You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by zj...@apache.org on 2021/06/02 08:54:12 UTC
[zeppelin] branch master updated: [ZEPPELIN-5388] Polish realm
package of zeppelin-server
This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new d13e72c [ZEPPELIN-5388] Polish realm package of zeppelin-server
d13e72c is described below
commit d13e72c76de566c28000b91761ef789cea727c91
Author: cuspymd <cu...@gmail.com>
AuthorDate: Fri May 21 23:26:43 2021 +0900
[ZEPPELIN-5388] Polish realm package of zeppelin-server
### What is this PR for?
- Add `final` keyword to variables which are not re-assigned
- Delete unnecessary and unused codes
### What type of PR is it?
[Refactoring]
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-5388
### How should this be tested?
* CI
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: cuspymd <cu...@gmail.com>
Closes #4125 from cuspymd/polish-realm-server and squashes the following commits:
ffae11e5c [cuspymd] Polish realm package of zeppelin-server
---
.../zeppelin/realm/ActiveDirectoryGroupRealm.java | 35 +++---
.../org/apache/zeppelin/realm/LdapGroupRealm.java | 2 +-
.../java/org/apache/zeppelin/realm/LdapRealm.java | 135 ++++++++++-----------
.../apache/zeppelin/realm/ZeppelinHubRealm.java | 2 +-
.../apache/zeppelin/realm/jwt/KnoxJwtRealm.java | 33 ++---
.../zeppelin/realm/kerberos/KerberosRealm.java | 46 ++-----
.../zeppelin/realm/kerberos/KerberosUtil.java | 19 ++-
7 files changed, 112 insertions(+), 160 deletions(-)
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
index 5efa723..c41da54 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
@@ -88,7 +88,7 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
* group names (e.g. CN=Group,OU=Company,DC=MyDomain,DC=local)
* as returned by the active directory LDAP server to role names.
*/
- private Map<String, String> groupRolesMap = new LinkedHashMap<>();
+ private final Map<String, String> groupRolesMap = new LinkedHashMap<>();
public void setGroupRolesMap(Map<String, String> groupRolesMap) {
this.groupRolesMap.putAll(groupRolesMap);
@@ -144,7 +144,7 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
}
private String getSystemPassword() {
- String password = "";
+ String password;
if (StringUtils.isEmpty(this.hadoopSecurityCredentialPath)) {
password = this.systemPassword;
} else {
@@ -190,17 +190,14 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
}
private boolean isValidPrincipalName(String userPrincipalName) {
- if (userPrincipalName != null) {
- if (StringUtils.isNotEmpty(userPrincipalName) && userPrincipalName.contains("@")) {
- String userPrincipalWithoutDomain = userPrincipalName.split("@")[0].trim();
- if (StringUtils.isNotEmpty(userPrincipalWithoutDomain)) {
- return true;
- }
- } else if (StringUtils.isNotEmpty(userPrincipalName)) {
- return true;
- }
+ if (StringUtils.isEmpty(userPrincipalName)) {
+ return false;
}
- return false;
+ if (userPrincipalName.contains("@")) {
+ String userPrincipalWithoutDomain = userPrincipalName.split("@")[0].trim();
+ return StringUtils.isNotEmpty(userPrincipalWithoutDomain);
+ }
+ return true;
}
protected AuthenticationInfo buildAuthenticationInfo(String username, char[] password) {
@@ -344,14 +341,12 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
protected Collection<String> getRoleNamesForGroups(Collection<String> groupNames) {
Set<String> roleNames = new HashSet<>(groupNames.size());
- if (groupRolesMap != null) {
- for (String groupName : groupNames) {
- String strRoleNames = groupRolesMap.get(groupName);
- if (strRoleNames != null) {
- for (String roleName : strRoleNames.split(ROLE_NAMES_DELIMETER)) {
- LOGGER.debug("User is member of group [{}] so adding role [{}]", groupName, roleName);
- roleNames.add(roleName);
- }
+ for (String groupName : groupNames) {
+ String strRoleNames = groupRolesMap.get(groupName);
+ if (strRoleNames != null) {
+ for (String roleName : strRoleNames.split(ROLE_NAMES_DELIMETER)) {
