HADOOP-8878. Merge change 1396922 from trunk
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1396923 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
93a18b3cd6
commit
b14cec5cc1
|
@ -232,7 +232,8 @@ public class KerberosAuthenticator implements Authenticator {
|
||||||
GSSContext gssContext = null;
|
GSSContext gssContext = null;
|
||||||
try {
|
try {
|
||||||
GSSManager gssManager = GSSManager.getInstance();
|
GSSManager gssManager = GSSManager.getInstance();
|
||||||
String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
|
String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
|
||||||
|
KerberosAuthenticator.this.url.getHost());
|
||||||
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
|
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
|
||||||
GSSName serviceName = gssManager.createName(servicePrincipal,
|
GSSName serviceName = gssManager.createName(servicePrincipal,
|
||||||
oid);
|
oid);
|
||||||
|
|
|
@ -20,6 +20,9 @@ package org.apache.hadoop.security.authentication.util;
|
||||||
import java.lang.reflect.Field;
|
import java.lang.reflect.Field;
|
||||||
import java.lang.reflect.InvocationTargetException;
|
import java.lang.reflect.InvocationTargetException;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.net.UnknownHostException;
|
||||||
|
import java.util.Locale;
|
||||||
|
|
||||||
import org.ietf.jgss.GSSException;
|
import org.ietf.jgss.GSSException;
|
||||||
import org.ietf.jgss.Oid;
|
import org.ietf.jgss.Oid;
|
||||||
|
@ -65,4 +68,33 @@ public class KerberosUtil {
|
||||||
new Class[0]);
|
new Class[0]);
|
||||||
return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
|
return (String)getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Return fqdn of the current host */
|
||||||
|
static String getLocalHostName() throws UnknownHostException {
|
||||||
|
return InetAddress.getLocalHost().getCanonicalHostName();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create Kerberos principal for a given service and hostname. It converts
|
||||||
|
* hostname to lower case. If hostname is null or "0.0.0.0", it uses
|
||||||
|
* dynamically looked-up fqdn of the current host instead.
|
||||||
|
*
|
||||||
|
* @param service
|
||||||
|
* Service for which you want to generate the principal.
|
||||||
|
* @param hostname
|
||||||
|
* Fully-qualified domain name.
|
||||||
|
* @return Converted Kerberos principal name.
|
||||||
|
* @throws UnknownHostException
|
||||||
|
* If no IP address for the local host could be found.
|
||||||
|
*/
|
||||||
|
public static final String getServicePrincipal(String service, String hostname)
|
||||||
|
throws UnknownHostException {
|
||||||
|
String fqdn = hostname;
|
||||||
|
if (null == fqdn || fqdn.equals("") || fqdn.equals("0.0.0.0")) {
|
||||||
|
fqdn = getLocalHostName();
|
||||||
|
}
|
||||||
|
// convert hostname to lowercase as kerberos does not work with hostnames
|
||||||
|
// with uppercase characters.
|
||||||
|
return service + "/" + fqdn.toLowerCase(Locale.US);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,55 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
* contributor license agreements. See the NOTICE file distributed with this
|
||||||
|
* work for additional information regarding copyright ownership. The ASF
|
||||||
|
* licenses this file to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
package org.apache.hadoop.security.authentication.util;
|
||||||
|
|
||||||
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import org.apache.hadoop.security.authentication.util.KerberosUtil;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
public class TestKerberosUtil {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetServerPrincipal() throws IOException {
|
||||||
|
String service = "TestKerberosUtil";
|
||||||
|
String localHostname = KerberosUtil.getLocalHostName();
|
||||||
|
String testHost = "FooBar";
|
||||||
|
|
||||||
|
// send null hostname
|
||||||
|
assertEquals("When no hostname is sent",
|
||||||
|
service + "/" + localHostname.toLowerCase(),
|
||||||
|
KerberosUtil.getServicePrincipal(service, null));
|
||||||
|
// send empty hostname
|
||||||
|
assertEquals("When empty hostname is sent",
|
||||||
|
service + "/" + localHostname.toLowerCase(),
|
||||||
|
KerberosUtil.getServicePrincipal(service, ""));
|
||||||
|
// send 0.0.0.0 hostname
|
||||||
|
assertEquals("When 0.0.0.0 hostname is sent",
|
||||||
|
service + "/" + localHostname.toLowerCase(),
|
||||||
|
KerberosUtil.getServicePrincipal(service, "0.0.0.0"));
|
||||||
|
// send uppercase hostname
|
||||||
|
assertEquals("When uppercase hostname is sent",
|
||||||
|
service + "/" + testHost.toLowerCase(),
|
||||||
|
KerberosUtil.getServicePrincipal(service, testHost));
|
||||||
|
// send lowercase hostname
|
||||||
|
assertEquals("When lowercase hostname is sent",
|
||||||
|
service + "/" + testHost.toLowerCase(),
|
||||||
|
KerberosUtil.getServicePrincipal(service, testHost.toLowerCase()));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue