HADOOP-7887. KerberosAuthenticatorHandler is not setting KerberosName name rules from configuration. (tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1211673 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2011-12-07 22:17:35 +00:00
parent a27adf3de4
commit 58361d3f34
5 changed files with 58 additions and 2 deletions

View File

@ -55,6 +55,8 @@
* It does not have a default value.</li> * It does not have a default value.</li>
* <li>kerberos.keytab: the keytab file containing the credentials for the Kerberos principal. * <li>kerberos.keytab: the keytab file containing the credentials for the Kerberos principal.
* It does not have a default value.</li> * It does not have a default value.</li>
* <li>kerberos.name.rules: kerberos names rules to resolve principal names, see
* {@link KerberosName#setRules(String)}</li>
* </ul> * </ul>
*/ */
public class KerberosAuthenticationHandler implements AuthenticationHandler { public class KerberosAuthenticationHandler implements AuthenticationHandler {
@ -151,6 +153,11 @@ public void init(Properties config) throws ServletException {
throw new ServletException("Keytab does not exist: " + keytab); throw new ServletException("Keytab does not exist: " + keytab);
} }
String nameRules = config.getProperty(NAME_RULES, null);
if (nameRules != null) {
KerberosName.setRules(nameRules);
}
Set<Principal> principals = new HashSet<Principal>(); Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal)); principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());

View File

@ -385,6 +385,15 @@ public static void setRules(String ruleString) {
rules = parseRules(ruleString); rules = parseRules(ruleString);
} }
/**
* Indicates if the name rules have been set.
*
* @return if the name rules have been set.
*/
public static boolean hasRulesBeenSet() {
return rules != null;
}
static void printRules() throws IOException { static void printRules() throws IOException {
int i = 0; int i = 0;
for(Rule r: rules) { for(Rule r: rules) {

View File

@ -18,6 +18,7 @@
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
import junit.framework.TestCase; import junit.framework.TestCase;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager; import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName; import org.ietf.jgss.GSSName;
@ -59,6 +60,35 @@ protected void tearDown() throws Exception {
super.tearDown(); super.tearDown();
} }
public void testNameRules() throws Exception {
KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
//destroy handler created in setUp()
handler.destroy();
KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT");
handler = new KerberosAuthenticationHandler();
Properties props = new Properties();
props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
try {
handler.init(props);
} catch (Exception ex) {
}
kn = new KerberosName("bar@BAR");
assertEquals("bar", kn.getShortName());
kn = new KerberosName("bar@FOO");
try {
kn.getShortName();
fail();
}
catch (Exception ex) {
}
}
public void testInit() throws Exception { public void testInit() throws Exception {
assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal()); assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal());
assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());

View File

@ -117,6 +117,9 @@ Trunk (unreleased changes)
HADOOP-7874. native libs should be under lib/native/ dir. (tucu) HADOOP-7874. native libs should be under lib/native/ dir. (tucu)
HADOOP-7887. KerberosAuthenticatorHandler is not setting
KerberosName name rules from configuration. (tucu)
OPTIMIZATIONS OPTIMIZATIONS
HADOOP-7761. Improve the performance of raw comparisons. (todd) HADOOP-7761. Improve the performance of raw comparisons. (todd)

View File

@ -56,13 +56,20 @@ public HadoopKerberosName(String name) {
} }
/** /**
* Set the static configuration to get the rules. * Set the static configuration to get the rules.
* <p/>
* IMPORTANT: This method does a NOP if the rules have been set already.
* If there is a need to reset the rules, the {@link KerberosName#setRules(String)}
* method should be invoked directly.
*
* @param conf the new configuration * @param conf the new configuration
* @throws IOException * @throws IOException
*/ */
public static void setConfiguration(Configuration conf) throws IOException { public static void setConfiguration(Configuration conf) throws IOException {
if (!hasRulesBeenSet()) {
String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT"); String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
setRules(ruleString); setRules(ruleString);
} }
}
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
setConfiguration(new Configuration()); setConfiguration(new Configuration());