Commit Graph

184 Commits

Author SHA1 Message Date
Daniel Templeton 4dd6206547 HADOOP-14246. Authentication Tokens should use SecureRandom instead of Random and 256 bit secrets
(Conttributed by Robert Konter via Daniel Templeton)
2017-04-12 11:17:31 -07:00
Andrew Wang 5d8b80ea9b Preparing for 3.0.0-alpha3 development 2017-01-19 15:50:07 -08:00
Xiao Chen 5d182949ba HADOOP-13597. Switch KMS from Tomcat to Jetty. Contributed by John Zhuge. 2017-01-05 17:21:57 -08:00
Xiaoyu Yao f5e0bd30fd HADOOP-13890. Maintain HTTP/host as SPNEGO SPN support and fix KerberosName parsing. Contributed by Xiaoyu Yao. 2016-12-14 13:45:21 -08:00
Xiaoyu Yao 4c38f11cec HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao. 2016-12-09 21:27:04 -08:00
Andrew Wang 7b988e8899 HADOOP-13861. Spelling errors in logging and exceptions for code. Contributed by Grant Sohn. 2016-12-05 23:18:18 -08:00
Akira Ajisaka 209e805430 HADOOP-13506. Redundant groupid warning in child projects. Contributed by Kai Sasaki. 2016-11-28 14:34:57 +09:00
Xiaoyu Yao 95665a6eea Revert "HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao."
This reverts commit 9097e2efe4.
2016-11-04 16:02:47 -07:00
Robert Kanter 5877f20f9c HADOOP-10075. Update jetty dependency to version 9 (rkanter) 2016-10-27 16:09:00 -07:00
Benoy Antony 4bca385241 HADOOP-12082 Support multiple authentication schemes via AuthenticationFilter 2016-10-18 18:32:01 -07:00
Akira Ajisaka 5a5a724731 HADOOP-13417. Fix javac and checkstyle warnings in hadoop-auth package. 2016-10-14 14:45:55 +09:00
Xiaoyu Yao 9097e2efe4 HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao. 2016-10-13 10:52:28 -07:00
Robert Kanter c183b9de8d HADOOP-12611. TestZKSignerSecretProvider#testMultipleInit occasionally fail (ebadger via rkanter) 2016-10-07 09:33:31 -07:00
Wei-Chiu Chuang f6f3a447bf HADOOP-13580. If user is unauthorized, log "unauthorized" instead of "Invalid signed text:". Contributed by Wei-Chiu Chuang. 2016-09-16 14:53:30 -07:00
Chris Nauroth 255ea45e50 HADOOP-13422. ZKDelegationTokenSecretManager JaasConfig does not work well with other ZK users in process. Contributed by Sergey Shelukhin. 2016-07-26 15:33:20 -07:00
Andrew Wang da456ffd62 Preparing for 3.0.0-alpha2 development 2016-07-15 19:04:17 -07:00
Allen Wittenauer be38e530bb HADOOP-9888. KerberosName static initialization gets default realm, which is unneeded in non-secure deployment. (Dmytro Kabakchei via aw) 2016-06-28 07:22:51 -07:00
Akira Ajisaka 8a1dccecce HADOOP-13213. Small Documentation bug with AuthenticatedURL in hadoop-auth. Contributed by Tom Ellis.
This closes #97.
2016-06-11 03:32:21 +09:00
Kai Zheng 723432b338 HADOOP-13220. Follow on fixups after upgraded mini-kdc using Kerby. Contributed by Jiajia Li 2016-06-09 15:56:12 +08:00
Kai Zheng 916140604f HADOOP-12911. Upgrade Hadoop MiniKDC with Kerby. Contributed by Jiajia Li 2016-05-28 14:23:39 +08:00
Andrew Wang 3c5c57af28 HADOOP-13142. Change project version from 3.0.0 to 3.0.0-alpha1. 2016-05-12 18:27:28 -07:00
Andrew Wang ca5613af91 Revert "Update project version to 3.0.0-alpha1-SNAPSHOT."
This reverts commit 6b53802cba.
2016-05-12 15:32:45 -07:00
Andrew Wang 6b53802cba Update project version to 3.0.0-alpha1-SNAPSHOT. 2016-05-12 11:05:05 -07:00
Steve Loughran 829a2e4d27 HADOOP-12751. While using kerberos Hadoop incorrectly assumes names with '@' to be non-simple. (Bolke de Bruin via stevel). 2016-05-10 21:32:57 +01:00
Steve Loughran 4feed9b2db HADOOP-13026 Should not wrap IOExceptions into a AuthenticationException in KerberosAuthenticator. Xuan Gong via stevel 2016-04-15 17:44:12 +01:00
Andrew Wang 594c70f779 HADOOP-12951. Improve documentation on KMS ACLs and delegation tokens. Contributed by Xiao Chen. 2016-04-07 23:50:27 -07:00
Akira Ajisaka acca149ec9 HADOOP-12902. JavaDocs for SignerSecretProvider are out-of-date in AuthenticationFilter. Contributed by Gabor Liptak. 2016-03-31 16:04:47 +09:00
Benoy Antony e7ed05e4f5 HADOOP-12929. JWTRedirectAuthenticationHandler must accommodate null expiration time. Contributed by Larry McCay. 2016-03-21 13:19:43 -07:00
Li Lu 9a79b738c5 HADOOP-12906. AuthenticatedURL should convert a 404/Not Found into an FileNotFoundException. (Steve Loughran via gtcarrera9) 2016-03-10 11:38:31 -08:00
Zhe Zhang 3e8099a45a HDFS-9888. Allow reseting KerberosName in unit tests. Contributed by Xiao Chen. 2016-03-04 09:48:05 -08:00
Masatake Iwasaki cbd31328a6 HADOOP-12470. In-page TOC of documentation should be automatically generated by doxia macro (iwasakims) 2016-03-04 14:11:36 +09:00
cnauroth d6b181c6fa HADOOP-12716. KerberosAuthenticator#doSpnegoSequence use incorrect class to determine isKeyTab in JDK8. Contributed by Xiaoyu Yao. 2016-02-24 13:55:39 -08:00
Akira Ajisaka 736eb17a79 HADOOP-12731. Remove useless boxing/unboxing code. Contributed by Kousuke Saruta. 2016-01-25 13:47:29 +09:00
Benoy Antony dec8dfdfa6 HADOOP-12587. Hadoop AuthToken refuses to work without a maxinactive attribute in issued token. (Benoy Antony) 2016-01-09 13:41:18 -08:00
mattf ada9c2c410 HADOOP-12617. SPNEGO authentication request to non-default realm gets default realm name inserted in target server principal. (mattf) 2015-12-08 17:27:50 -08:00
Haohui Mai 5f688453df HADOOP-12181. Fix intermittent test failure of TestZKSignerSecretProvider. Contributed by Masatake Iwasaki. 2015-11-22 16:56:15 -08:00
Steve Loughran bafeb6c7bc HADOOP-11628. SPNEGO auth does not work with CNAMEs in JDK8. (Daryn Sharp via stevel). 2015-10-18 11:45:41 +01:00
cnauroth a121fa1d39 HADOOP-12481. JWTRedirectAuthenticationHandler doesn't Retain Original Query String. Contributed by Larry McCay. 2015-10-15 16:44:59 -07:00
Steve Loughran 7269906254 HADOOP-12087. [JDK8] Fix javadoc errors caused by incorrect or illegal tags. (Akira AJISAKA via stevel). 2015-09-13 14:25:26 +01:00
Xiaoyu Yao caa636bf10 HADOOP-12347. Fix mismatch parameter name in javadocs of AuthToken#setMaxInactives. Contributed by Xiaoyu Yao 2015-08-21 16:32:57 -07:00
Benoy Antony 71aedfabf3 hadoop-12050. Enable MaxInactiveInterval for hadoop http auth token. Contributed by Huizhi Lu. 2015-08-18 13:43:34 -07:00
