diff --git a/common/CHANGES.txt b/common/CHANGES.txt index 952540dcf2..068b30e07f 100644 --- a/common/CHANGES.txt +++ b/common/CHANGES.txt @@ -277,6 +277,9 @@ Trunk (unreleased changes) HADOOP-7434. Display error when using "daemonlog -setlevel" with illegal level. (yanjinshuang via eli) + HADOOP-7463. Adding a configuration parameter to SecurityInfo interface. + (mahadev) + OPTIMIZATIONS HADOOP-7333. Performance improvement in PureJavaCrc32. (Eric Caspole diff --git a/common/src/java/org/apache/hadoop/ipc/Client.java b/common/src/java/org/apache/hadoop/ipc/Client.java index ea0d829349..63824c52f1 100644 --- a/common/src/java/org/apache/hadoop/ipc/Client.java +++ b/common/src/java/org/apache/hadoop/ipc/Client.java @@ -252,7 +252,7 @@ public Connection(ConnectionId remoteId) throws IOException { Class protocol = remoteId.getProtocol(); this.useSasl = UserGroupInformation.isSecurityEnabled(); if (useSasl && protocol != null) { - TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol); + TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol, conf); if (tokenInfo != null) { TokenSelector tokenSelector = null; try { @@ -267,7 +267,7 @@ public Connection(ConnectionId remoteId) throws IOException { .getHostAddress() + ":" + addr.getPort()), ticket.getTokens()); } - KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol); + KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf); if (krbInfo != null) { serverPrincipal = remoteId.getServerPrincipal(); if (LOG.isDebugEnabled()) { @@ -1285,7 +1285,7 @@ private static String getRemotePrincipal(Configuration conf, if (!UserGroupInformation.isSecurityEnabled() || protocol == null) { return null; } - KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol); + KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf); if (krbInfo != null) { String serverKey = krbInfo.serverPrincipal(); if (serverKey == null) { diff --git a/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java b/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java index 7fdfa106cc..a00547e36f 100644 --- a/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java +++ b/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java @@ -18,6 +18,7 @@ package org.apache.hadoop.security; +import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.token.TokenInfo; /** @@ -26,12 +27,12 @@ public class AnnotatedSecurityInfo extends SecurityInfo { @Override - public KerberosInfo getKerberosInfo(Class protocol) { + public KerberosInfo getKerberosInfo(Class protocol, Configuration conf) { return protocol.getAnnotation(KerberosInfo.class); } @Override - public TokenInfo getTokenInfo(Class protocol) { + public TokenInfo getTokenInfo(Class protocol, Configuration conf) { return protocol.getAnnotation(TokenInfo.class); } diff --git a/common/src/java/org/apache/hadoop/security/SecurityInfo.java b/common/src/java/org/apache/hadoop/security/SecurityInfo.java index 6cc3ec3e19..3132ec2a1a 100644 --- a/common/src/java/org/apache/hadoop/security/SecurityInfo.java +++ b/common/src/java/org/apache/hadoop/security/SecurityInfo.java @@ -18,8 +18,13 @@ package org.apache.hadoop.security; +import org.apache.hadoop.classification.InterfaceAudience.LimitedPrivate; +import org.apache.hadoop.classification.InterfaceStability.Evolving; +import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.token.TokenInfo; +@Evolving +@LimitedPrivate({"MapReduce", "HDFS"}) /** * Interface used by RPC to get the Security information for a given * protocol. @@ -29,15 +34,17 @@ public abstract class SecurityInfo { /** * Get the KerberosInfo for a given protocol. * @param protocol interface class + * @param conf configuration * @return KerberosInfo */ - public abstract KerberosInfo getKerberosInfo(Class protocol); + public abstract KerberosInfo getKerberosInfo(Class protocol, Configuration conf); /** * Get the TokenInfo for a given protocol. * @param protocol interface class + * @param conf configuration object. * @return TokenInfo instance */ - public abstract TokenInfo getTokenInfo(Class protocol); + public abstract TokenInfo getTokenInfo(Class protocol, Configuration conf); } diff --git a/common/src/java/org/apache/hadoop/security/SecurityUtil.java b/common/src/java/org/apache/hadoop/security/SecurityUtil.java index a59a2ecbff..089b086519 100644 --- a/common/src/java/org/apache/hadoop/security/SecurityUtil.java +++ b/common/src/java/org/apache/hadoop/security/SecurityUtil.java @@ -310,17 +310,18 @@ public static void setSecurityInfoProviders(SecurityInfo... providers) { * Look up the KerberosInfo for a given protocol. It searches all known * SecurityInfo providers. * @param protocol the protocol class to get the information for + * @param conf configuration object * @return the KerberosInfo or null if it has no KerberosInfo defined */ - public static KerberosInfo getKerberosInfo(Class protocol) { + public static KerberosInfo getKerberosInfo(Class protocol, Configuration conf) { for(SecurityInfo provider: testProviders) { - KerberosInfo result = provider.getKerberosInfo(protocol); + KerberosInfo result = provider.getKerberosInfo(protocol, conf); if (result != null) { return result; } } for(SecurityInfo provider: securityInfoProviders) { - KerberosInfo result = provider.getKerberosInfo(protocol); + KerberosInfo result = provider.getKerberosInfo(protocol, conf); if (result != null) { return result; } @@ -332,17 +333,18 @@ public static KerberosInfo getKerberosInfo(Class protocol) { * Look up the TokenInfo for a given protocol. It searches all known * SecurityInfo providers. * @param protocol The protocol class to get the information for. + * @conf conf Configuration object * @return the TokenInfo or null if it has no KerberosInfo defined */ - public static TokenInfo getTokenInfo(Class protocol) { + public static TokenInfo getTokenInfo(Class protocol, Configuration conf) { for(SecurityInfo provider: testProviders) { - TokenInfo result = provider.getTokenInfo(protocol); + TokenInfo result = provider.getTokenInfo(protocol, conf); if (result != null) { return result; } } for(SecurityInfo provider: securityInfoProviders) { - TokenInfo result = provider.getTokenInfo(protocol); + TokenInfo result = provider.getTokenInfo(protocol, conf); if (result != null) { return result; } diff --git a/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java b/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java index e12d1d852b..3a9ad0b5f5 100644 --- a/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java +++ b/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java @@ -84,7 +84,7 @@ public void authorize(UserGroupInformation user, } // get client principal key to verify (if available) - KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol); + KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf); String clientPrincipal = null; if (krbInfo != null) { String clientKey = krbInfo.clientPrincipal(); diff --git a/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java b/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java index ac9ab63b73..0b186a1eb1 100644 --- a/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java +++ b/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java @@ -193,7 +193,7 @@ public AuthenticationMethod getAuthMethod() throws IOException { public static class CustomSecurityInfo extends SecurityInfo { @Override - public KerberosInfo getKerberosInfo(Class protocol) { + public KerberosInfo getKerberosInfo(Class protocol, Configuration conf) { return new KerberosInfo() { @Override public Class annotationType() { @@ -211,7 +211,7 @@ public String clientPrincipal() { } @Override - public TokenInfo getTokenInfo(Class protocol) { + public TokenInfo getTokenInfo(Class protocol, Configuration conf) { return new TokenInfo() { @Override public Class