Merge -r 1173738:1173739 from trunk to branch. FIXES: HADOOP-7621
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.23@1294774 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ec24989240
commit
ee11677f8a
|
@ -53,6 +53,9 @@ Release 0.23.3 - UNRELEASED
|
||||||
HADOOP-8085. Add RPC metrics to ProtobufRpcEngine. (Hari Mankude via
|
HADOOP-8085. Add RPC metrics to ProtobufRpcEngine. (Hari Mankude via
|
||||||
suresh)
|
suresh)
|
||||||
|
|
||||||
|
HADOOP-7621. alfredo config should be in a file not readable by users
|
||||||
|
(Alejandro Abdelnur via atm)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
|
@ -82,10 +82,12 @@
|
||||||
<code>36000</code>.
|
<code>36000</code>.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p><code>hadoop.http.authentication.signature.secret</code>: The signature secret for
|
<p><code>hadoop.http.authentication.signature.secret.file</code>: The signature secret
|
||||||
signing the authentication tokens. If not set a random secret is generated at
|
file for signing the authentication tokens. If not set a random secret is generated at
|
||||||
startup time. The same secret should be used for all nodes in the cluster, JobTracker,
|
startup time. The same secret should be used for all nodes in the cluster, JobTracker,
|
||||||
NameNode, DataNode and TastTracker. The default value is a <code>hadoop</code> value.
|
NameNode, DataNode and TastTracker. The default value is
|
||||||
|
<code>${user.home}/hadoop-http-auth-signature-secret</code>.
|
||||||
|
IMPORTANT: This file should be readable only by the Unix user running the daemons.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p><code>hadoop.http.authentication.cookie.domain</code>: The domain to use for the HTTP
|
<p><code>hadoop.http.authentication.cookie.domain</code>: The domain to use for the HTTP
|
||||||
|
|
|
@ -22,6 +22,9 @@ import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.http.FilterContainer;
|
import org.apache.hadoop.http.FilterContainer;
|
||||||
import org.apache.hadoop.http.FilterInitializer;
|
import org.apache.hadoop.http.FilterInitializer;
|
||||||
|
|
||||||
|
import java.io.FileReader;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.Reader;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
@ -40,8 +43,10 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class AuthenticationFilterInitializer extends FilterInitializer {
|
public class AuthenticationFilterInitializer extends FilterInitializer {
|
||||||
|
|
||||||
private static final String PREFIX = "hadoop.http.authentication.";
|
static final String PREFIX = "hadoop.http.authentication.";
|
||||||
|
|
||||||
|
static final String SIGNATURE_SECRET_FILE = AuthenticationFilter.SIGNATURE_SECRET + ".file";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initializes hadoop-auth AuthenticationFilter.
|
* Initializes hadoop-auth AuthenticationFilter.
|
||||||
* <p/>
|
* <p/>
|
||||||
|
@ -67,6 +72,25 @@ public class AuthenticationFilterInitializer extends FilterInitializer {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String signatureSecretFile = filterConfig.get(SIGNATURE_SECRET_FILE);
|
||||||
|
if (signatureSecretFile == null) {
|
||||||
|
throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE);
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
StringBuilder secret = new StringBuilder();
|
||||||
|
Reader reader = new FileReader(signatureSecretFile);
|
||||||
|
int c = reader.read();
|
||||||
|
while (c > -1) {
|
||||||
|
secret.append((char)c);
|
||||||
|
c = reader.read();
|
||||||
|
}
|
||||||
|
reader.close();
|
||||||
|
filterConfig.put(AuthenticationFilter.SIGNATURE_SECRET, secret.toString());
|
||||||
|
} catch (IOException ex) {
|
||||||
|
throw new RuntimeException("Could not read HTTP signature secret file: " + signatureSecretFile);
|
||||||
|
}
|
||||||
|
|
||||||
container.addFilter("authentication",
|
container.addFilter("authentication",
|
||||||
AuthenticationFilter.class.getName(),
|
AuthenticationFilter.class.getName(),
|
||||||
filterConfig);
|
filterConfig);
|
||||||
|
|
|
@ -801,8 +801,8 @@
|
||||||
</property>
|
</property>
|
||||||
|
|
||||||
<property>
|
<property>
|
||||||
<name>hadoop.http.authentication.signature.secret</name>
|
<name>hadoop.http.authentication.signature.secret.file</name>
|
||||||
<value>hadoop</value>
|
<value>${user.home}/hadoop-http-auth-signature-secret</value>
|
||||||
<description>
|
<description>
|
||||||
The signature secret for signing the authentication tokens.
|
The signature secret for signing the authentication tokens.
|
||||||
If not set a random secret is generated at startup time.
|
If not set a random secret is generated at startup time.
|
||||||
|
|
|
@ -25,14 +25,28 @@ import org.mockito.Mockito;
|
||||||
import org.mockito.invocation.InvocationOnMock;
|
import org.mockito.invocation.InvocationOnMock;
|
||||||
import org.mockito.stubbing.Answer;
|
import org.mockito.stubbing.Answer;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileWriter;
|
||||||
|
import java.io.Writer;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
public class TestAuthenticationFilter extends TestCase {
|
public class TestAuthenticationFilter extends TestCase {
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public void testConfiguration() {
|
public void testConfiguration() throws Exception {
|
||||||
Configuration conf = new Configuration();
|
Configuration conf = new Configuration();
|
||||||
conf.set("hadoop.http.authentication.foo", "bar");
|
conf.set("hadoop.http.authentication.foo", "bar");
|
||||||
|
|
||||||
|
File testDir = new File(System.getProperty("test.build.data",
|
||||||
|
"target/test-dir"));
|
||||||
|
testDir.mkdirs();
|
||||||
|
File secretFile = new File(testDir, "http-secret.txt");
|
||||||
|
Writer writer = new FileWriter(new File(testDir, "http-secret.txt"));
|
||||||
|
writer.write("hadoop");
|
||||||
|
writer.close();
|
||||||
|
conf.set(AuthenticationFilterInitializer.PREFIX +
|
||||||
|
AuthenticationFilterInitializer.SIGNATURE_SECRET_FILE,
|
||||||
|
secretFile.getAbsolutePath());
|
||||||
|
|
||||||
FilterContainer container = Mockito.mock(FilterContainer.class);
|
FilterContainer container = Mockito.mock(FilterContainer.class);
|
||||||
Mockito.doAnswer(
|
Mockito.doAnswer(
|
||||||
|
|
|
@ -47,6 +47,9 @@
|
||||||
|
|
||||||
<test.build.dir>${project.build.directory}/test-dir</test.build.dir>
|
<test.build.dir>${project.build.directory}/test-dir</test.build.dir>
|
||||||
<test.build.data>${test.build.dir}</test.build.data>
|
<test.build.data>${test.build.dir}</test.build.data>
|
||||||
|
|
||||||
|
<test.build.dir>${project.build.directory}/test-dir</test.build.dir>
|
||||||
|
<test.build.data>${test.build.dir}</test.build.data>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
|
|
Loading…
Reference in New Issue