Benoy Antony a815cc157c HADOOP-12049. Control http authentication cookie persistence via configuration. Contributed by Huizhi Lu. 2015-06-24 15:59:39 -07:00
Andrew Wang 990078b927 HADOOP-12037. Fix wrong classname in example configuration of hadoop-auth documentation. Contributed by Masatake Iwasaki. 2015-06-01 18:04:52 -07:00
Akira Ajisaka b9cebfc0ba HADOOP-11663. Remove description about Java 6 from docs. Contributed by Masatake Iwasaki. 2015-05-12 00:30:59 +09:00
Robert Kanter 9fec02c069 HADOOP-11870. [JDK8] AuthenticationFilter, CertificateUtil, SignerSecretProviders, KeyAuthorizationKeyProvider Javadoc issues (rkanter) 2015-04-27 13:25:11 -07:00
Steve Loughran 08d4386162 HADOOP-11864. JWTRedirectAuthenticationHandler breaks java8 javadocs. (Larry McCay via stevel) 2015-04-23 09:06:22 +01:00
Jason Lowe 0ebe84d30a HADOOP-11868. Invalid user logins trigger large backtraces in server log. Contributed by Chang Li 2015-04-22 20:56:29 +00:00
Jakob Homan e54a3e1f4f HADOOP-11850: Typos in hadoop-common java docs. Contributed by Surendra Singh Lilhore. 2015-04-22 13:48:16 -07:00
Jitendra Pandey 1f4767c7f2 HADOOP-11859. PseudoAuthenticationHandler fails with httpcomponents v4.4. Contributed by Eugene Koifman. 2015-04-22 10:00:14 -07:00
Steve Loughran 2c14690368 HADOOP-11846 TestCertificateUtil.testCorruptPEM failing on Jenkins JDK8. (Larry McCay via stevel) 2015-04-21 22:38:41 +01:00
Haohui Mai c6b5203cfd HADOOP-11837. AuthenticationFilter should destroy SignerSecretProvider in Tomcat deployments. Contributed by Bowen Zhang. 2015-04-17 10:59:47 -07:00
Owen O'Malley ce63573314 HADOOP-11717. Support JWT tokens for web single sign on to the Hadoop
servers. (Larry McCay via omalley)
2015-04-07 08:09:41 -07:00
Haohui Mai 90e07d55ac HADOOP-11754. RM fails to start in non-secure mode due to authentication filter failure. Contributed by Haohui Mai. 2015-03-30 11:44:22 -07:00
Haohui Mai 82fa3adfd8 HADOOP-11761. Fix findbugs warnings in org.apache.hadoop.security.authentication. Contributed by Li Lu. 2015-03-30 11:08:54 -07:00
Haohui Mai 47782cbf4a HADOOP-11748. The secrets of auth cookies should not be specified in configuration in clear text. Contributed by Li Lu and Haohui Mai. 2015-03-26 17:35:37 -07:00
Haohui Mai 3807884263 Addendum for HADOOP-10670. 2015-03-25 12:29:54 -07:00
Haohui Mai e4b8d9e72d HADOOP-10670. Allow AuthenticationFilters to load secret from signature secret files. Contributed by Kai Zheng. 2015-03-25 11:12:42 -07:00
Tsuyoshi Ozawa d1c6accb6f HADOOP-11602. Fix toUpperCase/toLowerCase to use Locale.ENGLISH. (ozawa) 2015-03-03 14:17:52 +09:00
Allen Wittenauer b01d3433ae HADOOP-10774. Update KerberosTestUtils for hadoop-auth tests when using IBM Java (sangamesh via aw) 2015-02-28 23:22:06 -08:00
Tsuyoshi Ozawa 9cedad11d8 Revert "HADOOP-11602. Fix toUpperCase/toLowerCase to use Locale.ENGLISH. (ozawa)"
This reverts commit 946456c6d8.

