Clean up an IPC error message. Contributed by Aaron T. Myers.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1494703 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
d8203c0ae9
commit
683448125e
|
@ -202,5 +202,8 @@ public class CommonConfigurationKeys extends CommonConfigurationKeysPublic {
|
|||
|
||||
public static final long HADOOP_SECURITY_UID_NAME_CACHE_TIMEOUT_DEFAULT =
|
||||
4*60*60; // 4 hours
|
||||
|
||||
public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY = "ipc.client.fallback-to-simple-auth-allowed";
|
||||
public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
|
||||
|
||||
}
|
||||
|
|
|
@ -108,6 +108,8 @@ public class Client {
|
|||
private int refCount = 1;
|
||||
|
||||
private final int connectionTimeout;
|
||||
|
||||
private final boolean fallbackAllowed;
|
||||
|
||||
final static int PING_CALL_ID = -1;
|
||||
|
||||
|
@ -454,7 +456,8 @@ public class Client {
|
|||
private synchronized boolean setupSaslConnection(final InputStream in2,
|
||||
final OutputStream out2)
|
||||
throws IOException {
|
||||
saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal);
|
||||
saslRpcClient = new SaslRpcClient(authMethod, token, serverPrincipal,
|
||||
fallbackAllowed);
|
||||
return saslRpcClient.saslConnect(in2, out2);
|
||||
}
|
||||
|
||||
|
@ -1076,6 +1079,8 @@ public class Client {
|
|||
this.socketFactory = factory;
|
||||
this.connectionTimeout = conf.getInt(CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_KEY,
|
||||
CommonConfigurationKeys.IPC_CLIENT_CONNECT_TIMEOUT_DEFAULT);
|
||||
this.fallbackAllowed = conf.getBoolean(CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
|
||||
CommonConfigurationKeys.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -59,6 +59,7 @@ public class SaslRpcClient {
|
|||
public static final Log LOG = LogFactory.getLog(SaslRpcClient.class);
|
||||
|
||||
private final SaslClient saslClient;
|
||||
private final boolean fallbackAllowed;
|
||||
|
||||
/**
|
||||
* Create a SaslRpcClient for an authentication method
|
||||
|
@ -69,8 +70,10 @@ public class SaslRpcClient {
|
|||
* token to use if needed by the authentication method
|
||||
*/
|
||||
public SaslRpcClient(AuthMethod method,
|
||||
Token<? extends TokenIdentifier> token, String serverPrincipal)
|
||||
Token<? extends TokenIdentifier> token, String serverPrincipal,
|
||||
boolean fallbackAllowed)
|
||||
throws IOException {
|
||||
this.fallbackAllowed = fallbackAllowed;
|
||||
String saslUser = null;
|
||||
String saslProtocol = null;
|
||||
String saslServerName = null;
|
||||
|
@ -155,6 +158,11 @@ public class SaslRpcClient {
|
|||
readStatus(inStream);
|
||||
int len = inStream.readInt();
|
||||
if (len == SaslRpcServer.SWITCH_TO_SIMPLE_AUTH) {
|
||||
if (!fallbackAllowed) {
|
||||
throw new IOException("Server asks us to fall back to SIMPLE " +
|
||||
"auth, but this client is configured to only allow secure " +
|
||||
"connections.");
|
||||
}
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Server asks us to fall back to simple auth.");
|
||||
saslClient.dispose();
|
||||
|
|
|
@ -1189,4 +1189,17 @@
|
|||
</description>
|
||||
</property>
|
||||
|
||||
<property>
|
||||
<name>ipc.client.fallback-to-simple-auth-allowed</name>
|
||||
<value>false</value>
|
||||
<description>
|
||||
When a client is configured to attempt a secure connection, but attempts to
|
||||
connect to an insecure server, that server may instruct the client to
|
||||
switch to SASL SIMPLE (unsecure) authentication. This setting controls
|
||||
whether or not the client will accept this instruction from the server.
|
||||
When false (the default), the client will not allow the fallback to SIMPLE
|
||||
authentication, and will abort the connection.
|
||||
</description>
|
||||
</property>
|
||||
|
||||
</configuration>
|
||||
|
|
Loading…
Reference in New Issue