diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java index b512e5aff5..215d5d53e2 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/security/RouterSecurityManager.java @@ -51,13 +51,16 @@ public class RouterSecurityManager { private AbstractDelegationTokenSecretManager dtSecretManager = null; - public RouterSecurityManager(Configuration conf) { + public RouterSecurityManager(Configuration conf) throws IOException { AuthenticationMethod authMethodConfigured = SecurityUtil.getAuthenticationMethod(conf); AuthenticationMethod authMethodToInit = AuthenticationMethod.KERBEROS; if (authMethodConfigured.equals(authMethodToInit)) { this.dtSecretManager = FederationUtil.newSecretManager(conf); + if (this.dtSecretManager == null) { + throw new IOException("Failed to create SecretManager"); + } } } diff --git a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java index 7568f6e46f..05f371c2e2 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java +++ b/hadoop-hdfs-project/hadoop-hdfs-rbf/src/test/java/org/apache/hadoop/hdfs/server/federation/security/TestRouterSecurityManager.java @@ -26,17 +26,20 @@ import org.apache.hadoop.hdfs.server.federation.RouterConfigBuilder; import org.apache.hadoop.hdfs.server.federation.router.security.RouterSecurityManager; import org.apache.hadoop.hdfs.server.federation.router.Router; +import org.apache.hadoop.hdfs.server.federation.router.security.token.ZKDelegationTokenSecretManagerImpl; import org.apache.hadoop.io.Text; import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager; +import org.apache.hadoop.service.ServiceStateException; import org.junit.rules.ExpectedException; import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; +import static org.apache.hadoop.test.LambdaTestUtils.intercept; import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -77,7 +80,7 @@ public static void createMockSecretManager() throws IOException { public ExpectedException exceptionRule = ExpectedException.none(); @Test - public void testCreateSecretManagerUsingReflection() { + public void testCreateSecretManagerUsingReflection() throws IOException { Configuration conf = new HdfsConfiguration(); conf.set( DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS, @@ -187,4 +190,15 @@ private static String[] getUserGroupForTesting() { String[] groupsForTesting = {"router_group"}; return groupsForTesting; } + + @Test + public void testWithoutSecretManager() throws Exception { + Configuration conf = initSecurity(); + conf.set(DFS_ROUTER_DELEGATION_TOKEN_DRIVER_CLASS, + ZKDelegationTokenSecretManagerImpl.class.getName()); + Router router = new Router(); + // router will throw an exception since zookeeper isn't running + intercept(ServiceStateException.class, "Failed to create SecretManager", + () -> router.init(conf)); + } }