You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bo...@apache.org on 2012/11/05 19:37:40 UTC
svn commit: r1405910 - in
/hadoop/common/trunk/hadoop-common-project/hadoop-common: ./
src/main/java/org/apache/hadoop/ipc/
src/main/java/org/apache/hadoop/security/
src/test/java/org/apache/hadoop/security/
Author: bobby
Date: Mon Nov 5 18:37:39 2012
New Revision: 1405910
URL: http://svn.apache.org/viewvc?rev=1405910&view=rev
Log:
HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via bobby)
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1405910&r1=1405909&r2=1405910&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Mon Nov 5 18:37:39 2012
@@ -336,6 +336,9 @@ Release 2.0.3-alpha - Unreleased
HADOOP-9009. Add SecurityUtil methods to get/set authentication method
(daryn via bobby)
+ HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via
+ bobby)
+
OPTIMIZATIONS
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java?rev=1405910&r1=1405909&r2=1405910&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java Mon Nov 5 18:37:39 2012
@@ -69,6 +69,7 @@ import org.apache.hadoop.security.SaslRp
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.TokenInfo;
@@ -295,8 +296,9 @@ public class Client {
}
if (token != null) {
- authMethod = AuthMethod.DIGEST;
+ authMethod = AuthenticationMethod.TOKEN.getAuthMethod();
} else if (UserGroupInformation.isSecurityEnabled()) {
+ // eventually just use the ticket's authMethod
authMethod = AuthMethod.KERBEROS;
} else {
authMethod = AuthMethod.SIMPLE;
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java?rev=1405910&r1=1405909&r2=1405910&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java Mon Nov 5 18:37:39 2012
@@ -1526,11 +1526,11 @@ public abstract class Server {
if (!useSasl) {
user = protocolUser;
if (user != null) {
- user.setAuthenticationMethod(AuthMethod.SIMPLE.authenticationMethod);
+ user.setAuthenticationMethod(AuthMethod.SIMPLE);
}
} else {
// user is authenticated
- user.setAuthenticationMethod(authMethod.authenticationMethod);
+ user.setAuthenticationMethod(authMethod);
//Now we check if this is a proxy user case. If the protocol user is
//different from the 'user', it is a proxy user scenario. However,
//this is not allowed if user authenticated with DIGEST.
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java?rev=1405910&r1=1405909&r2=1405910&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcServer.java Mon Nov 5 18:37:39 2012
@@ -42,7 +42,6 @@ import org.apache.hadoop.classification.
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.Server;
-import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
@@ -137,20 +136,17 @@ public class SaslRpcServer {
/** Authentication method */
@InterfaceStability.Evolving
public static enum AuthMethod {
- SIMPLE((byte) 80, "", AuthenticationMethod.SIMPLE),
- KERBEROS((byte) 81, "GSSAPI", AuthenticationMethod.KERBEROS),
- DIGEST((byte) 82, "DIGEST-MD5", AuthenticationMethod.TOKEN);
+ SIMPLE((byte) 80, ""),
+ KERBEROS((byte) 81, "GSSAPI"),
+ DIGEST((byte) 82, "DIGEST-MD5");
/** The code for this method. */
public final byte code;
public final String mechanismName;
- public final AuthenticationMethod authenticationMethod;
- private AuthMethod(byte code, String mechanismName,
- AuthenticationMethod authMethod) {
+ private AuthMethod(byte code, String mechanismName) {
this.code = code;
this.mechanismName = mechanismName;
- this.authenticationMethod = authMethod;
}
private static final int FIRST_CODE = values()[0].code;
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1405910&r1=1405909&r2=1405910&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Mon Nov 5 18:37:39 2012
@@ -59,6 +59,7 @@ import org.apache.hadoop.metrics2.annota
import org.apache.hadoop.metrics2.annotation.Metrics;
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.metrics2.lib.MutableRate;
+import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.security.token.Token;
@@ -1019,13 +1020,34 @@ public class UserGroupInformation {
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static enum AuthenticationMethod {
- SIMPLE,
- KERBEROS,
- TOKEN,
- CERTIFICATE,
- KERBEROS_SSL,
- PROXY;
- }
+ // currently we support only one auth per method, but eventually a
+ // subtype is needed to differentiate, ex. if digest is token or ldap
+ SIMPLE(AuthMethod.SIMPLE),
+ KERBEROS(AuthMethod.KERBEROS),
+ TOKEN(AuthMethod.DIGEST),
+ CERTIFICATE(null),
+ KERBEROS_SSL(null),
+ PROXY(null);
+
+ private final AuthMethod authMethod;
+ private AuthenticationMethod(AuthMethod authMethod) {
+ this.authMethod = authMethod;
+ }
+
+ public AuthMethod getAuthMethod() {
+ return authMethod;
+ }
+
+ public static AuthenticationMethod valueOf(AuthMethod authMethod) {
+ for (AuthenticationMethod value : values()) {
+ if (value.getAuthMethod() == authMethod) {
+ return value;
+ }
+ }
+ throw new IllegalArgumentException(
+ "no authentication method for " + authMethod);
+ }
+ };
/**
* Create a proxy user using username of the effective user and the ugi of the
@@ -1291,6 +1313,15 @@ public class UserGroupInformation {
}
/**
+ * Sets the authentication method in the subject
+ *
+ * @param authMethod
+ */
+ public void setAuthenticationMethod(AuthMethod authMethod) {
+ user.setAuthenticationMethod(AuthenticationMethod.valueOf(authMethod));
+ }
+
+ /**
* Get the authentication method from the subject
*
* @return AuthenticationMethod in the subject, null if not present.
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1405910&r1=1405909&r2=1405910&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java Mon Nov 5 18:37:39 2012
@@ -305,7 +305,6 @@ public class TestUserGroupInformation {
assertSame(secret, ugi.getCredentials().getSecretKey(secretKey));
}
- @SuppressWarnings("unchecked") // from Mockito mocks
@Test
public <T extends TokenIdentifier> void testGetCredsNotSame()
throws Exception {
@@ -430,6 +429,18 @@ public class TestUserGroupInformation {
}
@Test
+ public void testTestAuthMethod() throws Exception {
+ UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
+ // verify the reverse mappings works
+ for (AuthenticationMethod am : AuthenticationMethod.values()) {
+ if (am.getAuthMethod() != null) {
+ ugi.setAuthenticationMethod(am.getAuthMethod());
+ assertEquals(am, ugi.getAuthenticationMethod());
+ }
+ }
+ }
+
+ @Test
public void testUGIAuthMethod() throws Exception {
final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
final AuthenticationMethod am = AuthenticationMethod.KERBEROS;