SPNEGO TLS verification
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
This commit is contained in:
parent
f41a144077
commit
81d8a887b0
|
@ -152,6 +152,7 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
+ "/v" + VERSION;
|
+ "/v" + VERSION;
|
||||||
public static final String EZ_HEADER = "X-Hadoop-Accept-EZ";
|
public static final String EZ_HEADER = "X-Hadoop-Accept-EZ";
|
||||||
public static final String FEFINFO_HEADER = "X-Hadoop-feInfo";
|
public static final String FEFINFO_HEADER = "X-Hadoop-feInfo";
|
||||||
|
public static final String DFS_HTTP_POLICY_KEY = "dfs.http.policy";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default connection factory may be overridden in tests to use smaller
|
* Default connection factory may be overridden in tests to use smaller
|
||||||
|
@ -181,6 +182,7 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
|
|
||||||
private DFSOpsCountStatistics storageStatistics;
|
private DFSOpsCountStatistics storageStatistics;
|
||||||
private KeyProvider testProvider;
|
private KeyProvider testProvider;
|
||||||
|
private boolean isTLSKrb;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the protocol scheme for the FileSystem.
|
* Return the protocol scheme for the FileSystem.
|
||||||
|
@ -242,6 +244,7 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
.newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf);
|
.newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
this.isTLSKrb = "HTTPS_ONLY".equals(conf.get(DFS_HTTP_POLICY_KEY));
|
||||||
|
|
||||||
ugi = UserGroupInformation.getCurrentUser();
|
ugi = UserGroupInformation.getCurrentUser();
|
||||||
this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
|
this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
|
||||||
|
@ -699,6 +702,11 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
//redirect hostname and port
|
//redirect hostname and port
|
||||||
redirectHost = null;
|
redirectHost = null;
|
||||||
|
|
||||||
|
if (url.getProtocol().equals("http") &&
|
||||||
|
UserGroupInformation.isSecurityEnabled() &&
|
||||||
|
isTLSKrb) {
|
||||||
|
throw new IOException("Access denied: dfs.http.policy is HTTPS_ONLY.");
|
||||||
|
}
|
||||||
|
|
||||||
// resolve redirects for a DN operation unless already resolved
|
// resolve redirects for a DN operation unless already resolved
|
||||||
if (op.getRedirect() && !redirected) {
|
if (op.getRedirect() && !redirected) {
|
||||||
|
|
Loading…
Reference in New Issue