Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-5062 Missing logons if security is enabled 

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1220829 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Michael Stack 2011-12-19 16:26:22 +00:00
parent 818adb795b
commit a46959a370
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/org/apache/hadoop/hbase/rest/Main.java
View File

@ -31,7 +31,10 @@ import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.rest.filter.GzipFilter;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.hbase.util.VersionInfo;
import org.apache.hadoop.net.DNS;
import java.util.List;
import java.util.ArrayList;
@ -137,6 +140,16 @@ public class Main implements Constants {
context.addServlet(sh, "/*");
context.addFilter(GzipFilter.class, "/*", 0);
// login the server principal (if using secure Hadoop)
if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
String machineName = Strings.domainNamePointerToHostName(
DNS.getDefaultHost(conf.get("hbase.rest.dns.interface", "default"),
conf.get("hbase.rest.dns.nameserver", "default")));
User.login(conf, "hbase.rest.keytab.file", "hbase.rest.kerberos.principal",
machineName);
}
// start server
server.start();
server.join();
}

13
src/main/java/org/apache/hadoop/hbase/thrift/ThriftServer.java
View File

@ -58,6 +58,9 @@ import org.apache.hadoop.hbase.client.ResultScanner;
import org.apache.hadoop.hbase.client.Scan;
import org.apache.hadoop.hbase.filter.Filter;
import org.apache.hadoop.hbase.filter.ParseFilter;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.net.DNS;
import org.apache.hadoop.hbase.filter.PrefixFilter;
import org.apache.hadoop.hbase.filter.WhileMatchFilter;
import org.apache.hadoop.hbase.thrift.generated.AlreadyExists;
@ -1241,6 +1244,16 @@ public class ThriftServer {
server.getClass().getName());
}
// login the server principal (if using secure Hadoop)
Configuration conf = handler.conf;
if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) {
String machineName = Strings.domainNamePointerToHostName(
DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"),
conf.get("hbase.thrift.dns.nameserver", "default")));
User.login(conf, "hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal",
machineName);
}
server.serve();
}

14
src/main/java/org/apache/hadoop/hbase/util/Strings.java
View File

@ -58,4 +58,18 @@ public class Strings {
}
return sb.append(key).append(separator).append(value);
}
/**
* Given a PTR string generated via reverse DNS lookup, return everything
* except the trailing period. Example for host.example.com., return
* host.example.com
* @param dnPtr a domain name pointer (PTR) string.
* @return Sanitized hostname with last period stripped off.
*
*/
public static String domainNamePointerToHostName(String dnPtr) {
if (dnPtr == null)
return null;
return dnPtr.endsWith(".") ? dnPtr.substring(0, dnPtr.length()-1) : dnPtr;
}
}