Merge -r 1173738:1173739 from trunk to branch. FIXES: HADOOP-7621

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.23@1294774 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2012-02-28 18:42:35 +00:00
parent ec24989240
commit ee11677f8a
6 changed files with 53 additions and 7 deletions

View File

@ -53,6 +53,9 @@ Release 0.23.3 - UNRELEASED
HADOOP-8085. Add RPC metrics to ProtobufRpcEngine. (Hari Mankude via HADOOP-8085. Add RPC metrics to ProtobufRpcEngine. (Hari Mankude via
suresh) suresh)
HADOOP-7621. alfredo config should be in a file not readable by users
(Alejandro Abdelnur via atm)
OPTIMIZATIONS OPTIMIZATIONS
BUG FIXES BUG FIXES

View File

@ -82,10 +82,12 @@
<code>36000</code>. <code>36000</code>.
</p> </p>
<p><code>hadoop.http.authentication.signature.secret</code>: The signature secret for <p><code>hadoop.http.authentication.signature.secret.file</code>: The signature secret
signing the authentication tokens. If not set a random secret is generated at file for signing the authentication tokens. If not set a random secret is generated at
startup time. The same secret should be used for all nodes in the cluster, JobTracker, startup time. The same secret should be used for all nodes in the cluster, JobTracker,
NameNode, DataNode and TastTracker. The default value is a <code>hadoop</code> value. NameNode, DataNode and TastTracker. The default value is
<code>${user.home}/hadoop-http-auth-signature-secret</code>.
IMPORTANT: This file should be readable only by the Unix user running the daemons.
</p> </p>
<p><code>hadoop.http.authentication.cookie.domain</code>: The domain to use for the HTTP <p><code>hadoop.http.authentication.cookie.domain</code>: The domain to use for the HTTP

View File

@ -22,6 +22,9 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.http.FilterContainer; import org.apache.hadoop.http.FilterContainer;
import org.apache.hadoop.http.FilterInitializer; import org.apache.hadoop.http.FilterInitializer;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -40,8 +43,10 @@ import java.util.Map;
*/ */
public class AuthenticationFilterInitializer extends FilterInitializer { public class AuthenticationFilterInitializer extends FilterInitializer {
private static final String PREFIX = "hadoop.http.authentication."; static final String PREFIX = "hadoop.http.authentication.";
static final String SIGNATURE_SECRET_FILE = AuthenticationFilter.SIGNATURE_SECRET + ".file";
/** /**
* Initializes hadoop-auth AuthenticationFilter. * Initializes hadoop-auth AuthenticationFilter.
* <p/> * <p/>
@ -67,6 +72,25 @@ public class AuthenticationFilterInitializer extends FilterInitializer {
} }
} }
String signatureSecretFile = filterConfig.get(SIGNATURE_SECRET_FILE);
if (signatureSecretFile == null) {
throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE);
}
try {
StringBuilder secret = new StringBuilder();
Reader reader = new FileReader(signatureSecretFile);
int c = reader.read();
while (c > -1) {
secret.append((char)c);
c = reader.read();
}
reader.close();
filterConfig.put(AuthenticationFilter.SIGNATURE_SECRET, secret.toString());
} catch (IOException ex) {
throw new RuntimeException("Could not read HTTP signature secret file: " + signatureSecretFile);
}
container.addFilter("authentication", container.addFilter("authentication",
AuthenticationFilter.class.getName(), AuthenticationFilter.class.getName(),
filterConfig); filterConfig);

View File

@ -801,8 +801,8 @@
</property> </property>
<property> <property>
<name>hadoop.http.authentication.signature.secret</name> <name>hadoop.http.authentication.signature.secret.file</name>
<value>hadoop</value> <value>${user.home}/hadoop-http-auth-signature-secret</value>
<description> <description>
The signature secret for signing the authentication tokens. The signature secret for signing the authentication tokens.
If not set a random secret is generated at startup time. If not set a random secret is generated at startup time.

View File

@ -25,14 +25,28 @@ import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock; import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer; import org.mockito.stubbing.Answer;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Map; import java.util.Map;
public class TestAuthenticationFilter extends TestCase { public class TestAuthenticationFilter extends TestCase {
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public void testConfiguration() { public void testConfiguration() throws Exception {
Configuration conf = new Configuration(); Configuration conf = new Configuration();
conf.set("hadoop.http.authentication.foo", "bar"); conf.set("hadoop.http.authentication.foo", "bar");
File testDir = new File(System.getProperty("test.build.data",
"target/test-dir"));
testDir.mkdirs();
File secretFile = new File(testDir, "http-secret.txt");
Writer writer = new FileWriter(new File(testDir, "http-secret.txt"));
writer.write("hadoop");
writer.close();
conf.set(AuthenticationFilterInitializer.PREFIX +
AuthenticationFilterInitializer.SIGNATURE_SECRET_FILE,
secretFile.getAbsolutePath());
FilterContainer container = Mockito.mock(FilterContainer.class); FilterContainer container = Mockito.mock(FilterContainer.class);
Mockito.doAnswer( Mockito.doAnswer(

View File

@ -47,6 +47,9 @@
<test.build.dir>${project.build.directory}/test-dir</test.build.dir> <test.build.dir>${project.build.directory}/test-dir</test.build.dir>
<test.build.data>${test.build.dir}</test.build.data> <test.build.data>${test.build.dir}</test.build.data>
<test.build.dir>${project.build.directory}/test-dir</test.build.dir>
<test.build.data>${test.build.dir}</test.build.data>
</properties> </properties>
<dependencyManagement> <dependencyManagement>