SPNEGO TLS verification
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit ba66f3b454
)
This commit is contained in:
parent
ccebc9d9d0
commit
0f27c04c23
@ -152,6 +152,7 @@ public class WebHdfsFileSystem extends FileSystem
|
|||||||
+ "/v" + VERSION;
|
+ "/v" + VERSION;
|
||||||
public static final String EZ_HEADER = "X-Hadoop-Accept-EZ";
|
public static final String EZ_HEADER = "X-Hadoop-Accept-EZ";
|
||||||
public static final String FEFINFO_HEADER = "X-Hadoop-feInfo";
|
public static final String FEFINFO_HEADER = "X-Hadoop-feInfo";
|
||||||
|
public static final String DFS_HTTP_POLICY_KEY = "dfs.http.policy";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default connection factory may be overridden in tests to use smaller
|
* Default connection factory may be overridden in tests to use smaller
|
||||||
@ -181,6 +182,7 @@ public class WebHdfsFileSystem extends FileSystem
|
|||||||
|
|
||||||
private DFSOpsCountStatistics storageStatistics;
|
private DFSOpsCountStatistics storageStatistics;
|
||||||
private KeyProvider testProvider;
|
private KeyProvider testProvider;
|
||||||
|
private boolean isTLSKrb;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the protocol scheme for the FileSystem.
|
* Return the protocol scheme for the FileSystem.
|
||||||
@ -242,6 +244,7 @@ public synchronized void initialize(URI uri, Configuration conf
|
|||||||
.newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf);
|
.newDefaultURLConnectionFactory(connectTimeout, readTimeout, conf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
this.isTLSKrb = "HTTPS_ONLY".equals(conf.get(DFS_HTTP_POLICY_KEY));
|
||||||
|
|
||||||
ugi = UserGroupInformation.getCurrentUser();
|
ugi = UserGroupInformation.getCurrentUser();
|
||||||
this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
|
this.uri = URI.create(uri.getScheme() + "://" + uri.getAuthority());
|
||||||
@ -699,6 +702,11 @@ protected HttpURLConnection connect(URL url) throws IOException {
|
|||||||
//redirect hostname and port
|
//redirect hostname and port
|
||||||
redirectHost = null;
|
redirectHost = null;
|
||||||
|
|
||||||
|
if (url.getProtocol().equals(getTransportScheme()) &&
|
||||||
|
UserGroupInformation.isSecurityEnabled() &&
|
||||||
|
isTLSKrb) {
|
||||||
|
throw new IOException("Access denied: dfs.http.policy is HTTPS_ONLY.");
|
||||||
|
}
|
||||||
|
|
||||||
// resolve redirects for a DN operation unless already resolved
|
// resolve redirects for a DN operation unless already resolved
|
||||||
if (op.getRedirect() && !redirected) {
|
if (op.getRedirect() && !redirected) {
|
||||||
|
Loading…
Reference in New Issue
Block a user