HDFS-14322. RBF: Security manager should not load if security is disabled. Contributed by CR Hota.

This commit is contained in:
Inigo Goiri 2019-02-27 18:34:42 -08:00 committed by Brahma Reddy Battula
parent c4b1fa91fa
commit 1c7ab59be3

View File

@ -26,6 +26,7 @@
import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer; import org.apache.hadoop.hdfs.server.federation.router.RouterRpcServer;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.SecretManager;
@ -49,8 +50,14 @@ public class RouterSecurityManager {
dtSecretManager = null; dtSecretManager = null;
public RouterSecurityManager(Configuration conf) { public RouterSecurityManager(Configuration conf) {
AuthenticationMethod authMethodConfigured =
SecurityUtil.getAuthenticationMethod(conf);
AuthenticationMethod authMethodToInit =
AuthenticationMethod.KERBEROS;
if (authMethodConfigured.equals(authMethodToInit)) {
this.dtSecretManager = newSecretManager(conf); this.dtSecretManager = newSecretManager(conf);
} }
}
@VisibleForTesting @VisibleForTesting
public RouterSecurityManager(AbstractDelegationTokenSecretManager public RouterSecurityManager(AbstractDelegationTokenSecretManager
@ -78,7 +85,8 @@ public RouterSecurityManager(AbstractDelegationTokenSecretManager
constructor.newInstance(conf); constructor.newInstance(conf);
LOG.info("Delegation token secret manager object instantiated"); LOG.info("Delegation token secret manager object instantiated");
} catch (ReflectiveOperationException e) { } catch (ReflectiveOperationException e) {
LOG.error("Could not instantiate: {}", clazz.getSimpleName(), e); LOG.error("Could not instantiate: {}", clazz.getSimpleName(),
e.getCause());
return null; return null;
} catch (RuntimeException e) { } catch (RuntimeException e) {
LOG.error("RuntimeException to instantiate: {}", LOG.error("RuntimeException to instantiate: {}",