HBASE-7915 Secure ThriftServer needs to login before calling HBaseHandler (Arpit)

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1449820 13f79535-47bb-0310-9956-ffa450edef68
2013-02-25 19:22:31 +00:00 · 2013-02-25 19:22:31 +00:00 · 646173a5c5
parent 4bfa3e27b7
commit 646173a5c5
2 changed files with 14 additions and 12 deletions
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
@ -31,9 +31,12 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.HBaseConfiguration;
+import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.thrift.ThriftServerRunner.ImplType;
 import org.apache.hadoop.hbase.util.InfoServer;
+import org.apache.hadoop.hbase.util.Strings;
 import org.apache.hadoop.hbase.util.VersionInfo;
+import org.apache.hadoop.net.DNS;
 import org.apache.hadoop.util.Shell.ExitCodeException;

 /**
@ -88,6 +91,16 @@ public class ThriftServer {
   */
   void doMain(final String[] args) throws Exception {
     processOptions(args);
+     
+     // login the server principal (if using secure Hadoop)
+     if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
+       String machineName = Strings.domainNamePointerToHostName(
+         DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"),
+           conf.get("hbase.thrift.dns.nameserver", "default")));
+       User.login(conf, "hbase.thrift.keytab.file",
+           "hbase.thrift.kerberos.principal", machineName);
+     }
+     
     serverRunner = new ThriftServerRunner(conf);

     // Put up info server.
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@ -67,7 +67,6 @@ import org.apache.hadoop.hbase.filter.Filter;
 import org.apache.hadoop.hbase.filter.ParseFilter;
 import org.apache.hadoop.hbase.filter.PrefixFilter;
 import org.apache.hadoop.hbase.filter.WhileMatchFilter;
-import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.thrift.CallQueue.Call;
 import org.apache.hadoop.hbase.thrift.generated.AlreadyExists;
 import org.apache.hadoop.hbase.thrift.generated.BatchMutation;
@ -81,10 +80,7 @@ import org.apache.hadoop.hbase.thrift.generated.TIncrement;
 import org.apache.hadoop.hbase.thrift.generated.TRegionInfo;
 import org.apache.hadoop.hbase.thrift.generated.TRowResult;
 import org.apache.hadoop.hbase.thrift.generated.TScan;
-import org.apache.hadoop.hbase.util.Addressing;
 import org.apache.hadoop.hbase.util.Bytes;
-import org.apache.hadoop.hbase.util.Strings;
-import org.apache.hadoop.net.DNS;
 import org.apache.thrift.TException;
 import org.apache.thrift.protocol.TBinaryProtocol;
 import org.apache.thrift.protocol.TCompactProtocol;
@ -368,14 +364,7 @@ public class ThriftServerRunner implements Runnable {
          tserver.getClass().getName());
    }

-    // login the server principal (if using secure Hadoop)
-    if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
-      String machineName = Strings.domainNamePointerToHostName(
-        DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"),
-          conf.get("hbase.thrift.dns.nameserver", "default")));
-      User.login(conf, "hbase.thrift.keytab.file",
-          "hbase.thrift.kerberos.principal", machineName);
-    }
+   

    registerFilters(conf);
  }