+ LOGGER.debug("User is member of group [{}] so adding role [{}]", groupName, roleName);
+ roleNames.add(roleName);
}
}
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java
index 5e8ffa5..510bc34 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapGroupRealm.java
@@ -52,7 +52,7 @@ public class LdapGroupRealm extends DefaultLdapRealm {
}
public Set<String> getRoleNamesForUser(String username, LdapContext ldapContext,
- String userDnTemplate) throws NamingException {
+ String userDnTemplate) {
try {
Set<String> roleNames = new LinkedHashSet<>();
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java
index abb5d01..dc7494e 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/LdapRealm.java
@@ -190,7 +190,7 @@ public class LdapRealm extends DefaultLdapRealm {
private String userSearchAttributeName;
private String userObjectClass = "person";
- private HashService hashService = new DefaultHashService();
+ private final HashService hashService = new DefaultHashService();
@@ -206,11 +206,7 @@ public class LdapRealm extends DefaultLdapRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws org.apache.shiro.authc.AuthenticationException {
- try {
- return super.doGetAuthenticationInfo(token);
- } catch (org.apache.shiro.authc.AuthenticationException ae) {
- throw ae;
- }
+ return super.doGetAuthenticationInfo(token);
}
@Override
@@ -295,7 +291,7 @@ public class LdapRealm extends DefaultLdapRealm {
}
private boolean hasAllowedAuthenticationRules(PrincipalCollection principals,
- final LdapContextFactory ldapContextFactory) throws NamingException {
+ final LdapContextFactory ldapContextFactory) {
boolean allowed = allowedRolesForAuthentication.isEmpty();
if (!allowed) {
Set<String> roles = getRoles(principals, ldapContextFactory);
@@ -311,7 +307,7 @@ public class LdapRealm extends DefaultLdapRealm {
}
private Set<String> getRoles(PrincipalCollection principals,
- final LdapContextFactory ldapContextFactory) throws NamingException {
+ final LdapContextFactory ldapContextFactory) {
final String username = (String) getAvailablePrincipal(principals);
LdapContext systemLdapCtx = null;
@@ -346,74 +342,71 @@ public class LdapRealm extends DefaultLdapRealm {
int pageSize = getPagingSize();
LOGGER.debug("Ldap PagingSize: {}", pageSize);
int numResults = 0;
- byte[] cookie = null;
try {
ldapCtx.addToEnvironment(Context.REFERRAL, "ignore");
ldapCtx.setRequestControls(new Control[]{new PagedResultsControl(pageSize,
Control.NONCRITICAL)});
- do {
- // ldapsearch -h localhost -p 33389 -D
- // uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -w guest-password
- // -b dc=hadoop,dc=apache,dc=org -s sub '(objectclass=*)'
- NamingEnumeration<SearchResult> searchResultEnum = null;
- SearchControls searchControls = getGroupSearchControls();
- try {
- if (groupSearchEnableMatchingRuleInChain) {
- searchResultEnum = ldapCtx.search(
- getGroupSearchBase(),
- String.format(
- MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn),
- searchControls);
- while (searchResultEnum != null && searchResultEnum.hasMore()) {
- // searchResults contains all the groups in search scope
- numResults++;
- final SearchResult group = searchResultEnum.next();
-
- Attribute attribute = group.getAttributes().get(getGroupIdAttribute());
- String groupName = attribute.get().toString();
-
- String roleName = roleNameFor(groupName);
- if (roleName != null) {
- roleNames.add(roleName);
- } else {
- roleNames.add(groupName);
- }
- }
- } else {
- // Default group search filter
- String searchFilter = String.format("(objectclass=%1$s)", groupObjectClass);
-
- // If group search filter is defined in Shiro config, then use it
- if (groupSearchFilter != null) {
- searchFilter = expandTemplate(groupSearchFilter, userName);
- //searchFilter = String.format("%1$s", groupSearchFilter);
- }
- LOGGER.debug("Group SearchBase|SearchFilter|GroupSearchScope: " + "{}|{}|{}",
- getGroupSearchBase(), searchFilter, groupSearchScope);
- searchResultEnum = ldapCtx.search(
- getGroupSearchBase(),
- searchFilter,
- searchControls);
