HADOOP-7887. KerberosAuthenticatorHandler is not setting KerberosName name rules from configuration. (tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1211673 13f79535-47bb-0310-9956-ffa450edef68
2011-12-07 22:17:35 +00:00 · 2011-12-07 22:17:35 +00:00 · 58361d3f34
commit 58361d3f34
parent a27adf3de4
5 changed files with 58 additions and 2 deletions
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
@ -55,6 +55,8 @@
 * It does not have a default value.</li>
 * <li>kerberos.keytab: the keytab file containing the credentials for the Kerberos principal.
 * It does not have a default value.</li>
+ * <li>kerberos.name.rules: kerberos names rules to resolve principal names, see 
+ * {@link KerberosName#setRules(String)}</li>
 * </ul>
 */
 public class KerberosAuthenticationHandler implements AuthenticationHandler {
@ -151,6 +153,11 @@ public void init(Properties config) throws ServletException {
        throw new ServletException("Keytab does not exist: " + keytab);
      }

+      String nameRules = config.getProperty(NAME_RULES, null);
+      if (nameRules != null) {
+        KerberosName.setRules(nameRules);
+      }
+      
      Set<Principal> principals = new HashSet<Principal>();
      principals.add(new KerberosPrincipal(principal));
      Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
@ -385,6 +385,15 @@ public static void setRules(String ruleString) {
    rules = parseRules(ruleString);
  }

+  /**
+   * Indicates if the name rules have been set.
+   * 
+   * @return if the name rules have been set.
+   */
+  public static boolean hasRulesBeenSet() {
+    return rules != null;
+  }
+  
  static void printRules() throws IOException {
    int i = 0;
    for(Rule r: rules) {
--- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
+++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
@ -18,6 +18,7 @@
 import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
 import junit.framework.TestCase;
 import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.security.authentication.util.KerberosName;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSManager;
 import org.ietf.jgss.GSSName;
@ -59,6 +60,35 @@ protected void tearDown() throws Exception {
    super.tearDown();
  }

+  public void testNameRules() throws Exception {
+    KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
+    assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
+
+    //destroy handler created in setUp()
+    handler.destroy();
+
+    KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT");
+    
+    handler = new KerberosAuthenticationHandler();
+    Properties props = new Properties();
+    props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal());
+    props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile());
+    props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
+    try {
+      handler.init(props);
+    } catch (Exception ex) {
+    }
+    kn = new KerberosName("bar@BAR");
+    assertEquals("bar", kn.getShortName());
+    kn = new KerberosName("bar@FOO");
+    try {
+      kn.getShortName();
+      fail();
+    }
+    catch (Exception ex) {      
+    }
+  }
+  
  public void testInit() throws Exception {
    assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal());
    assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -117,6 +117,9 @@ Trunk (unreleased changes)

    HADOOP-7874. native libs should be under lib/native/ dir. (tucu)

+    HADOOP-7887. KerberosAuthenticatorHandler is not setting
+    KerberosName name rules from configuration. (tucu)
+
  OPTIMIZATIONS

    HADOOP-7761. Improve the performance of raw comparisons. (todd)
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
@ -56,12 +56,19 @@ public HadoopKerberosName(String name) {
  }
  /**
   * Set the static configuration to get the rules.
+   * <p/>
+   * IMPORTANT: This method does a NOP if the rules have been set already.
+   * If there is a need to reset the rules, the {@link KerberosName#setRules(String)}
+   * method should be invoked directly.
+   * 
   * @param conf the new configuration
   * @throws IOException
   */
  public static void setConfiguration(Configuration conf) throws IOException {
-    String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
-    setRules(ruleString);
+    if (!hasRulesBeenSet()) {
+      String ruleString = conf.get("hadoop.security.auth_to_local", "DEFAULT");
+      setRules(ruleString);
+    }
  }

  public static void main(String[] args) throws Exception {