From 85461fb0fa36c82a85b7787162541cdc83e9c237 Mon Sep 17 00:00:00 2001
From: Mahadev Konar <mahadev@apache.org>
Date: Mon, 25 Jul 2011 07:48:54 +0000
Subject: [PATCH] HADOOP-7463. Adding a configuration parameter to SecurityInfo
 interface. (mahadev)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1150565 13f79535-47bb-0310-9956-ffa450edef68
---
 common/CHANGES.txt                                 |  3 +++
 common/src/java/org/apache/hadoop/ipc/Client.java  |  6 +++---
 .../hadoop/security/AnnotatedSecurityInfo.java     |  5 +++--
 .../org/apache/hadoop/security/SecurityInfo.java   | 11 +++++++++--
 .../org/apache/hadoop/security/SecurityUtil.java   | 14 ++++++++------
 .../authorize/ServiceAuthorizationManager.java     |  2 +-
 .../core/org/apache/hadoop/ipc/TestSaslRPC.java    |  4 ++--
 7 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/common/CHANGES.txt b/common/CHANGES.txt
index 952540dcf2..068b30e07f 100644
--- a/common/CHANGES.txt
+++ b/common/CHANGES.txt
@@ -277,6 +277,9 @@ Trunk (unreleased changes)
     HADOOP-7434. Display error when using "daemonlog -setlevel" with
     illegal level. (yanjinshuang via eli)
 
+    HADOOP-7463. Adding a configuration parameter to SecurityInfo interface.
+    (mahadev)
+
   OPTIMIZATIONS
   
     HADOOP-7333. Performance improvement in PureJavaCrc32. (Eric Caspole
diff --git a/common/src/java/org/apache/hadoop/ipc/Client.java b/common/src/java/org/apache/hadoop/ipc/Client.java
index ea0d829349..63824c52f1 100644
--- a/common/src/java/org/apache/hadoop/ipc/Client.java
+++ b/common/src/java/org/apache/hadoop/ipc/Client.java
@@ -252,7 +252,7 @@ public Connection(ConnectionId remoteId) throws IOException {
       Class<?> protocol = remoteId.getProtocol();
       this.useSasl = UserGroupInformation.isSecurityEnabled();
       if (useSasl && protocol != null) {
-        TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol);
+        TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol, conf);
         if (tokenInfo != null) {
           TokenSelector<? extends TokenIdentifier> tokenSelector = null;
           try {
@@ -267,7 +267,7 @@ public Connection(ConnectionId remoteId) throws IOException {
               .getHostAddress() + ":" + addr.getPort()), 
               ticket.getTokens());
         }
-        KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol);
+        KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
         if (krbInfo != null) {
           serverPrincipal = remoteId.getServerPrincipal();
           if (LOG.isDebugEnabled()) {
@@ -1285,7 +1285,7 @@ private static String getRemotePrincipal(Configuration conf,
       if (!UserGroupInformation.isSecurityEnabled() || protocol == null) {
         return null;
       }
-      KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol);
+      KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
       if (krbInfo != null) {
         String serverKey = krbInfo.serverPrincipal();
         if (serverKey == null) {
diff --git a/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java b/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java
index 7fdfa106cc..a00547e36f 100644
--- a/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java
+++ b/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java
@@ -18,6 +18,7 @@
 
 package org.apache.hadoop.security;
 
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.token.TokenInfo;
 
 /**
@@ -26,12 +27,12 @@
 public class AnnotatedSecurityInfo extends SecurityInfo {
 
   @Override
-  public KerberosInfo getKerberosInfo(Class<?> protocol) {
+  public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
     return protocol.getAnnotation(KerberosInfo.class);
   }
 
   @Override
-  public TokenInfo getTokenInfo(Class<?> protocol) {
+  public TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
     return protocol.getAnnotation(TokenInfo.class);
   }
 
diff --git a/common/src/java/org/apache/hadoop/security/SecurityInfo.java b/common/src/java/org/apache/hadoop/security/SecurityInfo.java
index 6cc3ec3e19..3132ec2a1a 100644
--- a/common/src/java/org/apache/hadoop/security/SecurityInfo.java
+++ b/common/src/java/org/apache/hadoop/security/SecurityInfo.java
@@ -18,8 +18,13 @@
 
 package org.apache.hadoop.security;
 
