You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@omid.apache.org by fp...@apache.org on 2017/08/10 20:42:59 UTC
incubator-omid git commit: [OMID-67] Avoid Kerberos logging multiple times

Repository: incubator-omid
Updated Branches:
  refs/heads/0.9.0.0 9f5474f91 -> 97579d66a


[OMID-67] Avoid Kerberos logging multiple times

It may cause race conditions when done multiple times from the same JVM.
The Kerberos ticket is not properly renewed when this happens.

This closes #14

Change-Id: I07599f54bc9bead90a87d30a2f6b033de64b6470


Project: http://git-wip-us.apache.org/repos/asf/incubator-omid/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-omid/commit/97579d66
Tree: http://git-wip-us.apache.org/repos/asf/incubator-omid/tree/97579d66
Diff: http://git-wip-us.apache.org/repos/asf/incubator-omid/diff/97579d66

Branch: refs/heads/0.9.0.0
Commit: 97579d66a3f1f62eebca054495937f4f6f2666c2
Parents: 9f5474f
Author: Francisco Perez-Sorrosal <fp...@apache.org>
Authored: Thu May 11 12:00:21 2017 -0700
Committer: Francisco Perez-Sorrosal <fp...@apache.org>
Committed: Thu Aug 10 13:18:51 2017 -0700

----------------------------------------------------------------------
 .../org/apache/omid/tools/hbase/HBaseLogin.java | 25 ++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-omid/blob/97579d66/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
----------------------------------------------------------------------
diff --git a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
index 0994748..92b4904 100644
--- a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
+++ b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
@@ -21,18 +21,35 @@ import org.apache.hadoop.security.UserGroupInformation;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.annotation.Nullable;
 import java.io.IOException;
 
 public final class HBaseLogin {
 
     private static final Logger LOG = LoggerFactory.getLogger(HBaseLogin.class);
 
+    private static volatile UserGroupInformation ugi;
+
+    @Nullable
     public static UserGroupInformation loginIfNeeded(SecureHBaseConfig config) throws IOException {
+
         if (UserGroupInformation.isSecurityEnabled()) {
-            LOG.info("Security is enabled, logging in with principal={}, keytab={}",
-                    config.getPrincipal(), config.getKeytab());
-            UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab());
+            LOG.info("Security enabled when connecting to HBase");
+            if (ugi == null) { // Use lazy initialization with double-checked locking
+                synchronized (HBaseLogin.class) {
+                    if (ugi == null) {
+                        LOG.info("Login with Kerberos. User={}, keytab={}", config.getPrincipal(), config.getKeytab());
+                        UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab());
+                        ugi = UserGroupInformation.getCurrentUser();
+                    }
+                }
+            } else {
+                LOG.info("User {}, already trusted (Kerberos). Avoiding 2nd login as it causes problems", ugi.toString());
+            }
+        } else {
+            LOG.warn("Security NOT enabled when connecting to HBase. Act at your own risk. NULL UGI returned");
         }
-        return UserGroupInformation.getCurrentUser();
+        return ugi;
     }
+
 }