- while (searchResultEnum != null && searchResultEnum.hasMore()) {
- // searchResults contains all the groups in search scope
- numResults++;
- final SearchResult group = searchResultEnum.next();
- addRoleIfMember(userDn, group, roleNames, groupNames, ldapContextFactory);
+ // ldapsearch -h localhost -p 33389 -D
+ // uid=guest,ou=people,dc=hadoop,dc=apache,dc=org -w guest-password
+ // -b dc=hadoop,dc=apache,dc=org -s sub '(objectclass=*)'
+ NamingEnumeration<SearchResult> searchResultEnum = null;
+ SearchControls searchControls = getGroupSearchControls();
+ try {
+ if (groupSearchEnableMatchingRuleInChain) {
+ searchResultEnum = ldapCtx.search(
+ getGroupSearchBase(),
+ String.format(
+ MATCHING_RULE_IN_CHAIN_FORMAT, groupObjectClass, memberAttribute, userDn),
+ searchControls);
+ while (searchResultEnum != null && searchResultEnum.hasMore()) {
+ // searchResults contains all the groups in search scope
+ numResults++;
+ final SearchResult group = searchResultEnum.next();
+
+ Attribute attribute = group.getAttributes().get(getGroupIdAttribute());
+ String groupName = attribute.get().toString();
+
+ String roleName = roleNameFor(groupName);
+ if (roleName != null) {
+ roleNames.add(roleName);
+ } else {
+ roleNames.add(groupName);
}
}
- } catch (PartialResultException e) {
- LOGGER.debug("Ignoring PartitalResultException");
- } finally {
- if (searchResultEnum != null) {
- searchResultEnum.close();
+ } else {
+ // Default group search filter
+ String searchFilter = String.format("(objectclass=%1$s)", groupObjectClass);
+
+ // If group search filter is defined in Shiro config, then use it
+ if (groupSearchFilter != null) {
+ searchFilter = expandTemplate(groupSearchFilter, userName);
+ //searchFilter = String.format("%1$s", groupSearchFilter);
+ }
+ LOGGER.debug("Group SearchBase|SearchFilter|GroupSearchScope: " + "{}|{}|{}",
+ getGroupSearchBase(), searchFilter, groupSearchScope);
+ searchResultEnum = ldapCtx.search(
+ getGroupSearchBase(),
+ searchFilter,
+ searchControls);
+ while (searchResultEnum != null && searchResultEnum.hasMore()) {
+ // searchResults contains all the groups in search scope
+ numResults++;
+ final SearchResult group = searchResultEnum.next();
+ addRoleIfMember(userDn, group, roleNames, groupNames, ldapContextFactory);
}
}
- // Re-activate paged results
- ldapCtx.setRequestControls(new Control[]{new PagedResultsControl(pageSize,
- cookie, Control.CRITICAL)});
- } while (cookie != null);
+ } catch (PartialResultException e) {
+ LOGGER.debug("Ignoring PartitalResultException");
+ } finally {
+ if (searchResultEnum != null) {
+ searchResultEnum.close();
+ }
+ }
+ // Re-activate paged results
+ ldapCtx.setRequestControls(new Control[]{new PagedResultsControl(pageSize,
+ null, Control.CRITICAL)});
} catch (SizeLimitExceededException e) {
LOGGER.info("Only retrieved first {} groups due to SizeLimitExceededException.", numResults);
} catch (IOException e) {
@@ -720,9 +713,8 @@ public class LdapRealm extends DefaultLdapRealm {
}
// search for the filter, substituting base with userDn
// search for base_dn=userDn, scope=base, filter=filter
- LdapContext systemLdapCtx = null;
+ LdapContext systemLdapCtx;
systemLdapCtx = ldapContextFactory.getSystemLdapContext();
- boolean member = false;
NamingEnumeration<SearchResult> searchResultEnum = null;
try {
searchResultEnum = systemLdapCtx.search(userLdapDn, searchFilter,
@@ -739,7 +731,7 @@ public class LdapRealm extends DefaultLdapRealm {
LdapUtils.closeContext(systemLdapCtx);
}
}
- return member;
+ return false;
}
public String getPrincipalRegex() {
@@ -758,8 +750,7 @@ public class LdapRealm extends DefaultLdapRealm {
principalRegex = DEFAULT_PRINCIPAL_REGEX;
} else {
regex = regex.trim();
- Pattern pattern = Pattern.compile(regex);
- principalPattern = pattern;
+ principalPattern = Pattern.compile(regex);
principalRegex = regex;
}
}
@@ -897,7 +888,7 @@ public class LdapRealm extends DefaultLdapRealm {
// Create the searchBase and searchFilter from config.
String searchBase = expandTemplate(getUserSearchBase(), matchedPrincipal);
- String searchFilter = null;
+ String searchFilter;
if (userSearchFilter == null) {
if (userSearchAttributeName == null) {
searchFilter = String.format("(objectclass=%1$s)", getUserObjectClass());
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java
index 8a0da48..e116dd6 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ZeppelinHubRealm.java
@@ -65,7 +65,7 @@ public class ZeppelinHubRealm extends AuthorizingRealm {
private final CloseableHttpClient httpClient;
private String zeppelinhubUrl;
- private String name;
+ private final String name;
public ZeppelinHubRealm() {
super();
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java
index 6fedd12..736090e 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/jwt/KnoxJwtRealm.java
@@ -16,6 +16,8 @@
*/
package org.apache.zeppelin.realm.jwt;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
import java.util.Date;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
@@ -66,11 +68,6 @@ public class KnoxJwtRealm extends AuthorizingRealm {
private Boolean logoutAPI;
/**
- * Configuration object needed by for Hadoop classes.
- */
- private Configuration hadoopConfig;
-
- /**
* Hadoop Groups implementation.
*/
private Groups hadoopGroups;
@@ -80,7 +77,7 @@ public class KnoxJwtRealm extends AuthorizingRealm {
super.onInit();
try {
- hadoopConfig = new Configuration();
+ Configuration hadoopConfig = new Configuration();
hadoopGroups = new Groups(hadoopConfig);
} catch (final Exception e) {
LOGGER.error("Exception in onInit", e);
@@ -89,7 +86,7 @@ public class KnoxJwtRealm extends AuthorizingRealm {
@Override
public boolean supports(AuthenticationToken token) {
- return token != null && token instanceof JWTAuthenticationToken;
+ return token instanceof JWTAuthenticationToken;
}
@Override
@@ -110,8 +107,7 @@ public class KnoxJwtRealm extends AuthorizingRealm {
public String getName(JWTAuthenticationToken upToken) throws ParseException {
SignedJWT signed = SignedJWT.parse(upToken.getToken());
- String userName = signed.getJWTClaimsSet().getSubject();
- return userName;
+ return signed.getJWTClaimsSet().getSubject();
}
protected boolean validateToken(String token) {
@@ -132,10 +128,7 @@ public class KnoxJwtRealm extends AuthorizingRealm {
return true;
}
String cookieUser = signed.getJWTClaimsSet().getSubject();
- if (!cookieUser.equals(currentUser)) {
- return false;
- }
- return true;
+ return cookieUser.equals(currentUser);
} catch (ParseException ex) {
LOGGER.info("ParseException in validateToken", ex);
return false;
@@ -144,17 +137,15 @@ public class KnoxJwtRealm extends AuthorizingRealm {
public static RSAPublicKey parseRSAPublicKey(String pem) throws IOException, ServletException {
final String pemHeader = "-----BEGIN CERTIFICATE-----\n";
- final String pemFooter = "\n-----END CERTIFICATE-----";
- String fullPem = pemHeader + pem + pemFooter;
- PublicKey key = null;
+ PublicKey key;
try {
CertificateFactory fact = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = new ByteArrayInputStream(
- FileUtils.readFileToString(new File(pem)).getBytes("UTF8"));
+ FileUtils.readFileToString(new File(pem), Charset.defaultCharset()).getBytes(StandardCharsets.UTF_8));
X509Certificate cer = (X509Certificate) fact.generateCertificate(is);
key = cer.getPublicKey();
} catch (CertificateException ce) {
- String message = null;
+ String message;
if (pem.startsWith(pemHeader)) {
message = "CertificateException - be sure not to include PEM header "
+ "and footer in the PEM configuration element.";
@@ -177,7 +168,7 @@ public class KnoxJwtRealm extends AuthorizingRealm {
try {
RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPath);
JWSVerifier verifier = new RSASSAVerifier(publicKey);
- if (verifier != null && jwtToken.verify(verifier)) {
+ if (jwtToken.verify(verifier)) {
valid = true;
}
} catch (Exception e) {
@@ -226,7 +217,7 @@ public class KnoxJwtRealm extends AuthorizingRealm {
*/
public Set<String> mapGroupPrincipals(final String mappedPrincipalName) {
/* return the groups as seen by Hadoop */
- Set<String> groups = null;
+ Set<String> groups;
try {
final List<String> groupList = hadoopGroups
.getGroups(mappedPrincipalName);
@@ -247,7 +238,7 @@ public class KnoxJwtRealm extends AuthorizingRealm {
/* Log the error and return empty group */
LOGGER.info(String.format("errorGettingUserGroups for %s", mappedPrincipalName));
}
- groups = new HashSet<String>();
+ groups = new HashSet<>();
}
return groups;
}
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosRealm.java
index b7b8791..081541f 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosRealm.java
@@ -260,12 +260,7 @@ public class KerberosRealm extends AuthorizingRealm {
if (null == gssManager) {
try {
gssManager = Subject.doAs(serverSubject,
- new PrivilegedExceptionAction<GSSManager>() {
- @Override
- public GSSManager run() {
- return GSSManager.getInstance();
- }
- });
+ (PrivilegedExceptionAction<GSSManager>) GSSManager::getInstance);
LOG.trace("SPNEGO gssManager initialized.");
} catch (PrivilegedActionException ex) {
throw ex.getException();
@@ -286,7 +281,7 @@ public class KerberosRealm extends AuthorizingRealm {
private void initializeSecretProvider() throws ServletException {
try {
- secretProvider = constructSecretProvider(true);
+ secretProvider = constructSecretProvider();
destroySecretProvider = true;
signer = new Signer(secretProvider);
} catch (Exception ex) {
@@ -294,13 +289,11 @@ public class KerberosRealm extends AuthorizingRealm {
}
}
- private SignerSecretProvider constructSecretProvider(
- boolean fallbackToRandomSecretProvider) throws Exception {
+ private SignerSecretProvider constructSecretProvider() throws Exception {
SignerSecretProvider provider;
String secretProvider = config.getProperty(SIGNER_SECRET_PROVIDER);
- if (fallbackToRandomSecretProvider
- && config.getProperty(SIGNATURE_SECRET_FILE) == null) {
+ if (config.getProperty(SIGNATURE_SECRET_FILE) == null) {
secretProvider = "random";
}
@@ -310,16 +303,11 @@ public class KerberosRealm extends AuthorizingRealm {
provider.init(config, null, tokenValidity);
LOG.info("File based secret signer initialized.");
} catch (Exception e) {
- if (fallbackToRandomSecretProvider) {
- LOG.info("Unable to initialize FileSignerSecretProvider, " +
- "falling back to use random secrets.");
- provider = new RandomSignerSecretProvider();
- provider.init(config, null, tokenValidity);
- LOG.info("Random secret signer initialized.");
- } else {
- throw new RuntimeException("Can't initialize File based secret signer. Reason: "
- + e);
- }
+ LOG.info("Unable to initialize FileSignerSecretProvider, " +
+ "falling back to use random secrets.");
+ provider = new RandomSignerSecretProvider();
+ provider.init(config, null, tokenValidity);
+ LOG.info("Random secret signer initialized.");
}
} else if ("random".equals(secretProvider)) {
provider = new RandomSignerSecretProvider();
@@ -340,8 +328,6 @@ public class KerberosRealm extends AuthorizingRealm {
* @param response the HTTP client response.
