svn merge -c 1406684 FIXES: HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn via bobby)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1406685 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
501b2758ce
commit
4b1b9270bc
|
@ -67,6 +67,9 @@ Release 2.0.3-alpha - Unreleased
|
||||||
HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via
|
HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via
|
||||||
bobby)
|
bobby)
|
||||||
|
|
||||||
|
HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn
|
||||||
|
via bobby)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
|
HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
|
||||||
|
|
|
@ -237,14 +237,17 @@ public class UserGroupInformation {
|
||||||
*/
|
*/
|
||||||
private static synchronized void initUGI(Configuration conf) {
|
private static synchronized void initUGI(Configuration conf) {
|
||||||
AuthenticationMethod auth = SecurityUtil.getAuthenticationMethod(conf);
|
AuthenticationMethod auth = SecurityUtil.getAuthenticationMethod(conf);
|
||||||
if (auth == AuthenticationMethod.SIMPLE) {
|
switch (auth) {
|
||||||
useKerberos = false;
|
case SIMPLE:
|
||||||
} else if (auth == AuthenticationMethod.KERBEROS) {
|
useKerberos = false;
|
||||||
useKerberos = true;
|
break;
|
||||||
} else {
|
case KERBEROS:
|
||||||
throw new IllegalArgumentException("Invalid attribute value for " +
|
useKerberos = true;
|
||||||
HADOOP_SECURITY_AUTHENTICATION +
|
break;
|
||||||
" of " + auth);
|
default:
|
||||||
|
throw new IllegalArgumentException("Invalid attribute value for " +
|
||||||
|
HADOOP_SECURITY_AUTHENTICATION +
|
||||||
|
" of " + auth);
|
||||||
}
|
}
|
||||||
// If we haven't set up testing groups, use the configuration to find it
|
// If we haven't set up testing groups, use the configuration to find it
|
||||||
if (!(groups instanceof TestingGroups)) {
|
if (!(groups instanceof TestingGroups)) {
|
||||||
|
@ -626,19 +629,20 @@ public class UserGroupInformation {
|
||||||
try {
|
try {
|
||||||
Subject subject = new Subject();
|
Subject subject = new Subject();
|
||||||
LoginContext login;
|
LoginContext login;
|
||||||
|
AuthenticationMethod authenticationMethod;
|
||||||
if (isSecurityEnabled()) {
|
if (isSecurityEnabled()) {
|
||||||
|
authenticationMethod = AuthenticationMethod.KERBEROS;
|
||||||
login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
|
login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
|
||||||
subject, new HadoopConfiguration());
|
subject, new HadoopConfiguration());
|
||||||
} else {
|
} else {
|
||||||
|
authenticationMethod = AuthenticationMethod.SIMPLE;
|
||||||
login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME,
|
login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME,
|
||||||
subject, new HadoopConfiguration());
|
subject, new HadoopConfiguration());
|
||||||
}
|
}
|
||||||
login.login();
|
login.login();
|
||||||
loginUser = new UserGroupInformation(subject);
|
loginUser = new UserGroupInformation(subject);
|
||||||
loginUser.setLogin(login);
|
loginUser.setLogin(login);
|
||||||
loginUser.setAuthenticationMethod(isSecurityEnabled() ?
|
loginUser.setAuthenticationMethod(authenticationMethod);
|
||||||
AuthenticationMethod.KERBEROS :
|
|
||||||
AuthenticationMethod.SIMPLE);
|
|
||||||
loginUser = new UserGroupInformation(login.getSubject());
|
loginUser = new UserGroupInformation(login.getSubject());
|
||||||
String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
|
String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
|
||||||
if (fileLocation != null) {
|
if (fileLocation != null) {
|
||||||
|
|
|
@ -43,14 +43,7 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
|
||||||
import org.apache.hadoop.io.Text;
|
import org.apache.hadoop.io.Text;
|
||||||
import org.apache.hadoop.ipc.Client.ConnectionId;
|
import org.apache.hadoop.ipc.Client.ConnectionId;
|
||||||
import org.apache.hadoop.net.NetUtils;
|
import org.apache.hadoop.net.NetUtils;
|
||||||
import org.apache.hadoop.security.KerberosInfo;
|
import org.apache.hadoop.security.*;
|
||||||
import org.apache.hadoop.security.SaslInputStream;
|
|
||||||
import org.apache.hadoop.security.SaslRpcClient;
|
|
||||||
import org.apache.hadoop.security.SaslRpcServer;
|
|
||||||
import org.apache.hadoop.security.SecurityInfo;
|
|
||||||
import org.apache.hadoop.security.SecurityUtil;
|
|
||||||
import org.apache.hadoop.security.TestUserGroupInformation;
|
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
|
||||||
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
||||||
import org.apache.hadoop.security.token.SecretManager;
