SPNEGO TLS verification
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit 81d8a887b0
)
Conflicts:
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java
This commit is contained in:
parent
17109758dd
commit
e81002bcb1
|
@ -140,6 +140,7 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
+ "/v" + VERSION;
|
+ "/v" + VERSION;
|
||||||
public static final String EZ_HEADER = "X-Hadoop-Accept-EZ";
|
public static final String EZ_HEADER = "X-Hadoop-Accept-EZ";
|
||||||
public static final String FEFINFO_HEADER = "X-Hadoop-feInfo";
|
public static final String FEFINFO_HEADER = "X-Hadoop-feInfo";
|
||||||
|
public static final String DFS_HTTP_POLICY_KEY = "dfs.http.policy";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default connection factory may be overridden in tests to use smaller
|
* Default connection factory may be overridden in tests to use smaller
|
||||||
|
@ -169,6 +170,7 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
new ObjectMapper().reader(Map.class);
|
new ObjectMapper().reader(Map.class);
|
||||||
|
|
||||||
private DFSOpsCountStatistics storageStatistics;
|
private DFSOpsCountStatistics storageStatistics;
|
||||||
|
private boolean isTLSKrb;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the protocol scheme for the FileSystem.
|
* Return the protocol scheme for the FileSystem.
|
||||||
|
@ -231,6 +233,8 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
.newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf);
|
.newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
this.isTLSKrb = "HTTPS_ONLY".equals(conf.get(DFS_HTTP_POLICY_KEY));
|
||||||
|
|
||||||
ugi = UserGroupInformation.getCurrentUser();
|
ugi = UserGroupInformation.getCurrentUser();
|
||||||
this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
|
this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
|
||||||
this.nnAddrs = resolveNNAddr();
|
this.nnAddrs = resolveNNAddr();
|
||||||
|
@ -690,6 +694,11 @@ public class WebHdfsFileSystem extends FileSystem
|
||||||
//redirect hostname and port
|
//redirect hostname and port
|
||||||
redirectHost = null;
|
redirectHost = null;
|
||||||
|
|
||||||
|
if (url.getProtocol().equals("http") &&
|
||||||
|
UserGroupInformation.isSecurityEnabled() &&
|
||||||
|
isTLSKrb) {
|
||||||
|
throw new IOException("Access denied: dfs.http.policy is HTTPS_ONLY.");
|
||||||
|
}
|
||||||
|
|
||||||
// resolve redirects for a DN operation unless already resolved
|
// resolve redirects for a DN operation unless already resolved
|
||||||
if (op.getRedirect() && !redirected) {
|
if (op.getRedirect() && !redirected) {
|
||||||
|
|
Loading…
Reference in New Issue