HADOOP-13503. Improve SaslRpcClient failure logging. Contributed by Xiaobing Zhou.

This commit is contained in:
Jing Zhao 2016-08-18 14:55:26 -07:00
parent 0f51eae0c0
commit c5c3e81b49
1 changed files with 11 additions and 8 deletions

View File

@ -305,13 +305,16 @@ public class SaslRpcClient {
authType.getProtocol() + "/" + authType.getServerId(), authType.getProtocol() + "/" + authType.getServerId(),
KerberosPrincipal.KRB_NT_SRV_HST).getName(); KerberosPrincipal.KRB_NT_SRV_HST).getName();
boolean isPrincipalValid = false;
// use the pattern if defined // use the pattern if defined
String serverKeyPattern = conf.get(serverKey + ".pattern"); String serverKeyPattern = conf.get(serverKey + ".pattern");
if (serverKeyPattern != null && !serverKeyPattern.isEmpty()) { if (serverKeyPattern != null && !serverKeyPattern.isEmpty()) {
Pattern pattern = GlobPattern.compile(serverKeyPattern); Pattern pattern = GlobPattern.compile(serverKeyPattern);
isPrincipalValid = pattern.matcher(serverPrincipal).matches(); if (!pattern.matcher(serverPrincipal).matches()) {
throw new IllegalArgumentException(String.format(
"Server has invalid Kerberos principal: %s,"
+ " doesn't match the pattern: %s",
serverPrincipal, serverKeyPattern));
}
} else { } else {
// check that the server advertised principal matches our conf // check that the server advertised principal matches our conf
String confPrincipal = SecurityUtil.getServerPrincipal( String confPrincipal = SecurityUtil.getServerPrincipal(
@ -330,11 +333,11 @@ public class SaslRpcClient {
"Kerberos principal name does NOT have the expected hostname part: " "Kerberos principal name does NOT have the expected hostname part: "
+ confPrincipal); + confPrincipal);
} }
isPrincipalValid = serverPrincipal.equals(confPrincipal); if (!serverPrincipal.equals(confPrincipal)) {
} throw new IllegalArgumentException(String.format(
if (!isPrincipalValid) { "Server has invalid Kerberos principal: %s, expecting: %s",
throw new IllegalArgumentException( serverPrincipal, confPrincipal));
"Server has invalid Kerberos principal: " + serverPrincipal); }
} }
return serverPrincipal; return serverPrincipal;
} }