Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-7357 Use hbase.security.authentication for HBaseClient / HBaseServer negotiation 

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1422185 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Gary Helmling 2012-12-15 04:06:35 +00:00
parent 270eb19039
commit 9e9e1ab97d
4 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
View File

@ -349,7 +349,7 @@ public class HBaseClient {
UserGroupInformation ticket = remoteId.getTicket().getUGI();
Class<?> protocol = remoteId.getProtocol();
this.useSasl = UserGroupInformation.isSecurityEnabled();
this.useSasl = User.isHBaseSecurityEnabled(conf);
if (useSasl && protocol != null) {
TokenInfo tokenInfo = protocol.getAnnotation(TokenInfo.class);
if (tokenInfo != null) {

4
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
View File

@ -124,7 +124,7 @@ import org.cloudera.htrace.Trace;
@InterfaceAudience.Private
public abstract class HBaseServer implements RpcServer {
private final boolean authorize;
private boolean isSecurityEnabled;
protected boolean isSecurityEnabled;
/**
* The first four bytes of Hadoop RPC connections
*/
@ -1929,7 +1929,7 @@ public abstract class HBaseServer implements RpcServer {
responder = new Responder();
this.authorize =
conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false);
this.isSecurityEnabled = UserGroupInformation.isSecurityEnabled();
this.isSecurityEnabled = User.isHBaseSecurityEnabled(this.conf);
if (isSecurityEnabled) {
HBaseSaslRpcServer.init(conf);
}

2
hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java
View File

@ -264,7 +264,7 @@ class ProtobufRpcEngine implements RpcEngine {
new ConcurrentHashMap<String, Method>();
private AuthenticationTokenSecretManager createSecretManager(){
if (!User.isSecurityEnabled() ||
if (!isSecurityEnabled ||
!(instance instanceof org.apache.hadoop.hbase.Server)) {
return null;
}

12
hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java
View File

@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.hbase.util.Methods;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapreduce.Job;
@ -184,12 +185,15 @@ public abstract class User {
}
/**
* Returns whether or not secure authentication is enabled for HBase
* (whether <code>hbase.security.authentication</code> is set to
* <code>kerberos</code>.
* Returns whether or not secure authentication is enabled for HBase. Note that
* HBase security requires HDFS security to provide any guarantees, so this requires that
* both <code>hbase.security.authentication</code> and <code>hadoop.security.authentication</code>
* are set to <code>kerberos</code>.
*/
public static boolean isHBaseSecurityEnabled(Configuration conf) {
return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY));
return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
"kerberos".equalsIgnoreCase(
conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
}
/* Concrete implementations */