You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by st...@apache.org on 2011/12/19 17:26:22 UTC

svn commit: r1220829 - in /hbase/trunk/src/main/java/org/apache/hadoop/hbase: rest/Main.java thrift/ThriftServer.java util/Strings.java

Author: stack
Date: Mon Dec 19 16:26:22 2011
New Revision: 1220829

URL: http://svn.apache.org/viewvc?rev=1220829&view=rev
Log:
HBASE-5062 Missing logons if security is enabled

Modified:
    hbase/trunk/src/main/java/org/apache/hadoop/hbase/rest/Main.java
    hbase/trunk/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
    hbase/trunk/src/main/java/org/apache/hadoop/hbase/util/Strings.java

Modified: hbase/trunk/src/main/java/org/apache/hadoop/hbase/rest/Main.java
URL: http://svn.apache.org/viewvc/hbase/trunk/src/main/java/org/apache/hadoop/hbase/rest/Main.java?rev=1220829&r1=1220828&r2=1220829&view=diff
==============================================================================
--- hbase/trunk/src/main/java/org/apache/hadoop/hbase/rest/Main.java (original)
+++ hbase/trunk/src/main/java/org/apache/hadoop/hbase/rest/Main.java Mon Dec 19 16:26:22 2011
@@ -31,7 +31,10 @@ import org.apache.commons.logging.LogFac
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseConfiguration;
 import org.apache.hadoop.hbase.rest.filter.GzipFilter;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.util.Strings;
 import org.apache.hadoop.hbase.util.VersionInfo;
+import org.apache.hadoop.net.DNS;
 
 import java.util.List;
 import java.util.ArrayList;
@@ -137,6 +140,16 @@ public class Main implements Constants {
     context.addServlet(sh, "/*");
     context.addFilter(GzipFilter.class, "/*", 0);
 
+    // login the server principal (if using secure Hadoop)   
+    if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
+      String machineName = Strings.domainNamePointerToHostName(
+        DNS.getDefaultHost(conf.get("hbase.rest.dns.interface", "default"),
+          conf.get("hbase.rest.dns.nameserver", "default")));
+      User.login(conf, "hbase.rest.keytab.file", "hbase.rest.kerberos.principal",
+        machineName);
+    }
+
+    // start server
     server.start();
     server.join();
   }

Modified: hbase/trunk/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
URL: http://svn.apache.org/viewvc/hbase/trunk/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java?rev=1220829&r1=1220828&r2=1220829&view=diff
==============================================================================
--- hbase/trunk/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java (original)
+++ hbase/trunk/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java Mon Dec 19 16:26:22 2011
@@ -58,6 +58,9 @@ import org.apache.hadoop.hbase.client.Re
 import org.apache.hadoop.hbase.client.Scan;
 import org.apache.hadoop.hbase.filter.Filter;
 import org.apache.hadoop.hbase.filter.ParseFilter;
+import org.apache.hadoop.hbase.security.User;
+import org.apache.hadoop.hbase.util.Strings;
+import org.apache.hadoop.net.DNS;
 import org.apache.hadoop.hbase.filter.PrefixFilter;
 import org.apache.hadoop.hbase.filter.WhileMatchFilter;
 import org.apache.hadoop.hbase.thrift.generated.AlreadyExists;
@@ -1241,6 +1244,16 @@ public class ThriftServer {
           server.getClass().getName());
     }
 
+    // login the server principal (if using secure Hadoop)   
+    Configuration conf = handler.conf;
+    if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
+      String machineName = Strings.domainNamePointerToHostName(
+        DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"),
+          conf.get("hbase.thrift.dns.nameserver", "default")));
+      User.login(conf, "hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal",
+        machineName);
+    }
+
     server.serve();
   }
 

Modified: hbase/trunk/src/main/java/org/apache/hadoop/hbase/util/Strings.java
URL: http://svn.apache.org/viewvc/hbase/trunk/src/main/java/org/apache/hadoop/hbase/util/Strings.java?rev=1220829&r1=1220828&r2=1220829&view=diff
==============================================================================
--- hbase/trunk/src/main/java/org/apache/hadoop/hbase/util/Strings.java (original)
+++ hbase/trunk/src/main/java/org/apache/hadoop/hbase/util/Strings.java Mon Dec 19 16:26:22 2011
@@ -58,4 +58,18 @@ public class Strings {
     }
     return sb.append(key).append(separator).append(value);
   }
+
+  /**
+   * Given a PTR string generated via reverse DNS lookup, return everything
+   * except the trailing period. Example for host.example.com., return
+   * host.example.com
+   * @param dnPtr a domain name pointer (PTR) string.
+   * @return Sanitized hostname with last period stripped off.
+   *
+   */
+  public static String domainNamePointerToHostName(String dnPtr) {
+    if (dnPtr == null)
+      return null;
+    return dnPtr.endsWith(".") ? dnPtr.substring(0, dnPtr.length()-1) : dnPtr;
+  }
 }
\ No newline at end of file