*
* @return <code>TRUE</code>
- * @throws IOException it is never thrown.
- * @throws AuthenticationException it is never thrown.
*/
public boolean managementOperation(AuthenticationToken token,
HttpServletRequest request,
@@ -369,7 +355,7 @@ public class KerberosRealm extends AuthorizingRealm {
public Set<String> mapGroupPrincipals(final String mappedPrincipalName)
throws AuthorizationException {
/* return the groups as seen by Hadoop */
- Set<String> groups = null;
+ Set<String> groups;
try {
hadoopGroups.refresh();
final List<String> groupList = hadoopGroups.getGroups(mappedPrincipalName);
@@ -388,7 +374,7 @@ public class KerberosRealm extends AuthorizingRealm {
LOG.info(String.format("errorGettingUserGroups for %s", mappedPrincipalName));
throw new AuthorizationException(e);
}
- groups = new HashSet();
+ groups = new HashSet<>();
}
return groups;
}
@@ -603,13 +589,8 @@ public class KerberosRealm extends AuthorizingRealm {
"decoded from client request");
}
token = Subject.doAs(serverSubject,
- new PrivilegedExceptionAction<AuthenticationToken>() {
- @Override
- public AuthenticationToken run() throws Exception {
- return runWithPrincipal(serverPrincipal, clientToken,
- base64, response);
- }
- });
+ (PrivilegedExceptionAction<AuthenticationToken>) () -> runWithPrincipal(serverPrincipal, clientToken,
+ base64, response));
} catch (PrivilegedActionException ex) {
if (ex.getException() instanceof IOException) {
throw (IOException) ex.getException();
@@ -701,7 +682,6 @@ public class KerberosRealm extends AuthorizingRealm {
*
* @param request request object.
* @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
- * @throws IOException thrown if an IO error occurred.
* @throws AuthenticationException thrown if the token is invalid or if it has expired.
*/
private AuthenticationToken getToken(HttpServletRequest request)
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosUtil.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosUtil.java
index cb0147b..0444ed2 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosUtil.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/kerberos/KerberosUtil.java
@@ -21,14 +21,13 @@ import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
import java.io.File;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
-import java.nio.charset.IllegalCharsetNameException;
+import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
@@ -200,8 +199,8 @@ public class KerberosUtil {
String hostname)
throws UnknownHostException {
String fqdn = hostname;
- String shortprinc = null;
- String realmString = null;
+ String shortprinc;
+ String realmString;
if (null == fqdn || fqdn.equals("") || fqdn.equals("0.0.0.0")) {
fqdn = getLocalHostName();
}
@@ -229,7 +228,7 @@ public class KerberosUtil {
*/
static final String[] getPrincipalNames(String keytabFileName) throws IOException {
Keytab keytab = Keytab.read(new File(keytabFileName));
- Set<String> principals = new HashSet<String>();
+ Set<String> principals = new HashSet<>();
List<KeytabEntry> entries = keytab.getEntries();
for (KeytabEntry entry: entries){
principals.add(entry.getPrincipalName().replace("\\", "/"));
@@ -249,7 +248,7 @@ public class KerberosUtil {
Pattern pattern) throws IOException {
String[] principals = getPrincipalNames(keytab);
if (principals.length != 0) {
- List<String> matchingPrincipals = new ArrayList<String>();
+ List<String> matchingPrincipals = new ArrayList<>();
for (String principal : principals) {
if (pattern.matcher(principal).matches()) {
matchingPrincipals.add(principal);
@@ -419,12 +418,8 @@ public class KerberosUtil {
}
String getAsString() {
- try {
- return new String(bb.array(), bb.arrayOffset() + bb.position(),
- bb.remaining(), "UTF-8");
- } catch (UnsupportedEncodingException e) {
- throw new IllegalCharsetNameException("UTF-8"); // won't happen.
- }
+ return new String(bb.array(), bb.arrayOffset() + bb.position(),
+ bb.remaining(), StandardCharsets.UTF_8);
}
@Override