Conflicts:
	hadoop-common-project/hadoop-common/CHANGES.txt
	hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/QuotaByStorageTypeEntry.java
2015-02-25 00:32:04 +09:00
Tsuyoshi Ozawa 946456c6d8 HADOOP-11602. Fix toUpperCase/toLowerCase to use Locale.ENGLISH. (ozawa) 2015-02-19 13:06:53 +09:00
Allen Wittenauer b6fc1f3e43 HADOOP-11593. Convert site documentation from apt to markdown (stragglers) (Masatake Iwasaki via aw) 2015-02-17 21:30:24 -10:00
Robert Kanter 875256834b HADOOP-11467. KerberosAuthenticator can connect to a non-secure cluster. (yzhangal via rkanter) 2015-02-13 14:01:46 -08:00
Haohui Mai 6df457a3d7 HADOOP-11379. Fix new findbugs warnings in hadoop-auth*. Contributed by Li Lu. 2014-12-09 13:08:51 -08:00
Steve Loughran f71eb51ab8 HADOOP-10134 [JDK8] Fix Javadoc errors caused by incorrect or illegal tags in doc comments. 2014-12-09 11:15:35 +00:00
Aaron T. Myers 9d1a8f5897 HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if kerberos TGT is available in the subject. Contributed by Dian Fu. 2014-12-03 18:53:45 -08:00
Aaron T. Myers ef5af4f8de HADOOP-11187 NameNode - KMS communication fails after a long period of inactivity. Contributed by Arun Suresh. 2014-11-05 18:17:49 -08:00
Aaron T. Myers 8a261e68e4 HADOOP-11272. Allow ZKSignerSecretProvider and ZKDelegationTokenSecretManager to use the same curator client. Contributed by Arun Suresh. 2014-11-05 17:47:22 -08:00
cnauroth 5c900b522e HADOOP-11068. Match hadoop.auth cookie format to jetty output. Contributed by Gregory Chanan. 2014-10-29 11:18:44 -07:00
Andrew Wang 2d8e6e2c4a HADOOP-11151. Automatically refresh auth token and retry on auth failure. Contributed by Arun Suresh. 2014-10-02 19:54:57 -07:00
Alejandro Abdelnur db890eef32 HADOOP-11017. KMS delegation token secret manager should be able to use zookeeper as store. (asuresh via tucu) 2014-09-20 08:21:44 -07:00
Alejandro Abdelnur 7e08c0f23f HADOOP-10868. Addendum 2014-09-15 19:39:27 -07:00
Alejandro Abdelnur 932ae036ac HADOOP-10868. AuthenticationFilter should support externalizing the secret for signing and provide rotation support. (rkanter via tucu) 2014-09-15 17:05:42 -07:00
Alejandro Abdelnur 156e6a4f8a HADOOP-10911. hadoop.auth cookie after HADOOP-10710 still not proper according to RFC2109. (gchanan via tucu) 2014-08-29 11:23:23 -07:00
Alejandro Abdelnur 6d7a6766bd HADOOP-10835. Implement HTTP proxyuser support in HTTP authentication client/server libraries. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1617384 13f79535-47bb-0310-9956-ffa450edef68
2014-08-12 00:10:15 +00:00
Alejandro Abdelnur be9c67930b HADOOP-10771. Refactor HTTP delegation support out of httpfs to common, PART 2. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1616672 13f79535-47bb-0310-9956-ffa450edef68
2014-08-08 04:58:58 +00:00
Alejandro Abdelnur 2d7dcff6f4 HADOOP-10791. AuthenticationFilter should support externalizing the secret for signing and provide rotation support. (rkanter via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1616005 13f79535-47bb-0310-9956-ffa450edef68
2014-08-05 21:21:03 +00:00
Vinod Kumar Vavilapalli 030580387a YARN-2233. Implemented ResourceManager web-services to create, renew and cancel delegation tokens. Contributed by Varun Vasudev.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1610876 13f79535-47bb-0310-9956-ffa450edef68
2014-07-15 23:00:17 +00:00
Alejandro Abdelnur 4ac6e1d895 HADOOP-10710. hadoop.auth cookie is not properly constructed according to RFC2109. (Juan Yu via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1606923 13f79535-47bb-0310-9956-ffa450edef68
2014-06-30 20:41:13 +00:00
Vinayakumar B 22b9a60964 HADOOP-10665. Make Hadoop Authentication Handler loads case in-sensitive (Contributed by Benoy Antony)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1605049 13f79535-47bb-0310-9956-ffa450edef68
2014-06-24 10:31:07 +00:00
Alejandro Abdelnur cebf3c6eec HADOOP-10711. Cleanup some extra dependencies from hadoop-auth. (rkanter via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1603643 13f79535-47bb-0310-9956-ffa450edef68
2014-06-18 21:47:40 +00:00
Haohui Mai 22cbcd16cb HADOOP-10717. Revert r1603571.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1603620 13f79535-47bb-0310-9956-ffa450edef68