|
import org.apache.hadoop.security.token.SecretManager;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
|
@ -58,8 +51,10 @@ import org.apache.hadoop.security.token.TokenIdentifier;
|
||||||
import org.apache.hadoop.security.token.TokenInfo;
|
import org.apache.hadoop.security.token.TokenInfo;
|
||||||
import org.apache.hadoop.security.token.TokenSelector;
|
import org.apache.hadoop.security.token.TokenSelector;
|
||||||
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
|
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
|
||||||
|
|
||||||
import org.apache.log4j.Level;
|
import org.apache.log4j.Level;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
/** Unit tests for using Sasl over RPC. */
|
/** Unit tests for using Sasl over RPC. */
|
||||||
|
@ -76,6 +71,12 @@ public class TestSaslRPC {
|
||||||
static final String SERVER_PRINCIPAL_2 = "p2/foo@BAR";
|
static final String SERVER_PRINCIPAL_2 = "p2/foo@BAR";
|
||||||
|
|
||||||
private static Configuration conf;
|
private static Configuration conf;
|
||||||
|
|
||||||
|
@BeforeClass
|
||||||
|
public static void setupKerb() {
|
||||||
|
System.setProperty("java.security.krb5.kdc", "");
|
||||||
|
System.setProperty("java.security.krb5.realm", "NONE");
|
||||||
|
}
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
|
@ -539,21 +540,39 @@ public class TestSaslRPC {
|
||||||
final boolean useToken,
|
final boolean useToken,
|
||||||
final boolean useValidToken) throws Exception {
|
final boolean useValidToken) throws Exception {
|
||||||
|
|
||||||
Configuration serverConf = new Configuration(conf);
|
String currentUser = UserGroupInformation.getCurrentUser().getUserName();
|
||||||
|
|
||||||
|
final Configuration serverConf = new Configuration(conf);
|
||||||
SecurityUtil.setAuthenticationMethod(serverAuth, serverConf);
|
SecurityUtil.setAuthenticationMethod(serverAuth, serverConf);
|
||||||
UserGroupInformation.setConfiguration(serverConf);
|
UserGroupInformation.setConfiguration(serverConf);
|
||||||
|
|
||||||
TestTokenSecretManager sm = new TestTokenSecretManager();
|
final UserGroupInformation serverUgi =
|
||||||
Server server = new RPC.Builder(serverConf).setProtocol(TestSaslProtocol.class)
|
UserGroupInformation.createRemoteUser(currentUser + "-SERVER");
|
||||||
|
serverUgi.setAuthenticationMethod(serverAuth);
|
||||||
|
|
||||||
|
final TestTokenSecretManager sm = new TestTokenSecretManager();
|
||||||
|
Server server = serverUgi.doAs(new PrivilegedExceptionAction<Server>() {
|
||||||
|
@Override
|
||||||
|
public Server run() throws IOException {
|
||||||
|
Server server = new RPC.Builder(serverConf)
|
||||||
|
.setProtocol(TestSaslProtocol.class)
|
||||||
.setInstance(new TestSaslImpl()).setBindAddress(ADDRESS).setPort(0)
|
.setInstance(new TestSaslImpl()).setBindAddress(ADDRESS).setPort(0)
|
||||||
.setNumHandlers(5).setVerbose(true)
|
.setNumHandlers(5).setVerbose(true)
|
||||||
.setSecretManager((serverAuth != SIMPLE) ? sm : null)
|
.setSecretManager((serverAuth != SIMPLE) ? sm : null)
|
||||||
.build();
|
.build();
|
||||||
server.start();
|
server.start();
|
||||||
|
return server;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
final Configuration clientConf = new Configuration(conf);
|
||||||
|
SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
|
||||||
|
UserGroupInformation.setConfiguration(clientConf);
|
||||||
|
|
||||||
final UserGroupInformation clientUgi =
|
final UserGroupInformation clientUgi =
|
||||||
UserGroupInformation.createRemoteUser(
|
UserGroupInformation.createRemoteUser(currentUser + "-CLIENT");
|
||||||
UserGroupInformation.getCurrentUser().getUserName()+"-CLIENT");
|
clientUgi.setAuthenticationMethod(clientAuth);
|
||||||
|
|
||||||
final InetSocketAddress addr = NetUtils.getConnectAddress(server);
|
final InetSocketAddress addr = NetUtils.getConnectAddress(server);
|
||||||
if (useToken) {
|
if (useToken) {
|
||||||
TestTokenIdentifier tokenId = new TestTokenIdentifier(
|
TestTokenIdentifier tokenId = new TestTokenIdentifier(
|
||||||
|
@ -568,9 +587,6 @@ public class TestSaslRPC {
|
||||||
clientUgi.addToken(token);
|
clientUgi.addToken(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
final Configuration clientConf = new Configuration(conf);
|
|
||||||
SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
|
|
||||||
UserGroupInformation.setConfiguration(clientConf);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return clientUgi.doAs(new PrivilegedExceptionAction<String>() {
|
return clientUgi.doAs(new PrivilegedExceptionAction<String>() {
|
||||||
|
|
Loading…
Reference in New Issue