HADOOP-7887. KerberosAuthenticatorHandler is not setting KerberosName name rules from configuration. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1211673 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
a27adf3de4
commit
58361d3f34
|
@ -55,6 +55,8 @@ import java.util.Set;
|
||||||
* It does not have a default value.</li>
|
* It does not have a default value.</li>
|
||||||
* <li>kerberos.keytab: the keytab file containing the credentials for the Kerberos principal.
|
* <li>kerberos.keytab: the keytab file containing the credentials for the Kerberos principal.
|
||||||
* It does not have a default value.</li>
|
* It does not have a default value.</li>
|
||||||
|
* <li>kerberos.name.rules: kerberos names rules to resolve principal names, see
|
||||||
|
* {@link KerberosName#setRules(String)}</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
*/
|
*/
|
||||||
public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
||||||
|
@ -151,6 +153,11 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
||||||
throw new ServletException("Keytab does not exist: " + keytab);
|
throw new ServletException("Keytab does not exist: " + keytab);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String nameRules = config.getProperty(NAME_RULES, null);
|
||||||
|
if (nameRules != null) {
|
||||||
|
KerberosName.setRules(nameRules);
|
||||||
|
}
|
||||||
|
|
||||||
Set<Principal> principals = new HashSet<Principal>();
|
Set<Principal> principals = new HashSet<Principal>();
|
||||||
principals.add(new KerberosPrincipal(principal));
|
principals.add(new KerberosPrincipal(principal));
|
||||||
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
|
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
|
||||||
|
|
|
@ -385,6 +385,15 @@ public class KerberosName {
|
||||||
rules = parseRules(ruleString);
|
rules = parseRules(ruleString);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Indicates if the name rules have been set.
|
||||||
|
*
|
||||||
|
* @return if the name rules have been set.
|
||||||
|
*/
|
||||||
|
public static boolean hasRulesBeenSet() {
|
||||||
|
return rules != null;
|
||||||
|
}
|
||||||
|
|
||||||
static void printRules() throws IOException {
|
static void printRules() throws IOException {
|
||||||
int i = 0;
|
int i = 0;
|
||||||
for(Rule r: rules) {
|
for(Rule r: rules) {
|
||||||
|
|
|
@ -18,6 +18,7 @@ import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||||
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
|
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
|
||||||
import junit.framework.TestCase;
|
import junit.framework.TestCase;
|
||||||
import org.apache.commons.codec.binary.Base64;
|
import org.apache.commons.codec.binary.Base64;
|
||||||
|
import org.apache.hadoop.security.authentication.util.KerberosName;
|
||||||
import org.ietf.jgss.GSSContext;
|
import org.ietf.jgss.GSSContext;
|
||||||
import org.ietf.jgss.GSSManager;
|
import org.ietf.jgss.GSSManager;
|
||||||
import org.ietf.jgss.GSSName;
|
import org.ietf.jgss.GSSName;
|
||||||
|
@ -59,6 +60,35 @@ public class TestKerberosAuthenticationHandler extends TestCase {
|
||||||
super.tearDown();
|
super.tearDown();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testNameRules() throws Exception {
|
||||||
|
KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
|
||||||
|
assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
|
||||||
|
|
||||||
|
//destroy handler created in setUp()
|
||||||
|
handler.destroy();
|
||||||
|
|
||||||
|
KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT");
|
||||||
|
|
||||||
|
handler = new KerberosAuthenticationHandler();
|
||||||
|
Properties props = new Properties();
|
||||||
|
props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
|
||||||
|
props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
|
||||||
|
props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
|
||||||
|
try {
|
||||||
|
handler.init(props);
|
||||||
|
} catch (Exception ex) {
|
||||||
|
}
|
||||||
|
kn = new KerberosName("bar@BAR");
|
||||||
|
assertEquals("bar", kn.getShortName());
|
||||||
|
kn = new KerberosName("bar@FOO");
|
||||||
|
try {
|
||||||
|
kn.getShortName();
|
||||||
|
fail();
|
||||||
|
}
|
||||||
|
catch (Exception ex) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public void testInit() throws Exception {
|
public void testInit() throws Exception {
|
||||||
assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal());
|
assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal());
|
||||||
assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
|
assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
|
||||||
|
|
|
@ -117,6 +117,9 @@ Trunk (unreleased changes)
|
||||||
|
|
||||||
HADOOP-7874. native libs should be under lib/native/ dir. (tucu)
|
HADOOP-7874. native libs should be under lib/native/ dir. (tucu)
|
||||||
|
|
||||||
|
HADOOP-7887. KerberosAuthenticatorHandler is not setting
|
||||||
|
KerberosName name rules from configuration. (tucu)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
HADOOP-7761. Improve the performance of raw comparisons. (todd)
|
HADOOP-7761. Improve the performance of raw comparisons. (todd)
|
||||||
|
|
|
@ -56,12 +56,19 @@ public class HadoopKerberosName extends KerberosName {
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* Set the static configuration to get the rules.
|
* Set the static configuration to get the rules.
|
||||||
|
* <p/>
|
||||||
|
* IMPORTANT: This method does a NOP if the rules have been set already.
|
||||||
|
* If there is a need to reset the rules, the {@link KerberosName#setRules(String)}
|
||||||
|
* method should be invoked directly.
|
||||||
|
*
|
||||||
* @param conf the new configuration
|
* @param conf the new configuration
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
public static void setConfiguration(Configuration conf) throws IOException {
|
public static void setConfiguration(Configuration conf) throws IOException {
|
||||||
String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
|
if (!hasRulesBeenSet()) {
|
||||||
setRules(ruleString);
|
String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
|
||||||
|
setRules(ruleString);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) throws Exception {
|
public static void main(String[] args) throws Exception {
|
||||||
|
|
Loading…
Reference in New Issue