouts?
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13428384#comment-13428384 ]
Daryn Sharp commented on HADOOP-8644:
-------------------------------------
I suppose it can be a separate jira, but it needs to be a high prio too since the timeouts were added to address serious problems.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13428407#comment-13428407 ]
Alejandro Abdelnur commented on HADOOP-8644:
--------------------------------------------
Filed JIRA HDFS-3761. Other than that, are we good with this JIRA?
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429568#comment-13429568 ]
Hudson commented on HADOOP-8644:
--------------------------------
Integrated in Hadoop-Mapreduce-trunk-Commit #2576 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Commit/2576/])
HADOOP-8644. AuthenticatedURL should be able to use SSLFactory. (tucu) (Revision 1370045)
Result = FAILURE
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1370045
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/AuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/Authenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/ConnectionConfigurator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/PseudoAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestAuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8644:
---------------------------------------
Attachment: HADOOP-8644.patch
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429529#comment-13429529 ]
Hudson commented on HADOOP-8644:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #2557 (See [https://builds.apache.org/job/Hadoop-Common-trunk-Commit/2557/])
HADOOP-8644. AuthenticatedURL should be able to use SSLFactory. (tucu) (Revision 1370045)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1370045
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/AuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/Authenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/ConnectionConfigurator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/PseudoAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestAuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Arun C Murthy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun C Murthy closed HADOOP-8644.
---------------------------------
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.2-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.0.2-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Suresh Srinivas (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429534#comment-13429534 ]
Suresh Srinivas commented on HADOOP-8644:
-----------------------------------------
Alejandro, can you please wait for Jenkins to +1 before committing the patch. In this case I do not see +1 for your updated patch.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429525#comment-13429525 ]
Hudson commented on HADOOP-8644:
--------------------------------
Integrated in Hadoop-Hdfs-trunk-Commit #2622 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk-Commit/2622/])
HADOOP-8644. AuthenticatedURL should be able to use SSLFactory. (tucu) (Revision 1370045)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1370045
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/AuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/Authenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/ConnectionConfigurator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/PseudoAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestAuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Aaron T. Myers (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429372#comment-13429372 ]
Aaron T. Myers commented on HADOOP-8644:
----------------------------------------
Patch looks good to me. Two small nits:
# You can probably do away with the TestConnectorConfigurator class entirely, and just use a mock and verify().
# Please indent 4 spaces when continuing a line instead of 2, e.g.:
{code}
+ public HttpURLConnection configure(HttpURLConnection conn)
+ throws IOException {
{code}
and:
{code}
+ HttpsURLConnection sslConn =
+ (HttpsURLConnection) new URL("https://foo").openConnection();
{code}
+1 once these are addressed.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8644:
---------------------------------------
Attachment: HADOOP-8644.patch
new patch Addressing ATM's comments.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13428225#comment-13428225 ]
Alejandro Abdelnur commented on HADOOP-8644:
--------------------------------------------
@Daryn, I don't see how that is possible as {{URLUtils}} it is not using {{AuthenticatedURL}} class.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429223#comment-13429223 ]
Alejandro Abdelnur commented on HADOOP-8644:
--------------------------------------------
If you have a {{AuthenticatedURL}} instance that is being used to connect to both HTTP and HTTPS endpoints, you'll need to configure the connection with the SSLFactory only if it is HTTPS. This scenario does not currently happen in Hadoop, it is just a a safeguard for now. I don't see unintended consequences as it is a NOP if HTTP. Makes sense?
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-8644:
---------------------------------------
Status: Patch Available (was: Open)
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429156#comment-13429156 ]
Daryn Sharp commented on HADOOP-8644:
-------------------------------------
I'm not sure I fully grok the change, but I think it looks ok. One question, why does {{SSLFactory#configure}} need to check if the connection is an instance of {{HttpsURLConnection}}? Given that this is a ssl factory, when would it legitimately be invoked with a non-https connection?
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429570#comment-13429570 ]
Alejandro Abdelnur commented on HADOOP-8644:
--------------------------------------------
@suresh, my bad, committed the patch after addressing ATM's comments which where minor. Jenkins failed because it tried to apply the patch on a revision the patch has been already committed. Even if trivial, I'll wait next time to avoid this mis-failures and to ensure I'm not introducing any test-patch warning in the new revision.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429503#comment-13429503 ]
Hadoop QA commented on HADOOP-8644:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12539359/HADOOP-8644.patch
against trunk revision .
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1255//console
This message is automatically generated.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13430335#comment-13430335 ]
Hudson commented on HADOOP-8644:
--------------------------------
Integrated in Hadoop-Hdfs-trunk #1128 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1128/])
HADOOP-8644. AuthenticatedURL should be able to use SSLFactory. (tucu) (Revision 1370045)
Result = SUCCESS
tucu : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1370045
Files :
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/AuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/Authenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/ConnectionConfigurator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/PseudoAuthenticator.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/AuthenticatorTestCase.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestAuthenticatedURL.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch, HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Alejandro Abdelnur (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429188#comment-13429188 ]
Alejandro Abdelnur commented on HADOOP-8644:
--------------------------------------------
{{AuthenticatedURL}} can be used over clear HTTP, that is how it has been used until now, just to provide authentication. This change is to be able to use with HTTPS in order to add encryption. Configuring Hadoop to user Kerberos and to use encryption will still be 2 different knobs as I assume many folks don't want to pay the performance price of wire encryption. Hope this clarifies.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8644) AuthenticatedURL should be able to
use SSLFactory
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13427740#comment-13427740 ]
Hadoop QA commented on HADOOP-8644:
-----------------------------------
+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12538964/HADOOP-8644.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified test files.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 eclipse:eclipse. The patch built with eclipse:eclipse.
+1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed unit tests in hadoop-common-project/hadoop-auth hadoop-common-project/hadoop-common.
+1 contrib tests. The patch passed contrib unit tests.
Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/1246//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/1246//console
This message is automatically generated.
> AuthenticatedURL should be able to use SSLFactory
> -------------------------------------------------
>
> Key: HADOOP-8644
> URL: https://issues.apache.org/jira/browse/HADOOP-8644
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.2.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Priority: Critical
> Fix For: 2.2.0-alpha
>
> Attachments: HADOOP-8644.patch
>
>
> This is required to enable the use of HTTPS with SPNEGO using Hadoop configured keystores. This is required by HADOOP-8581.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira