HADOOP-7463. Adding a configuration parameter to SecurityInfo interface. (mahadev)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1150565 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
00b526a146
commit
85461fb0fa
@ -277,6 +277,9 @@ Trunk (unreleased changes)
|
||||
HADOOP-7434. Display error when using "daemonlog -setlevel" with
|
||||
illegal level. (yanjinshuang via eli)
|
||||
|
||||
HADOOP-7463. Adding a configuration parameter to SecurityInfo interface.
|
||||
(mahadev)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
HADOOP-7333. Performance improvement in PureJavaCrc32. (Eric Caspole
|
||||
|
@ -252,7 +252,7 @@ public Connection(ConnectionId remoteId) throws IOException {
|
||||
Class<?> protocol = remoteId.getProtocol();
|
||||
this.useSasl = UserGroupInformation.isSecurityEnabled();
|
||||
if (useSasl && protocol != null) {
|
||||
TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol);
|
||||
TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol, conf);
|
||||
if (tokenInfo != null) {
|
||||
TokenSelector<? extends TokenIdentifier> tokenSelector = null;
|
||||
try {
|
||||
@ -267,7 +267,7 @@ public Connection(ConnectionId remoteId) throws IOException {
|
||||
.getHostAddress() + ":" + addr.getPort()),
|
||||
ticket.getTokens());
|
||||
}
|
||||
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol);
|
||||
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
|
||||
if (krbInfo != null) {
|
||||
serverPrincipal = remoteId.getServerPrincipal();
|
||||
if (LOG.isDebugEnabled()) {
|
||||
@ -1285,7 +1285,7 @@ private static String getRemotePrincipal(Configuration conf,
|
||||
if (!UserGroupInformation.isSecurityEnabled() || protocol == null) {
|
||||
return null;
|
||||
}
|
||||
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol);
|
||||
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
|
||||
if (krbInfo != null) {
|
||||
String serverKey = krbInfo.serverPrincipal();
|
||||
if (serverKey == null) {
|
||||
|
@ -18,6 +18,7 @@
|
||||
|
||||
package org.apache.hadoop.security;
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.security.token.TokenInfo;
|
||||
|
||||
/**
|
||||
@ -26,12 +27,12 @@
|
||||
public class AnnotatedSecurityInfo extends SecurityInfo {
|
||||
|
||||
@Override
|
||||
public KerberosInfo getKerberosInfo(Class<?> protocol) {
|
||||
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
|
||||
return protocol.getAnnotation(KerberosInfo.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public TokenInfo getTokenInfo(Class<?> protocol) {
|
||||
public TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
|
||||
return protocol.getAnnotation(TokenInfo.class);
|
||||
}
|
||||
|
||||
|
@ -18,8 +18,13 @@
|
||||
|
||||
package org.apache.hadoop.security;
|
||||
|
||||
import org.apache.hadoop.classification.InterfaceAudience.LimitedPrivate;
|
||||
import org.apache.hadoop.classification.InterfaceStability.Evolving;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.security.token.TokenInfo;
|
||||
|
||||
@Evolving
|
||||
@LimitedPrivate({"MapReduce", "HDFS"})
|
||||
/**
|
||||
* Interface used by RPC to get the Security information for a given
|
||||
* protocol.
|
||||
@ -29,15 +34,17 @@ public abstract class SecurityInfo {
|
||||
/**
|
||||
* Get the KerberosInfo for a given protocol.
|
||||
* @param protocol interface class
|
||||
* @param conf configuration
|
||||
* @return KerberosInfo
|
||||
*/
|
||||
public abstract KerberosInfo getKerberosInfo(Class<?> protocol);
|
||||
public abstract KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf);
|
||||
|
||||
/**
|
||||
* Get the TokenInfo for a given protocol.
|
||||
* @param protocol interface class
|
||||
* @param conf configuration object.
|
||||
* @return TokenInfo instance
|
||||
*/
|
||||
public abstract TokenInfo getTokenInfo(Class<?> protocol);
|
||||
public abstract TokenInfo getTokenInfo(Class<?> protocol, Configuration conf);
|
||||
|
||||
}
|
||||
|
@ -310,17 +310,18 @@ public static void setSecurityInfoProviders(SecurityInfo... providers) {
|
||||
* Look up the KerberosInfo for a given protocol. It searches all known
|
||||
* SecurityInfo providers.
|
||||
* @param protocol the protocol class to get the information for
|
||||
* @param conf configuration object
|
||||
* @return the KerberosInfo or null if it has no KerberosInfo defined
|
||||
*/
|
||||
public static KerberosInfo getKerberosInfo(Class<?> protocol) {
|
||||
public static KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
|
||||
for(SecurityInfo provider: testProviders) {
|
||||
KerberosInfo result = provider.getKerberosInfo(protocol);
|
||||
KerberosInfo result = provider.getKerberosInfo(protocol, conf);
|
||||
if (result != null) {
|
||||
return result;
|
||||
}
|
||||
}
|
||||
for(SecurityInfo provider: securityInfoProviders) {
|
||||
KerberosInfo result = provider.getKerberosInfo(protocol);
|
||||
KerberosInfo result = provider.getKerberosInfo(protocol, conf);
|
||||
if (result != null) {
|
||||
return result;
|
||||
}
|
||||
@ -332,17 +333,18 @@ public static KerberosInfo getKerberosInfo(Class<?> protocol) {
|
||||
* Look up the TokenInfo for a given protocol. It searches all known
|
||||
* SecurityInfo providers.
|
||||
* @param protocol The protocol class to get the information for.
|
||||
* @conf conf Configuration object
|
||||
* @return the TokenInfo or null if it has no KerberosInfo defined
|
||||
*/
|
||||
public static TokenInfo getTokenInfo(Class<?> protocol) {
|
||||
public static TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
|
||||
for(SecurityInfo provider: testProviders) {
|
||||
TokenInfo result = provider.getTokenInfo(protocol);
|
||||
TokenInfo result = provider.getTokenInfo(protocol, conf);
|
||||
if (result != null) {
|
||||
return result;
|
||||
}
|
||||
}
|
||||
for(SecurityInfo provider: securityInfoProviders) {
|
||||
TokenInfo result = provider.getTokenInfo(protocol);
|
||||
TokenInfo result = provider.getTokenInfo(protocol, conf);
|
||||
if (result != null) {
|
||||
return result;
|
||||
}
|
||||
|
@ -84,7 +84,7 @@ public void authorize(UserGroupInformation user,
|
||||
}
|
||||
|
||||
// get client principal key to verify (if available)
|
||||
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol);
|
||||
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
|
||||
String clientPrincipal = null;
|
||||
if (krbInfo != null) {
|
||||
String clientKey = krbInfo.clientPrincipal();
|
||||
|
@ -193,7 +193,7 @@ public AuthenticationMethod getAuthMethod() throws IOException {
|
||||
public static class CustomSecurityInfo extends SecurityInfo {
|
||||
|
||||
@Override
|
||||
public KerberosInfo getKerberosInfo(Class<?> protocol) {
|
||||
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
|
||||
return new KerberosInfo() {
|
||||
@Override
|
||||
public Class<? extends Annotation> annotationType() {
|
||||
@ -211,7 +211,7 @@ public String clientPrincipal() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public TokenInfo getTokenInfo(Class<?> protocol) {
|
||||
public TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
|
||||
return new TokenInfo() {
|
||||
@Override
|
||||
public Class<? extends TokenSelector<? extends
|
||||
|
Loading…
Reference in New Issue
Block a user