You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by tg...@apache.org on 2012/10/03 21:18:12 UTC

svn commit: r1393699 - in /hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs: CHANGES.txt src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java

Author: tgraves
Date: Wed Oct  3 19:18:12 2012
New Revision: 1393699

URL: http://svn.apache.org/viewvc?rev=1393699&view=rev
Log:
HDFS-3905. Secure cluster cannot use hftp to an insecure cluster (Daryn Sharp via tgraves)

Modified:
    hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
    hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java

Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1393699&r1=1393698&r2=1393699&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Wed Oct  3 19:18:12 2012
@@ -15,6 +15,9 @@ Release 0.23.5 - UNRELEASED
     HDFS-3919. MiniDFSCluster:waitClusterUp can hang forever.
     (Andy Isaacson via eli)
 
+    HDFS-3905. Secure cluster cannot use hftp to an insecure cluster
+    (Daryn Sharp via tgraves)
+
 Release 0.23.4 - UNRELEASED
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java?rev=1393699&r1=1393698&r2=1393699&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java (original)
+++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java Wed Oct  3 19:18:12 2012
@@ -24,6 +24,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.PrintStream;
+import java.net.ConnectException;
 import java.net.HttpURLConnection;
 import java.net.InetSocketAddress;
 import java.net.URL;
@@ -385,10 +386,24 @@ public class DelegationTokenFetcher {
       return ugi.doAs(
           new PrivilegedExceptionAction<URLConnection>() {
             public URLConnection run() throws IOException {
-              SecurityUtil.fetchServiceTicket(url);
-              URLConnection connection = URLUtils.openConnection(url);
-              connection.connect();
-              return connection;
+              // might not be fatal if secure port doesn't connect because
+              // security may be disabled on remote cluster
+              IOException ioeForTGS = null;
+              try {
+                SecurityUtil.fetchServiceTicket(url);
+              } catch (IOException ioe) {
+                ioeForTGS = ioe;
+              }
+              try {
+                URLConnection connection = URLUtils.openConnection(url);
+                connection.connect();
+                return connection;
+              } catch (ConnectException e) {
+                throw e;
+              } catch (IOException ioe) {
+                // throw TGS exception instead if negotiation fails
+                throw (ioeForTGS != null) ? ioeForTGS : ioe;
+              }
             }
           });
     } catch (InterruptedException ie) {