You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bo...@apache.org on 2012/11/07 16:59:56 UTC
svn commit: r1406685 - in
/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common:
CHANGES.txt
src/main/java/org/apache/hadoop/security/UserGroupInformation.java
src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
Author: bobby
Date: Wed Nov 7 15:59:56 2012
New Revision: 1406685
URL: http://svn.apache.org/viewvc?rev=1406685&view=rev
Log:
svn merge -c 1406684 FIXES: HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn via bobby)
Modified:
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1406685&r1=1406684&r2=1406685&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Wed Nov 7 15:59:56 2012
@@ -67,6 +67,9 @@ Release 2.0.3-alpha - Unreleased
HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via
bobby)
+ HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn
+ via bobby)
+
OPTIMIZATIONS
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1406685&r1=1406684&r2=1406685&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Wed Nov 7 15:59:56 2012
@@ -237,14 +237,17 @@ public class UserGroupInformation {
*/
private static synchronized void initUGI(Configuration conf) {
AuthenticationMethod auth = SecurityUtil.getAuthenticationMethod(conf);
- if (auth == AuthenticationMethod.SIMPLE) {
- useKerberos = false;
- } else if (auth == AuthenticationMethod.KERBEROS) {
- useKerberos = true;
- } else {
- throw new IllegalArgumentException("Invalid attribute value for " +
- HADOOP_SECURITY_AUTHENTICATION +
- " of " + auth);
+ switch (auth) {
+ case SIMPLE:
+ useKerberos = false;
+ break;
+ case KERBEROS:
+ useKerberos = true;
+ break;
+ default:
+ throw new IllegalArgumentException("Invalid attribute value for " +
+ HADOOP_SECURITY_AUTHENTICATION +
+ " of " + auth);
}
// If we haven't set up testing groups, use the configuration to find it
if (!(groups instanceof TestingGroups)) {
@@ -626,19 +629,20 @@ public class UserGroupInformation {
try {
Subject subject = new Subject();
LoginContext login;
+ AuthenticationMethod authenticationMethod;
if (isSecurityEnabled()) {
+ authenticationMethod = AuthenticationMethod.KERBEROS;
login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
subject, new HadoopConfiguration());
} else {
+ authenticationMethod = AuthenticationMethod.SIMPLE;
login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME,
subject, new HadoopConfiguration());
}
login.login();
loginUser = new UserGroupInformation(subject);
loginUser.setLogin(login);
- loginUser.setAuthenticationMethod(isSecurityEnabled() ?
- AuthenticationMethod.KERBEROS :
- AuthenticationMethod.SIMPLE);
+ loginUser.setAuthenticationMethod(authenticationMethod);
loginUser = new UserGroupInformation(login.getSubject());
String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
if (fileLocation != null) {
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java?rev=1406685&r1=1406684&r2=1406685&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java (original)
+++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java Wed Nov 7 15:59:56 2012
@@ -43,14 +43,7 @@ import org.apache.hadoop.fs.CommonConfig
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client.ConnectionId;
import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.KerberosInfo;
-import org.apache.hadoop.security.SaslInputStream;
-import org.apache.hadoop.security.SaslRpcClient;
-import org.apache.hadoop.security.SaslRpcServer;
-import org.apache.hadoop.security.SecurityInfo;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.TestUserGroupInformation;
-import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.*;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
@@ -58,8 +51,10 @@ import org.apache.hadoop.security.token.
import org.apache.hadoop.security.token.TokenInfo;
import org.apache.hadoop.security.token.TokenSelector;
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
+
import org.apache.log4j.Level;
import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
/** Unit tests for using Sasl over RPC. */
@@ -76,6 +71,12 @@ public class TestSaslRPC {
static final String SERVER_PRINCIPAL_2 = "p2/foo@BAR";
private static Configuration conf;
+
+ @BeforeClass
+ public static void setupKerb() {
+ System.setProperty("java.security.krb5.kdc", "");
+ System.setProperty("java.security.krb5.realm", "NONE");
+ }
@Before
public void setup() {
@@ -539,21 +540,39 @@ public class TestSaslRPC {
final boolean useToken,
final boolean useValidToken) throws Exception {
- Configuration serverConf = new Configuration(conf);
+ String currentUser = UserGroupInformation.getCurrentUser().getUserName();
+
+ final Configuration serverConf = new Configuration(conf);
SecurityUtil.setAuthenticationMethod(serverAuth, serverConf);
UserGroupInformation.setConfiguration(serverConf);
- TestTokenSecretManager sm = new TestTokenSecretManager();
- Server server = new RPC.Builder(serverConf).setProtocol(TestSaslProtocol.class)
+ final UserGroupInformation serverUgi =
+ UserGroupInformation.createRemoteUser(currentUser + "-SERVER");
+ serverUgi.setAuthenticationMethod(serverAuth);
+
+ final TestTokenSecretManager sm = new TestTokenSecretManager();
+ Server server = serverUgi.doAs(new PrivilegedExceptionAction<Server>() {
+ @Override
+ public Server run() throws IOException {
+ Server server = new RPC.Builder(serverConf)
+ .setProtocol(TestSaslProtocol.class)
.setInstance(new TestSaslImpl()).setBindAddress(ADDRESS).setPort(0)
.setNumHandlers(5).setVerbose(true)
.setSecretManager((serverAuth != SIMPLE) ? sm : null)
.build();
- server.start();
+ server.start();
+ return server;
+ }
+ });
+ final Configuration clientConf = new Configuration(conf);
+ SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
+ UserGroupInformation.setConfiguration(clientConf);
+
final UserGroupInformation clientUgi =
- UserGroupInformation.createRemoteUser(
- UserGroupInformation.getCurrentUser().getUserName()+"-CLIENT");
+ UserGroupInformation.createRemoteUser(currentUser + "-CLIENT");
+ clientUgi.setAuthenticationMethod(clientAuth);
+
final InetSocketAddress addr = NetUtils.getConnectAddress(server);
if (useToken) {
TestTokenIdentifier tokenId = new TestTokenIdentifier(
@@ -568,9 +587,6 @@ public class TestSaslRPC {
clientUgi.addToken(token);
}
- final Configuration clientConf = new Configuration(conf);
- SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
- UserGroupInformation.setConfiguration(clientConf);
try {
return clientUgi.doAs(new PrivilegedExceptionAction<String>() {