From 8c47f899323125da516eb615edaa76a0a27726bc Mon Sep 17 00:00:00 2001
From: Zhihong Yu <tedyu@apache.org>
Date: Fri, 11 Oct 2013 03:13:15 +0000
Subject: [PATCH] HBASE-9706 Improve detection of secure ZooKeeper

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1531178 13f79535-47bb-0310-9956-ffa450edef68
---
 .../apache/hadoop/hbase/zookeeper/ZKUtil.java | 16 ++++++++++-----
 .../hbase/zookeeper/TestZooKeeperACL.java     | 20 +++++++++++++++++++
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
index ea62e41de51..cd83afd3fbb 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
@@ -937,11 +937,17 @@ public class ZKUtil {
    * <code>kerberos</code>.
    */
   public static boolean isSecureZooKeeper(Configuration conf) {
-    // hbase shell need to use:
-    //    -Djava.security.auth.login.config=user-jaas.conf
-    // since each user has a different jaas.conf
-    if (System.getProperty("java.security.auth.login.config") != null)
-      return true;
+    // Detection for embedded HBase client with jaas configuration
+    // defined for third party programs.
+    try {
+      javax.security.auth.login.Configuration testConfig = javax.security.auth.login.Configuration.getConfiguration();
+      if(testConfig.getAppConfigurationEntry("Client") == null) {
+        return false;
+      }
+    } catch(Exception e) {
+      // No Jaas configuration defined.
+      return false;
+    }
 
     // Master & RSs uses hbase.zookeeper.client.*
     return("kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")) &&
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
index fd94f72c35f..6c770bdc86a 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZooKeeperACL.java
@@ -264,5 +264,25 @@ public class TestZooKeeperACL {
     assertEquals(acls.get(0).getPerms(), ZooDefs.Perms.ALL);
   }
 
+  /**
+   * Check if ZooKeeper JaasConfiguration is valid.
+   */
+  @Test
+  public void testIsZooKeeperSecure() throws Exception {
+    boolean testJaasConfig = ZKUtil.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));
+    assertEquals(testJaasConfig, secureZKAvailable);
+    // Define Jaas configuration without ZooKeeper Jaas config
+    File saslConfFile = File.createTempFile("tmp", "fakeJaas.conf");
+    FileWriter fwriter = new FileWriter(saslConfFile);
+
+    fwriter.write("");
+    fwriter.close();
+    System.setProperty("java.security.auth.login.config",
+        saslConfFile.getAbsolutePath());
+
+    testJaasConfig = ZKUtil.isSecureZooKeeper(new Configuration(TEST_UTIL.getConfiguration()));
+    assertEquals(testJaasConfig, false);
+    saslConfFile.delete();
+  }
 }