+import org.apache.hadoop.classification.InterfaceAudience.LimitedPrivate;
+import org.apache.hadoop.classification.InterfaceStability.Evolving;
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.token.TokenInfo;
 
+@Evolving
+@LimitedPrivate({"MapReduce", "HDFS"})
 /**
  * Interface used by RPC to get the Security information for a given 
  * protocol.
@@ -29,15 +34,17 @@ public abstract class SecurityInfo {
   /**
    * Get the KerberosInfo for a given protocol.
    * @param protocol interface class
+   * @param conf configuration
    * @return KerberosInfo
    */
-  public abstract KerberosInfo getKerberosInfo(Class<?> protocol);
+  public abstract KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf);
 
   /**
    * Get the TokenInfo for a given protocol.
    * @param protocol interface class
+   * @param conf configuration object.
    * @return TokenInfo instance
    */
-  public abstract TokenInfo getTokenInfo(Class<?> protocol);
+  public abstract TokenInfo getTokenInfo(Class<?> protocol, Configuration conf);
 
 }
diff --git a/common/src/java/org/apache/hadoop/security/SecurityUtil.java b/common/src/java/org/apache/hadoop/security/SecurityUtil.java
index a59a2ecbff..089b086519 100644
--- a/common/src/java/org/apache/hadoop/security/SecurityUtil.java
+++ b/common/src/java/org/apache/hadoop/security/SecurityUtil.java
@@ -310,17 +310,18 @@ public static void setSecurityInfoProviders(SecurityInfo... providers) {
    * Look up the KerberosInfo for a given protocol. It searches all known
    * SecurityInfo providers.
    * @param protocol the protocol class to get the information for
+   * @param conf configuration object
    * @return the KerberosInfo or null if it has no KerberosInfo defined
    */
-  public static KerberosInfo getKerberosInfo(Class<?> protocol) {
+  public static KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
     for(SecurityInfo provider: testProviders) {
-      KerberosInfo result = provider.getKerberosInfo(protocol);
+      KerberosInfo result = provider.getKerberosInfo(protocol, conf);
       if (result != null) {
         return result;
       }
     }
     for(SecurityInfo provider: securityInfoProviders) {
-      KerberosInfo result = provider.getKerberosInfo(protocol);
+      KerberosInfo result = provider.getKerberosInfo(protocol, conf);
       if (result != null) {
         return result;
       }
@@ -332,17 +333,18 @@ public static KerberosInfo getKerberosInfo(Class<?> protocol) {
    * Look up the TokenInfo for a given protocol. It searches all known
    * SecurityInfo providers.
    * @param protocol The protocol class to get the information for.
+   * @conf conf Configuration object
    * @return the TokenInfo or null if it has no KerberosInfo defined
    */
-  public static TokenInfo getTokenInfo(Class<?> protocol) {
+  public static TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
     for(SecurityInfo provider: testProviders) {
-      TokenInfo result = provider.getTokenInfo(protocol);
+      TokenInfo result = provider.getTokenInfo(protocol, conf);
       if (result != null) {
         return result;
       }      
     }
     for(SecurityInfo provider: securityInfoProviders) {
-      TokenInfo result = provider.getTokenInfo(protocol);
+      TokenInfo result = provider.getTokenInfo(protocol, conf);
       if (result != null) {
         return result;
       }
diff --git a/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java b/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
index e12d1d852b..3a9ad0b5f5 100644
--- a/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
+++ b/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
@@ -84,7 +84,7 @@ public void authorize(UserGroupInformation user,
     }
     
     // get client principal key to verify (if available)
-    KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol);
+    KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
     String clientPrincipal = null; 
     if (krbInfo != null) {
       String clientKey = krbInfo.clientPrincipal();
diff --git a/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java b/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java
index ac9ab63b73..0b186a1eb1 100644
--- a/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java
+++ b/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java
@@ -193,7 +193,7 @@ public AuthenticationMethod getAuthMethod() throws IOException {
   public static class CustomSecurityInfo extends SecurityInfo {
 
     @Override
-    public KerberosInfo getKerberosInfo(Class<?> protocol) {
+    public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
       return new KerberosInfo() {
         @Override
         public Class<? extends Annotation> annotationType() {
@@ -211,7 +211,7 @@ public String clientPrincipal() {
     }
 
     @Override
-    public TokenInfo getTokenInfo(Class<?> protocol) {
+    public TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
       return new TokenInfo() {
         @Override
         public Class<? extends TokenSelector<? extends