You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by pz...@apache.org on 2019/08/29 21:12:19 UTC
[knox] branch master updated: KNOX-2001 - KnoxSession should log a
warning message when useSubjectCredsOnly is false
This is an automated email from the ASF dual-hosted git repository.
pzampino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 880217d KNOX-2001 - KnoxSession should log a warning message when useSubjectCredsOnly is false
880217d is described below
commit 880217d79543e7e029db391e2acdfc868a06ab61
Author: pzampino <pz...@cloudera.com>
AuthorDate: Thu Aug 29 16:43:02 2019 -0400
KNOX-2001 - KnoxSession should log a warning message when useSubjectCredsOnly is false
---
.../src/main/java/org/apache/knox/gateway/shell/KnoxSession.java | 8 ++++++++
.../java/org/apache/knox/gateway/shell/KnoxShellMessages.java | 4 ++++
2 files changed, 12 insertions(+)
diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
index 7c817f4..3952a1c 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
@@ -326,6 +326,14 @@ public class KnoxSession implements Closeable {
System.setProperty("sun.security.jgss.debug", "true");
}
+ // (KNOX-2001) Log a warning if the useSubjectCredsOnly restriction is "relaxed"
+ String useSubjectCredsOnly = System.getProperty("javax.security.auth.useSubjectCredsOnly");
+ if (useSubjectCredsOnly != null) {
+ if (!Boolean.valueOf(useSubjectCredsOnly)) {
+ LOG.useSubjectCredsOnlyIsFalse();
+ }
+ }
+
final Registry<AuthSchemeProvider> authSchemeRegistry =
RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build();
diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java
index 16c05bc..4c188db 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxShellMessages.java
@@ -59,4 +59,8 @@ public interface KnoxShellMessages {
@Message( level = MessageLevel.DEBUG, text = "JAAS configuration: {0}" )
void jaasConfigurationLocation(String location);
+ @Message( level = MessageLevel.WARN,
+ text = "The javax.security.auth.useSubjectCredsOnly system property is set to 'false'; This may yield unexpected results with respect to Kerberos authentication." )
+ void useSubjectCredsOnlyIsFalse();
+
}