HBASE-9706 Improve detection of secure ZooKeeper

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1531178 13f79535-47bb-0310-9956-ffa450edef68
2013-10-11 03:13:15 +00:00 · 2013-10-11 03:13:15 +00:00 · 8c47f89932
parent 190313a6ac
commit 8c47f89932
2 changed files with 31 additions and 5 deletions
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
@ -937,11 +937,17 @@ public class ZKUtil {
   * <code>kerberos</code>.
   */
  public static boolean isSecureZooKeeper(Configuration conf) {
-    // hbase shell need to use:
-    //    -Djava.security.auth.login.config=user-jaas.conf
-    // since each user has a different jaas.conf
-    if (System.getProperty("java.security.auth.login.config") != null)
-      return true;
+    // Detection for embedded HBase client with jaas configuration
+    // defined for third party programs.
+    try {
+      javax.security.auth.login.Configuration testConfig = javax.security.auth.login.Configuration.getConfiguration();
+      if(testConfig.getAppConfigurationEntry("Client") == null) {
+        return false;
+      }
+    } catch(Exception e) {
+      // No Jaas configuration defined.
+      return false;
+    }

    // Master & RSs uses hbase.zookeeper.client.*
    return("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")) &&
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
@ -264,5 +264,25 @@ public class TestZooKeeperACL {
    assertEquals(acls.get(0).getPerms(), ZooDefs.Perms.ALL);
  }

+  /**
+   * Check if ZooKeeper JaasConfiguration is valid.
+   */
+  @Test
+  public void testIsZooKeeperSecure() throws Exception {
+    boolean testJaasConfig = ZKUtil.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));
+    assertEquals(testJaasConfig, secureZKAvailable);
+    // Define Jaas configuration without ZooKeeper Jaas config
+    File saslConfFile = File.createTempFile("tmp", "fakeJaas.conf");
+    FileWriter fwriter = new FileWriter(saslConfFile);
+
+    fwriter.write("");
+    fwriter.close();
+    System.setProperty("java.security.auth.login.config",
+        saslConfFile.getAbsolutePath());
+
+    testJaasConfig = ZKUtil.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));
+    assertEquals(testJaasConfig, false);
+    saslConfFile.delete();
+  }
 }