You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by te...@apache.org on 2013/10/11 05:13:15 UTC
svn commit: r1531178 - in /hbase/trunk:
hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
Author: tedyu
Date: Fri Oct 11 03:13:15 2013
New Revision: 1531178
URL: http://svn.apache.org/r1531178
Log:
HBASE-9706 Improve detection of secure ZooKeeper
Modified:
hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
Modified: hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java?rev=1531178&r1=1531177&r2=1531178&view=diff
==============================================================================
--- hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java (original)
+++ hbase/trunk/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java Fri Oct 11 03:13:15 2013
@@ -937,11 +937,17 @@ public class ZKUtil {
* <code>kerberos</code>.
*/
public static boolean isSecureZooKeeper(Configuration conf) {
- // hbase shell need to use:
- // -Djava.security.auth.login.config=user-jaas.conf
- // since each user has a different jaas.conf
- if (System.getProperty("java.security.auth.login.config") != null)
- return true;
+ // Detection for embedded HBase client with jaas configuration
+ // defined for third party programs.
+ try {
+ javax.security.auth.login.Configuration testConfig = javax.security.auth.login.Configuration.getConfiguration();
+ if(testConfig.getAppConfigurationEntry("Client") == null) {
+ return false;
+ }
+ } catch(Exception e) {
+ // No Jaas configuration defined.
+ return false;
+ }
// Master & RSs uses hbase.zookeeper.client.*
return("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")) &&
Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java?rev=1531178&r1=1531177&r2=1531178&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java Fri Oct 11 03:13:15 2013
@@ -264,5 +264,25 @@ public class TestZooKeeperACL {
assertEquals(acls.get(0).getPerms(), ZooDefs.Perms.ALL);
}
+ /**
+ * Check if ZooKeeper JaasConfiguration is valid.
+ */
+ @Test
+ public void testIsZooKeeperSecure() throws Exception {
+ boolean testJaasConfig = ZKUtil.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));
+ assertEquals(testJaasConfig, secureZKAvailable);
+ // Define Jaas configuration without ZooKeeper Jaas config
+ File saslConfFile = File.createTempFile("tmp", "fakeJaas.conf");
+ FileWriter fwriter = new FileWriter(saslConfFile);
+
+ fwriter.write("");
+ fwriter.close();
+ System.setProperty("java.security.auth.login.config",
+ saslConfFile.getAbsolutePath());
+
+ testJaasConfig = ZKUtil.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));
+ assertEquals(testJaasConfig, false);
+ saslConfFile.delete();
+ }
}