You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by tu...@apache.org on 2011/12/07 23:17:35 UTC
svn commit: r1211673 - in /hadoop/common/trunk/hadoop-common-project:
hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/
hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/
hadoop-auth/src/test/java/org/ap...
Author: tucu
Date: Wed Dec 7 22:17:35 2011
New Revision: 1211673
URL: http://svn.apache.org/viewvc?rev=1211673&view=rev
Log:
HADOOP-7887. KerberosAuthenticatorHandler is not setting KerberosName name rules from configuration. (tucu)
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java?rev=1211673&r1=1211672&r2=1211673&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java Wed Dec 7 22:17:35 2011
@@ -55,6 +55,8 @@ import java.util.Set;
* It does not have a default value.</li>
* <li>kerberos.keytab: the keytab file containing the credentials for the Kerberos principal.
* It does not have a default value.</li>
+ * <li>kerberos.name.rules: kerberos names rules to resolve principal names, see
+ * {@link KerberosName#setRules(String)}</li>
* </ul>
*/
public class KerberosAuthenticationHandler implements AuthenticationHandler {
@@ -151,6 +153,11 @@ public class KerberosAuthenticationHandl
throw new ServletException("Keytab does not exist: " + keytab);
}
+ String nameRules = config.getProperty(NAME_RULES, null);
+ if (nameRules != null) {
+ KerberosName.setRules(nameRules);
+ }
+
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java?rev=1211673&r1=1211672&r2=1211673&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java Wed Dec 7 22:17:35 2011
@@ -385,6 +385,15 @@ public class KerberosName {
rules = parseRules(ruleString);
}
+ /**
+ * Indicates if the name rules have been set.
+ *
+ * @return if the name rules have been set.
+ */
+ public static boolean hasRulesBeenSet() {
+ return rules != null;
+ }
+
static void printRules() throws IOException {
int i = 0;
for(Rule r: rules) {
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1211673&r1=1211672&r2=1211673&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java Wed Dec 7 22:17:35 2011
@@ -18,6 +18,7 @@ import org.apache.hadoop.security.authen
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
import junit.framework.TestCase;
import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.security.authentication.util.KerberosName;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
@@ -59,6 +60,35 @@ public class TestKerberosAuthenticationH
super.tearDown();
}
+ public void testNameRules() throws Exception {
+ KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
+ assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
+
+ //destroy handler created in setUp()
+ handler.destroy();
+
+ KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT");
+
+ handler = new KerberosAuthenticationHandler();
+ Properties props = new Properties();
+ props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
+ props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
+ props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
+ try {
+ handler.init(props);
+ } catch (Exception ex) {
+ }
+ kn = new KerberosName("bar@BAR");
+ assertEquals("bar", kn.getShortName());
+ kn = new KerberosName("bar@FOO");
+ try {
+ kn.getShortName();
+ fail();
+ }
+ catch (Exception ex) {
+ }
+ }
+
public void testInit() throws Exception {
assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal());
assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1211673&r1=1211672&r2=1211673&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Wed Dec 7 22:17:35 2011
@@ -117,6 +117,9 @@ Trunk (unreleased changes)
HADOOP-7874. native libs should be under lib/native/ dir. (tucu)
+ HADOOP-7887. KerberosAuthenticatorHandler is not setting
+ KerberosName name rules from configuration. (tucu)
+
OPTIMIZATIONS
HADOOP-7761. Improve the performance of raw comparisons. (todd)
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java?rev=1211673&r1=1211672&r2=1211673&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java Wed Dec 7 22:17:35 2011
@@ -56,12 +56,19 @@ public class HadoopKerberosName extends
}
/**
* Set the static configuration to get the rules.
+ * <p/>
+ * IMPORTANT: This method does a NOP if the rules have been set already.
+ * If there is a need to reset the rules, the {@link KerberosName#setRules(String)}
+ * method should be invoked directly.
+ *
* @param conf the new configuration
* @throws IOException
*/
public static void setConfiguration(Configuration conf) throws IOException {
- String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
- setRules(ruleString);
+ if (!hasRulesBeenSet()) {
+ String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
+ setRules(ruleString);
+ }
}
public static void main(String[] args) throws Exception {