From 29e1880d276da27df2c90cbefb463a0fa8a81e46 Mon Sep 17 00:00:00 2001 From: Siyao Meng <50227127+smengcl@users.noreply.github.com> Date: Tue, 24 Mar 2020 16:01:33 -0700 Subject: [PATCH] HADOOP-16935. Backport HADOOP-10848. Cleanup calling of sun.security.krb5.Config. (#1912) (cherry picked from commit 0d47d283a611b10cb7a842712cb01fa0c043bdc4) Co-authored-by: Akira Ajisaka --- .../authentication/util/KerberosUtil.java | 49 ++++++++++--------- .../client/impl/zk/RegistrySecurity.java | 17 ++----- 2 files changed, 29 insertions(+), 37 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java index c0110455ccb..bb8defc10e4 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java @@ -24,7 +24,6 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; import java.net.InetAddress; import java.net.UnknownHostException; import java.nio.ByteBuffer; @@ -44,6 +43,7 @@ import org.ietf.jgss.GSSException; import org.ietf.jgss.Oid; import javax.security.auth.Subject; +import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.kerberos.KeyTab; @@ -90,36 +90,37 @@ public class KerberosUtil { return (Oid)oidField.get(oidClass); } - public static String getDefaultRealm() - throws ClassNotFoundException, NoSuchMethodException, - IllegalArgumentException, IllegalAccessException, + /** + * Return the default realm for this JVM. + * + * @return The default realm + * @throws IllegalArgumentException If the default realm does not exist. + * @throws ClassNotFoundException Not thrown. Exists for compatibility. + * @throws NoSuchMethodException Not thrown. Exists for compatibility. + * @throws IllegalAccessException Not thrown. Exists for compatibility. + * @throws InvocationTargetException Not thrown. Exists for compatibility. + */ + public static String getDefaultRealm() + throws ClassNotFoundException, NoSuchMethodException, + IllegalArgumentException, IllegalAccessException, InvocationTargetException { - Object kerbConf; - Class classRef; - Method getInstanceMethod; - Method getDefaultRealmMethod; - if (IBM_JAVA) { - classRef = Class.forName("com.ibm.security.krb5.internal.Config"); - } else { - classRef = Class.forName("sun.security.krb5.Config"); - } - getInstanceMethod = classRef.getMethod("getInstance", new Class[0]); - kerbConf = getInstanceMethod.invoke(classRef, new Object[0]); - getDefaultRealmMethod = classRef.getDeclaredMethod("getDefaultRealm", - new Class[0]); - return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]); + // Any name is okay. + return new KerberosPrincipal("tmp", 1).getRealm(); } + /** + * Return the default realm for this JVM. + * If the default realm does not exist, this method returns null. + * + * @return The default realm + */ public static String getDefaultRealmProtected() { - String realmString = null; try { - realmString = getDefaultRealm(); - } catch (RuntimeException rte) { - //silently catch everything + return getDefaultRealm(); } catch (Exception e) { - //silently return null + //silently catch everything + return null; } - return realmString; } /* diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java index 12a41337cb1..dac11353a4a 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java @@ -42,7 +42,6 @@ import org.slf4j.LoggerFactory; import javax.security.auth.login.AppConfigurationEntry; import java.io.File; import java.io.IOException; -import java.lang.reflect.InvocationTargetException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collections; @@ -1039,19 +1038,11 @@ public class RegistrySecurity extends AbstractService { * could be determined */ public static String getDefaultRealmInJVM() { - try { - return KerberosUtil.getDefaultRealm(); - // JDK7 - } catch (ClassNotFoundException ignored) { - // ignored - } catch (NoSuchMethodException ignored) { - // ignored - } catch (IllegalAccessException ignored) { - // ignored - } catch (InvocationTargetException ignored) { - // ignored + String realm = KerberosUtil.getDefaultRealmProtected(); + if (realm == null) { + realm = ""; } - return ""; + return realm; } /**