2014-06-18 20:37:25 +00:00
Steve Loughran bae5837d3b HADOOP-10717. Missing JSP support in Jetty
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1603534 13f79535-47bb-0310-9956-ffa450edef68
2014-06-18 17:08:45 +00:00
Chris Nauroth c04a4b4227 HADOOP-10702. KerberosAuthenticationHandler does not log the principal names correctly. Contributed by Benoy Antony.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1603023 13f79535-47bb-0310-9956-ffa450edef68
2014-06-16 23:09:30 +00:00
Chris Nauroth 806f4d11f2 HADOOP-10602. Documentation has broken "Go Back" hyperlinks. Contributed by Akira AJISAKA.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1598337 13f79535-47bb-0310-9956-ffa450edef68
2014-05-29 17:26:50 +00:00
Kihwal Lee 47f03bc9fe HADOOP-10158. SPNEGO should work with multiple interfaces/SPNs. Contributed by Daryn Sharp.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1593362 13f79535-47bb-0310-9956-ffa450edef68
2014-05-08 18:26:58 +00:00
Alejandro Abdelnur dca7350a36 HADOOP-10566. Add toLowerCase support to auth_to_local rules for service name. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1593105 13f79535-47bb-0310-9956-ffa450edef68
2014-05-07 18:20:11 +00:00
Kihwal Lee 295b58bb99 HADOOP-10322. Add ability to read principal names from a keytab. Contributed by Benoy Antony and Daryn Sharp.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1590637 13f79535-47bb-0310-9956-ffa450edef68
2014-04-28 13:53:27 +00:00
Jing Zhao 3c4d44d4ce HADOOP-10301. AuthenticationFilter should return Forbidden for failed authentication. Contributed by Daryn Sharp.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1582883 13f79535-47bb-0310-9956-ffa450edef68
2014-03-28 21:20:13 +00:00
Arpit Agarwal 109e88bf17 HADOOP-10394. TestAuthenticationFilter is flaky. (Arpit Agarwal)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1576145 13f79535-47bb-0310-9956-ffa450edef68
2014-03-11 00:02:14 +00:00
Tsz-wo Sze b7428fe63d HADOOP-10393. Fix the javac warnings in hadoop-auth.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1575470 13f79535-47bb-0310-9956-ffa450edef68
2014-03-08 02:16:01 +00:00
Haohui Mai 95ebf9ecc4 HADOOP-10379. Protect authentication cookies with the HttpOnly and Secure flags. Contributed by Haohui Mai.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1574283 13f79535-47bb-0310-9956-ffa450edef68
2014-03-05 01:48:42 +00:00
Arpit Agarwal e9f7f3624a HADOOP-9982. Fix dead links in hadoop site docs. (Contributed by Akira Ajisaka)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1561813 13f79535-47bb-0310-9956-ffa450edef68
2014-01-27 19:51:08 +00:00
Alejandro Abdelnur fb2406a635 HADOOP-10193. hadoop-auth's PseudoAuthenticationHandler can consume getInputStream. (gchanan via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1555955 13f79535-47bb-0310-9956-ffa450edef68
2014-01-06 18:11:38 +00:00
Jing Zhao 3cae2ba63f HDFS-3987. Support webhdfs over HTTPS. Contributed by Haohui Mai.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1543962 13f79535-47bb-0310-9956-ffa450edef68
2013-11-20 21:51:58 +00:00
Arpit Agarwal 9bb905115d HADOOP-10110. hadoop-auth has a build break due to missing dependency. (Contributed by Chuan Liu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1543190 13f79535-47bb-0310-9956-ffa450edef68
2013-11-18 22:11:11 +00:00
Alejandro Abdelnur c02629f585 HADOOP-10078. KerberosAuthenticator always does SPNEGO. (rkanter via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1541720 13f79535-47bb-0310-9956-ffa450edef68
2013-11-13 21:11:35 +00:00
Alejandro Abdelnur ffdedf6b8b HADOOP-9866. convert hadoop-auth testcases requiring kerberos to use minikdc. (ywskycn via tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1515657 13f79535-47bb-0310-9956-ffa450edef68
2013-08-19 23:02:24 +00:00
Luke Lu 228742acad HADOOP-9446. Support Kerberos SPNEGO for IBM JDK. (Yu Gao via llu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1513687 13f79535-47bb-0310-9956-ffa450edef68
2013-08-13 23:12:20 +00:00
Suresh Srinivas 146ccd7b06 HADOOP-9553. TestAuthenticationToken fails on Windows. Contributed by Arpit Agarwal.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1480883 13f79535-47bb-0310-9956-ffa450edef68
2013-05-10 05:52:39 +00:00