HADOOP-13503. Improve SaslRpcClient failure logging. Contributed by Xiaobing Zhou.
This commit is contained in:
parent
0f51eae0c0
commit
c5c3e81b49
|
@ -305,13 +305,16 @@ public class SaslRpcClient {
|
||||||
authType.getProtocol() + "/" + authType.getServerId(),
|
authType.getProtocol() + "/" + authType.getServerId(),
|
||||||
KerberosPrincipal.KRB_NT_SRV_HST).getName();
|
KerberosPrincipal.KRB_NT_SRV_HST).getName();
|
||||||
|
|
||||||
boolean isPrincipalValid = false;
|
|
||||||
|
|
||||||
// use the pattern if defined
|
// use the pattern if defined
|
||||||
String serverKeyPattern = conf.get(serverKey + ".pattern");
|
String serverKeyPattern = conf.get(serverKey + ".pattern");
|
||||||
if (serverKeyPattern != null && !serverKeyPattern.isEmpty()) {
|
if (serverKeyPattern != null && !serverKeyPattern.isEmpty()) {
|
||||||
Pattern pattern = GlobPattern.compile(serverKeyPattern);
|
Pattern pattern = GlobPattern.compile(serverKeyPattern);
|
||||||
isPrincipalValid = pattern.matcher(serverPrincipal).matches();
|
if (!pattern.matcher(serverPrincipal).matches()) {
|
||||||
|
throw new IllegalArgumentException(String.format(
|
||||||
|
"Server has invalid Kerberos principal: %s,"
|
||||||
|
+ " doesn't match the pattern: %s",
|
||||||
|
serverPrincipal, serverKeyPattern));
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
// check that the server advertised principal matches our conf
|
// check that the server advertised principal matches our conf
|
||||||
String confPrincipal = SecurityUtil.getServerPrincipal(
|
String confPrincipal = SecurityUtil.getServerPrincipal(
|
||||||
|
@ -330,11 +333,11 @@ public class SaslRpcClient {
|
||||||
"Kerberos principal name does NOT have the expected hostname part: "
|
"Kerberos principal name does NOT have the expected hostname part: "
|
||||||
+ confPrincipal);
|
+ confPrincipal);
|
||||||
}
|
}
|
||||||
isPrincipalValid = serverPrincipal.equals(confPrincipal);
|
if (!serverPrincipal.equals(confPrincipal)) {
|
||||||
|
throw new IllegalArgumentException(String.format(
|
||||||
|
"Server has invalid Kerberos principal: %s, expecting: %s",
|
||||||
|
serverPrincipal, confPrincipal));
|
||||||
}
|
}
|
||||||
if (!isPrincipalValid) {
|
|
||||||
throw new IllegalArgumentException(
|
|
||||||
"Server has invalid Kerberos principal: " + serverPrincipal);
|
|
||||||
}
|
}
|
||||||
return serverPrincipal;
|
return serverPrincipal;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue