You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by eo...@apache.org on 2019/07/29 06:11:19 UTC
[bookkeeper] branch master updated: Issue #2127: Allow user
override default SASL service name bookkeeper
This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 60ff4ec Issue #2127: Allow user override default SASL service name bookkeeper
60ff4ec is described below
commit 60ff4ec791f94362eee9aecc67670cbdbf2b2ee6
Author: BINLEI XUE <ko...@gmail.com>
AuthorDate: Mon Jul 29 14:11:14 2019 +0800
Issue #2127: Allow user override default SASL service name bookkeeper
Descriptions of the changes in this PR:
default SASL service name "bookkeeper" can be override by JVM property "bookkeeper.sasl.servicename"
### Motivation
### Changes
Instead of use a constant value, it would read from JVM property first, if it doesn't exists, then use default value from constant variable SaslConstants.SASL_BOOKKEEPER_PROTOCOL
Master Issue: #2127
Reviewers: Enrico Olivelli <eo...@gmail.com>, Jia Zhai <zh...@apache.org>, Sijie Guo
This closes #2128 from 29x10/master, closes #2127
---
.../src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java | 4 +++-
.../src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java | 2 ++
.../test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java | 7 +++++--
site/docs/4.9.2/security/sasl.md | 7 +++++++
4 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java
index 324480c..63d7de9 100644
--- a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java
+++ b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java
@@ -50,7 +50,9 @@ public class SaslClientState {
private String password;
public SaslClientState(String serverHostname, Subject subject) throws SaslException {
- String serverPrincipal = SaslConstants.SASL_BOOKKEEPER_PROTOCOL + "/" + serverHostname;
+ String saslServiceName = System.getProperty(SaslConstants.SASL_SERVICE_NAME,
+ SaslConstants.SASL_SERVICE_NAME_DEFAULT);
+ String serverPrincipal = saslServiceName + "/" + serverHostname;
this.clientSubject = subject;
if (clientSubject == null) {
throw new SaslException("Cannot create JAAS Sujbect for SASL");
diff --git a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java
index 98a83b7..719f1ec 100644
--- a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java
+++ b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java
@@ -52,6 +52,8 @@ public class SaslConstants {
static final String SASL_BOOKKEEPER_PROTOCOL = "bookkeeper";
static final String SASL_BOOKKEEPER_REALM = "bookkeeper";
+ static final String SASL_SERVICE_NAME = "bookkeeper.sasl.servicename";
+ static final String SASL_SERVICE_NAME_DEFAULT = "bookkeeper";
static final String SASL_MD5_DUMMY_HOSTNAME = "bookkeeper";
diff --git a/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java b/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java
index a538950..fc2df20 100644
--- a/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java
+++ b/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java
@@ -68,6 +68,8 @@ public class GSSAPIBookKeeperTest extends BookKeeperClusterTestCase {
private static MiniKdc kdc;
private static Properties conf;
+ private static final String non_default_sasl_service_name = "non_default_servicename";
+
@ClassRule
public static TemporaryFolder kdcDir = new TemporaryFolder();
@@ -86,8 +88,8 @@ public class GSSAPIBookKeeperTest extends BookKeeperClusterTestCase {
bookieConf.setUseHostNameAsBookieID(true);
String localhostName = Bookie.getBookieAddress(bookieConf).getHostName();
- String principalServerNoRealm = "bookkeeper/" + localhostName;
- String principalServer = "bookkeeper/" + localhostName + "@" + kdc.getRealm();
+ String principalServerNoRealm = non_default_sasl_service_name + "/" + localhostName;
+ String principalServer = non_default_sasl_service_name + "/" + localhostName + "@" + kdc.getRealm();
LOG.info("principalServer: " + principalServer);
String principalClientNoRealm = "bookkeeperclient/" + localhostName;
String principalClient = principalClientNoRealm + "@" + kdc.getRealm();
@@ -252,6 +254,7 @@ public class GSSAPIBookKeeperTest extends BookKeeperClusterTestCase {
}
BookieServer startAndStoreBookie(ServerConfiguration conf) throws Exception {
+ System.setProperty(SaslConstants.SASL_SERVICE_NAME, non_default_sasl_service_name);
bsConfs.add(conf);
BookieServer s = startBookie(conf);
bs.add(s);
diff --git a/site/docs/4.9.2/security/sasl.md b/site/docs/4.9.2/security/sasl.md
index ffb972a..e943ec8 100644
--- a/site/docs/4.9.2/security/sasl.md
+++ b/site/docs/4.9.2/security/sasl.md
@@ -195,6 +195,13 @@ To configure SASL authentication on the clients:
```shell
clientAuthProviderFactoryClass=org.apache.bookkeeper.sasl.SASLClientProviderFactory
```
+5. By default bookie service name is `bookkeeper`, you could override it by passing a JVM parameter to the client JVM or set System Property manually.
+
+ For example, if your bookie's principle is bk@bk1.hostname.com@EXAMPLE.COM, then pass:
+
+ ```shell
+ -Dbookkeeper.sasl.servicename=bk
+ ```
## Enabling Logging for SASL