You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by vi...@apache.org on 2014/02/04 23:46:52 UTC
svn commit: r1564549 - in
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop:
ipc/Server.java security/authorize/ServiceAuthorizationManager.java
Author: vinodkv
Date: Tue Feb 4 22:46:52 2014
New Revision: 1564549
URL: http://svn.apache.org/r1564549
Log:
YARN-1669. Modified RM HA handling of protocol level service-ACLS to be available across RM failover by making using of a remote configuration-provider. Contributed by Xuan Gong.
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java?rev=1564549&r1=1564548&r2=1564549&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java Tue Feb 4 22:46:52 2014
@@ -451,6 +451,14 @@ public abstract class Server {
}
/**
+ * Refresh the service authorization ACL for the service handled by this server
+ * using the specified Configuration.
+ */
+ public void refreshServiceAclWithConfigration(Configuration conf,
+ PolicyProvider provider) {
+ serviceAuthorizationManager.refreshWithConfiguration(conf, provider);
+ }
+ /**
* Returns a handle to the serviceAuthorizationManager (required in tests)
* @return instance of ServiceAuthorizationManager for this server
*/
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java?rev=1564549&r1=1564548&r2=1564549&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java Tue Feb 4 22:46:52 2014
@@ -33,6 +33,8 @@ import org.apache.hadoop.security.Kerber
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
+import com.google.common.annotations.VisibleForTesting;
+
/**
* An authorization manager which handles service-level authorization
* for incoming service requests.
@@ -120,19 +122,23 @@ public class ServiceAuthorizationManager
// Make a copy of the original config, and load the policy file
Configuration policyConf = new Configuration(conf);
policyConf.addResource(policyFile);
-
+ refreshWithConfiguration(policyConf, provider);
+ }
+
+ public synchronized void refreshWithConfiguration(Configuration conf,
+ PolicyProvider provider) {
final Map<Class<?>, AccessControlList> newAcls =
- new IdentityHashMap<Class<?>, AccessControlList>();
+ new IdentityHashMap<Class<?>, AccessControlList>();
// Parse the config file
Service[] services = provider.getServices();
if (services != null) {
for (Service service : services) {
- AccessControlList acl =
- new AccessControlList(
- policyConf.get(service.getServiceKey(),
- AccessControlList.WILDCARD_ACL_VALUE)
- );
+ AccessControlList acl =
+ new AccessControlList(
+ conf.get(service.getServiceKey(),
+ AccessControlList.WILDCARD_ACL_VALUE)
+ );
newAcls.put(service.getProtocol(), acl);
}
}
@@ -141,8 +147,13 @@ public class ServiceAuthorizationManager
protocolToAcl = newAcls;
}
- // Package-protected for use in tests.
- Set<Class<?>> getProtocolsWithAcls() {
+ @VisibleForTesting
+ public Set<Class<?>> getProtocolsWithAcls() {
return protocolToAcl.keySet();
}
+
+ @VisibleForTesting
+ public AccessControlList getProtocolsAcls(Class<?> className) {
+ return protocolToAcl.get(className);
+ }
}