HDFS-14322. RBF: Security manager should not load if security is disabled. Contributed by CR Hota.

This commit is contained in:
Inigo Goiri 2019-02-27 18:34:42 -08:00 committed by Brahma Reddy Battula
parent c4b1fa91fa
commit 1c7ab59be3
1 changed files with 10 additions and 2 deletions

View File

@ -26,6 +26,7 @@ import org.apache.hadoop.hdfs.server.federation.router.RBFConfigKeys;
import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer; import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.SecretManager;
@ -49,7 +50,13 @@ public class RouterSecurityManager {
dtSecretManager = null; dtSecretManager = null;
public RouterSecurityManager(Configuration conf) { public RouterSecurityManager(Configuration conf) {
this.dtSecretManager = newSecretManager(conf); AuthenticationMethod authMethodConfigured =
SecurityUtil.getAuthenticationMethod(conf);
AuthenticationMethod authMethodToInit =
AuthenticationMethod.KERBEROS;
if (authMethodConfigured.equals(authMethodToInit)) {
this.dtSecretManager = newSecretManager(conf);
}
} }
@VisibleForTesting @VisibleForTesting
@ -78,7 +85,8 @@ public class RouterSecurityManager {
constructor.newInstance(conf); constructor.newInstance(conf);
LOG.info("Delegation token secret manager object instantiated"); LOG.info("Delegation token secret manager object instantiated");
} catch (ReflectiveOperationException e) { } catch (ReflectiveOperationException e) {
LOG.error("Could not instantiate: {}", clazz.getSimpleName(), e); LOG.error("Could not instantiate: {}", clazz.getSimpleName(),
e.getCause());
return null; return null;
} catch (RuntimeException e) { } catch (RuntimeException e) {
LOG.error("RuntimeException to instantiate: {}", LOG.error("RuntimeException to instantiate: {}",