From 255ea45e50e102505ee61eb0ba45ea93035abe3c Mon Sep 17 00:00:00 2001 From: Chris Nauroth Date: Tue, 26 Jul 2016 15:33:20 -0700 Subject: [PATCH] HADOOP-13422. ZKDelegationTokenSecretManager JaasConfig does not work well with other ZK users in process. Contributed by Sergey Shelukhin. --- .../security/authentication/util/ZKSignerSecretProvider.java | 5 ++++- .../token/delegation/ZKDelegationTokenSecretManager.java | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java index 0e75cbda93..1d16b2d6bd 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/ZKSignerSecretProvider.java @@ -436,6 +436,8 @@ public List getAclForPath(String path) { @InterfaceAudience.Private public static class JaasConfiguration extends Configuration { + private final javax.security.auth.login.Configuration baseConfig = + javax.security.auth.login.Configuration.getConfiguration(); private static AppConfigurationEntry[] entry; private String entryName; @@ -468,7 +470,8 @@ public JaasConfiguration(String entryName, String principal, String keytab) { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { - return (entryName.equals(name)) ? entry : null; + return (entryName.equals(name)) ? entry : ((baseConfig != null) + ? baseConfig.getAppConfigurationEntry(name) : null); } private String getKrb5LoginModuleName() { diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager.java index 88b81b0667..c3ad9f35cd 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager.java @@ -242,6 +242,8 @@ private String setJaasConfiguration(Configuration config) throws Exception { public static class JaasConfiguration extends javax.security.auth.login.Configuration { + private final javax.security.auth.login.Configuration baseConfig = + javax.security.auth.login.Configuration.getConfiguration(); private static AppConfigurationEntry[] entry; private String entryName; @@ -277,7 +279,8 @@ public JaasConfiguration(String entryName, String principal, String keytab) { @Override public AppConfigurationEntry[] getAppConfigurationEntry(String name) { - return (entryName.equals(name)) ? entry : null; + return (entryName.equals(name)) ? entry : ((baseConfig != null) + ? baseConfig.getAppConfigurationEntry(name) : null); } private String getKrb5LoginModuleName() {