diff --git a/CHANGES.txt b/CHANGES.txt index 3b50965ed2..9fe0bf3d7a 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -471,6 +471,9 @@ Release 0.22.0 - Unreleased HADOOP-7126. Fix file permission setting for RawLocalFileSystem on Windows. (Po Cheung via shv) + HADOOP-6642. Fix javac, javadoc, findbugs warnings related to security work. + (Chris Douglas, Po Cheung via shv) + Release 0.21.1 - Unreleased IMPROVEMENTS diff --git a/src/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java b/src/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java index ad9ea8106e..c8be9fd711 100644 --- a/src/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java +++ b/src/java/org/apache/hadoop/security/Krb5AndCertsSslSocketConnector.java @@ -20,6 +20,8 @@ import java.net.InetAddress; import java.net.ServerSocket; import java.security.Principal; +import java.util.Collections; +import java.util.List; import java.util.Random; import javax.net.ssl.SSLContext; @@ -52,10 +54,11 @@ * running with Kerberos support. */ public class Krb5AndCertsSslSocketConnector extends SslSocketConnector { - public static final String[] KRB5_CIPHER_SUITES = - new String [] {"TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}; + public static final List KRB5_CIPHER_SUITES = + Collections.unmodifiableList(Collections.singletonList( + "TLS_KRB5_WITH_3DES_EDE_CBC_SHA")); static { - System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES[0]); + System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0)); } private static final Log LOG = LogFactory @@ -136,11 +139,12 @@ protected ServerSocket newServerSocket(String host, int port, int backlog) String [] combined; if(useCerts) { // combine the cipher suites String[] certs = ss.getEnabledCipherSuites(); - combined = new String[certs.length + KRB5_CIPHER_SUITES.length]; + combined = new String[certs.length + KRB5_CIPHER_SUITES.size()]; System.arraycopy(certs, 0, combined, 0, certs.length); - System.arraycopy(KRB5_CIPHER_SUITES, 0, combined, certs.length, KRB5_CIPHER_SUITES.length); + System.arraycopy(KRB5_CIPHER_SUITES.toArray(new String[0]), 0, combined, + certs.length, KRB5_CIPHER_SUITES.size()); } else { // Just enable Kerberos auth - combined = KRB5_CIPHER_SUITES; + combined = KRB5_CIPHER_SUITES.toArray(new String[0]); } ss.setEnabledCipherSuites(combined); diff --git a/src/java/org/apache/hadoop/security/SaslRpcServer.java b/src/java/org/apache/hadoop/security/SaslRpcServer.java index cc594b8d0e..b0588c27fd 100644 --- a/src/java/org/apache/hadoop/security/SaslRpcServer.java +++ b/src/java/org/apache/hadoop/security/SaslRpcServer.java @@ -238,8 +238,8 @@ public void handle(Callback[] callbacks) throws InvalidToken, } if (ac.isAuthorized()) { if (LOG.isDebugEnabled()) { - String username = getIdentifier(authzid, secretManager).getUser() - .getUserName().toString(); + String username = + getIdentifier(authzid, secretManager).getUser().getUserName(); LOG.debug("SASL server DIGEST-MD5 callback: setting " + "canonicalized client ID: " + username); }