You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2018/02/26 22:31:52 UTC
[43/59] [abbrv] hadoop git commit: YARN-7942. Add check for JAAS
configuration for Yarn Service. Contributed by Billie Rinaldi
YARN-7942. Add check for JAAS configuration for Yarn Service.
Contributed by Billie Rinaldi
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/95904f6b
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/95904f6b
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/95904f6b
Branch: refs/heads/HDFS-7240
Commit: 95904f6b3ccd1d167088086472eabdd85b2d148d
Parents: 1909690
Author: Eric Yang <ey...@apache.org>
Authored: Thu Feb 22 16:12:40 2018 -0500
Committer: Eric Yang <ey...@apache.org>
Committed: Thu Feb 22 16:12:40 2018 -0500
----------------------------------------------------------------------
.../client/impl/zk/RegistrySecurity.java | 44 +++++++++++++++-----
1 file changed, 33 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/95904f6b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
index bb829d8..5c6c983 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
@@ -736,8 +736,10 @@ public class RegistrySecurity extends AbstractService {
* Apply the security environment to this curator instance. This
* may include setting up the ZK system properties for SASL
* @param builder curator builder
+ * @throws IOException if jaas configuration can't be generated or found
*/
- public void applySecurityEnvironment(CuratorFrameworkFactory.Builder builder) {
+ public void applySecurityEnvironment(CuratorFrameworkFactory.Builder
+ builder) throws IOException {
if (isSecureRegistry()) {
switch (access) {
@@ -752,16 +754,36 @@ public class RegistrySecurity extends AbstractService {
break;
case sasl:
- JaasConfiguration jconf =
- new JaasConfiguration(jaasClientEntry, principal, keytab);
- javax.security.auth.login.Configuration.setConfiguration(jconf);
- setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
- "true");
- setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,
- jaasClientEntry);
- LOG.info(
- "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry
- + ", principal = " + principal + ", keytab = " + keytab);
+ String existingJaasConf = System.getProperty(
+ "java.security.auth.login.config");
+ if (existingJaasConf == null || existingJaasConf.isEmpty()) {
+ if (principal == null || keytab == null) {
+ throw new IOException("SASL is configured for registry, " +
+ "but neither keytab/principal nor java.security.auth.login" +
+ ".config system property are specified");
+ }
+ // in this case, keytab and principal are specified and no jaas
+ // config is specified, so we will create one
+ LOG.info(
+ "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry
+ + ", principal = " + principal + ", keytab = " + keytab);
+ JaasConfiguration jconf =
+ new JaasConfiguration(jaasClientEntry, principal, keytab);
+ javax.security.auth.login.Configuration.setConfiguration(jconf);
+ setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
+ "true");
+ setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,
+ jaasClientEntry);
+ } else {
+ // in this case, jaas config is specified so we will not change it
+ LOG.info("Using existing ZK sasl configuration: " +
+ "jaasClientEntry = " + System.getProperty(
+ ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client") +
+ ", sasl client = " + System.getProperty(
+ ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
+ ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT) +
+ ", jaas = " + existingJaasConf);
+ }
break;
default:
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org