svn merge -c 1406684 FIXES: HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn via bobby)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1406685 13f79535-47bb-0310-9956-ffa450edef68
2012-11-07 15:59:56 +00:00 · 2012-11-07 15:59:56 +00:00 · 4b1b9270bc
parent 501b2758ce
commit 4b1b9270bc
3 changed files with 51 additions and 28 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -67,6 +67,9 @@ Release 2.0.3-alpha - Unreleased
    HADOOP-9010. Map UGI authenticationMethod to RPC authMethod (daryn via
    bobby)

+    HADOOP-9013. UGI should not hardcode loginUser's authenticationType (daryn
+    via bobby)
+
  OPTIMIZATIONS

    HADOOP-8866. SampleQuantiles#query is O(N^2) instead of O(N). (Andrew Wang
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@ -237,14 +237,17 @@ public class UserGroupInformation {
   */
  private static synchronized void initUGI(Configuration conf) {
    AuthenticationMethod auth = SecurityUtil.getAuthenticationMethod(conf);
-    if (auth == AuthenticationMethod.SIMPLE) {
-      useKerberos = false;
-    } else if (auth == AuthenticationMethod.KERBEROS) {
-      useKerberos = true;
-    } else {
-      throw new IllegalArgumentException("Invalid attribute value for " +
-                                         HADOOP_SECURITY_AUTHENTICATION + 
-                                         " of " + auth);
+    switch (auth) {
+      case SIMPLE:
+        useKerberos = false;
+        break;
+      case KERBEROS:
+        useKerberos = true;
+        break;
+      default:
+        throw new IllegalArgumentException("Invalid attribute value for " +
+                                           HADOOP_SECURITY_AUTHENTICATION + 
+                                           " of " + auth);
    }
    // If we haven't set up testing groups, use the configuration to find it
    if (!(groups instanceof TestingGroups)) {
@ -626,19 +629,20 @@ public class UserGroupInformation {
      try {
        Subject subject = new Subject();
        LoginContext login;
+        AuthenticationMethod authenticationMethod;
        if (isSecurityEnabled()) {
+          authenticationMethod = AuthenticationMethod.KERBEROS;
          login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
              subject, new HadoopConfiguration());
        } else {
+          authenticationMethod = AuthenticationMethod.SIMPLE;
          login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME, 
              subject, new HadoopConfiguration());
        }
        login.login();
        loginUser = new UserGroupInformation(subject);
        loginUser.setLogin(login);
-        loginUser.setAuthenticationMethod(isSecurityEnabled() ?
-                                          AuthenticationMethod.KERBEROS :
-                                          AuthenticationMethod.SIMPLE);
+        loginUser.setAuthenticationMethod(authenticationMethod);
        loginUser = new UserGroupInformation(login.getSubject());
        String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
        if (fileLocation != null) {
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/ipc/TestSaslRPC.java
@ -43,14 +43,7 @@ import org.apache.hadoop.fs.CommonConfigurationKeys;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.ipc.Client.ConnectionId;
 import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.KerberosInfo;
-import org.apache.hadoop.security.SaslInputStream;
-import org.apache.hadoop.security.SaslRpcClient;
-import org.apache.hadoop.security.SaslRpcServer;
-import org.apache.hadoop.security.SecurityInfo;
-import org.apache.hadoop.security.SecurityUtil;
-import org.apache.hadoop.security.TestUserGroupInformation;
-import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.*;
 import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
 import org.apache.hadoop.security.token.SecretManager;
 import org.apache.hadoop.security.token.Token;
@ -58,8 +51,10 @@ import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.hadoop.security.token.TokenInfo;
 import org.apache.hadoop.security.token.TokenSelector;
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
+
 import org.apache.log4j.Level;
 import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;

 /** Unit tests for using Sasl over RPC. */
@ -77,6 +72,12 @@ public class TestSaslRPC {
  
  private static Configuration conf;
  
+  @BeforeClass
+  public static void setupKerb() {
+    System.setProperty("java.security.krb5.kdc", "");
+    System.setProperty("java.security.krb5.realm", "NONE"); 
+  }    
+
  @Before
  public void setup() {
    conf = new Configuration();
@ -539,21 +540,39 @@ public class TestSaslRPC {
      final boolean useToken,
      final boolean useValidToken) throws Exception {
    
-    Configuration serverConf = new Configuration(conf);
+    String currentUser = UserGroupInformation.getCurrentUser().getUserName();
+    
+    final Configuration serverConf = new Configuration(conf);
    SecurityUtil.setAuthenticationMethod(serverAuth, serverConf);
    UserGroupInformation.setConfiguration(serverConf);
    
-    TestTokenSecretManager sm = new TestTokenSecretManager();
-    Server server = new RPC.Builder(serverConf).setProtocol(TestSaslProtocol.class)
+    final UserGroupInformation serverUgi =
+        UserGroupInformation.createRemoteUser(currentUser + "-SERVER");
+    serverUgi.setAuthenticationMethod(serverAuth);
+
+    final TestTokenSecretManager sm = new TestTokenSecretManager();
+    Server server = serverUgi.doAs(new PrivilegedExceptionAction<Server>() {
+      @Override
+      public Server run() throws IOException {
+        Server server = new RPC.Builder(serverConf)
+        .setProtocol(TestSaslProtocol.class)
        .setInstance(new TestSaslImpl()).setBindAddress(ADDRESS).setPort(0)
        .setNumHandlers(5).setVerbose(true)
        .setSecretManager((serverAuth != SIMPLE) ? sm : null)
        .build();      
-    server.start();
+        server.start();
+        return server;
+      }
+    });
+
+    final Configuration clientConf = new Configuration(conf);
+    SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
+    UserGroupInformation.setConfiguration(clientConf);
    
    final UserGroupInformation clientUgi =
-        UserGroupInformation.createRemoteUser(
-            UserGroupInformation.getCurrentUser().getUserName()+"-CLIENT");
+        UserGroupInformation.createRemoteUser(currentUser + "-CLIENT");
+    clientUgi.setAuthenticationMethod(clientAuth);    
+
    final InetSocketAddress addr = NetUtils.getConnectAddress(server);
    if (useToken) {
      TestTokenIdentifier tokenId = new TestTokenIdentifier(
@ -568,9 +587,6 @@ public class TestSaslRPC {
      clientUgi.addToken(token);
    }

-    final Configuration clientConf = new Configuration(conf);
-    SecurityUtil.setAuthenticationMethod(clientAuth, clientConf);
-    UserGroupInformation.setConfiguration(clientConf);
    
    try {
      return clientUgi.doAs(new PrivilegedExceptionAction<String>() {