svn merge -c 1406684 FIXES: HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn via bobby)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1406685 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Robert Joseph Evans 2012-11-07 15:59:56 +00:00
parent 501b2758ce
commit 4b1b9270bc
3 changed files with 51 additions and 28 deletions

View File

@ -67,6 +67,9 @@ Release 2.0.3-alpha - Unreleased
HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via
bobby) bobby)
HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn
via bobby)
OPTIMIZATIONS OPTIMIZATIONS
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang

View File

@ -237,14 +237,17 @@ public class UserGroupInformation {
*/ */
private static synchronized void initUGI(Configuration conf) { private static synchronized void initUGI(Configuration conf) {
AuthenticationMethod auth = SecurityUtil.getAuthenticationMethod(conf); AuthenticationMethod auth = SecurityUtil.getAuthenticationMethod(conf);
if (auth == AuthenticationMethod.SIMPLE) { switch (auth) {
useKerberos = false; case SIMPLE:
} else if (auth == AuthenticationMethod.KERBEROS) { useKerberos = false;
useKerberos = true; break;
} else { case KERBEROS:
throw new IllegalArgumentException("Invalid attribute value for " + useKerberos = true;
HADOOP_SECURITY_AUTHENTICATION + break;
" of " + auth); default:
throw new IllegalArgumentException("Invalid attribute value for " +
HADOOP_SECURITY_AUTHENTICATION +
" of " + auth);
} }
// If we haven't set up testing groups, use the configuration to find it // If we haven't set up testing groups, use the configuration to find it
if (!(groups instanceof TestingGroups)) { if (!(groups instanceof TestingGroups)) {
@ -626,19 +629,20 @@ public class UserGroupInformation {
try { try {
Subject subject = new Subject(); Subject subject = new Subject();
LoginContext login; LoginContext login;
AuthenticationMethod authenticationMethod;
if (isSecurityEnabled()) { if (isSecurityEnabled()) {
authenticationMethod = AuthenticationMethod.KERBEROS;
login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME, login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
subject, new HadoopConfiguration()); subject, new HadoopConfiguration());
} else { } else {
authenticationMethod = AuthenticationMethod.SIMPLE;
login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME, login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME,
subject, new HadoopConfiguration()); subject, new HadoopConfiguration());
} }
login.login(); login.login();
loginUser = new UserGroupInformation(subject); loginUser = new UserGroupInformation(subject);
loginUser.setLogin(login); loginUser.setLogin(login);
loginUser.setAuthenticationMethod(isSecurityEnabled() ? loginUser.setAuthenticationMethod(authenticationMethod);
AuthenticationMethod.KERBEROS :
AuthenticationMethod.SIMPLE);
loginUser = new UserGroupInformation(login.getSubject()); loginUser = new UserGroupInformation(login.getSubject());
String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION); String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
if (fileLocation != null) { if (fileLocation != null) {

View File

@ -43,14 +43,7 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.Client.ConnectionId; import org.apache.hadoop.ipc.Client.ConnectionId;
import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.KerberosInfo; import org.apache.hadoop.security.*;
import org.apache.hadoop.security.SaslInputStream;
import org.apache.hadoop.security.SaslRpcClient;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityInfo;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.TestUserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
@ -58,8 +51,10 @@ import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.security.token.TokenInfo; import org.apache.hadoop.security.token.TokenInfo;
import org.apache.hadoop.security.token.TokenSelector; import org.apache.hadoop.security.token.TokenSelector;
import org.apache.hadoop.security.token.SecretManager.InvalidToken; import org.apache.hadoop.security.token.SecretManager.InvalidToken;
import org.apache.log4j.Level; import org.apache.log4j.Level;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
/** Unit tests for using Sasl over RPC. */ /** Unit tests for using Sasl over RPC. */
@ -77,6 +72,12 @@ public class TestSaslRPC {
private static Configuration conf; private static Configuration conf;
@BeforeClass
public static void setupKerb() {
System.setProperty("java.security.krb5.kdc", "");
System.setProperty("java.security.krb5.realm", "NONE");
}
@Before @Before
public void setup() { public void setup() {
conf = new Configuration(); conf = new Configuration();
@ -539,21 +540,39 @@ public class TestSaslRPC {
final boolean useToken, final boolean useToken,
final boolean useValidToken) throws Exception { final boolean useValidToken) throws Exception {
Configuration serverConf = new Configuration(conf); String currentUser = UserGroupInformation.getCurrentUser().getUserName();
final Configuration serverConf = new Configuration(conf);
SecurityUtil.setAuthenticationMethod(serverAuth, serverConf); SecurityUtil.setAuthenticationMethod(serverAuth, serverConf);
UserGroupInformation.setConfiguration(serverConf); UserGroupInformation.setConfiguration(serverConf);
TestTokenSecretManager sm = new TestTokenSecretManager(); final UserGroupInformation serverUgi =
Server server = new RPC.Builder(serverConf).setProtocol(TestSaslProtocol.class) UserGroupInformation.createRemoteUser(currentUser + "-SERVER");
serverUgi.setAuthenticationMethod(serverAuth);
final TestTokenSecretManager sm = new TestTokenSecretManager();
Server server = serverUgi.doAs(new PrivilegedExceptionAction<Server>() {
@Override
public Server run() throws IOException {
Server server = new RPC.Builder(serverConf)
.setProtocol(TestSaslProtocol.class)
.setInstance(new TestSaslImpl()).setBindAddress(ADDRESS).setPort(0) .setInstance(new TestSaslImpl()).setBindAddress(ADDRESS).setPort(0)
.setNumHandlers(5).setVerbose(true) .setNumHandlers(5).setVerbose(true)
.setSecretManager((serverAuth != SIMPLE) ? sm : null) .setSecretManager((serverAuth != SIMPLE) ? sm : null)
.build(); .build();
server.start(); server.start();
return server;
}
});
final Configuration clientConf = new Configuration(conf);
SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
UserGroupInformation.setConfiguration(clientConf);
final UserGroupInformation clientUgi = final UserGroupInformation clientUgi =
UserGroupInformation.createRemoteUser( UserGroupInformation.createRemoteUser(currentUser + "-CLIENT");
UserGroupInformation.getCurrentUser().getUserName()+"-CLIENT"); clientUgi.setAuthenticationMethod(clientAuth);
final InetSocketAddress addr = NetUtils.getConnectAddress(server); final InetSocketAddress addr = NetUtils.getConnectAddress(server);
if (useToken) { if (useToken) {
TestTokenIdentifier tokenId = new TestTokenIdentifier( TestTokenIdentifier tokenId = new TestTokenIdentifier(
@ -568,9 +587,6 @@ public class TestSaslRPC {
clientUgi.addToken(token); clientUgi.addToken(token);
} }
final Configuration clientConf = new Configuration(conf);
SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
UserGroupInformation.setConfiguration(clientConf);
try { try {
return clientUgi.doAs(new PrivilegedExceptionAction<String>() { return clientUgi.doAs(new PrivilegedExceptionAction<String>() {