HDFS-4540. Namenode http server should use the web authentication keytab for spnego principal. Contributed by Arpit Gupta.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1453025 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
97ccd64401
commit
a82e67af6c
@ -343,6 +343,9 @@ Release 2.0.4-beta - UNRELEASED
|
|||||||
datanode to write the logs to right dir by default. (Arpit Gupta via
|
datanode to write the logs to right dir by default. (Arpit Gupta via
|
||||||
suresh)
|
suresh)
|
||||||
|
|
||||||
|
HDFS-4540. Namenode http server should use the web authentication
|
||||||
|
keytab for spnego principal. (Arpit Gupta via suresh)
|
||||||
|
|
||||||
Release 2.0.3-alpha - 2013-02-06
|
Release 2.0.3-alpha - 2013-02-06
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -1259,4 +1259,20 @@ public class DFSUtil {
|
|||||||
"It should be a positive, non-zero integer value.");
|
"It should be a positive, non-zero integer value.");
|
||||||
return blocksReplWorkMultiplier;
|
return blocksReplWorkMultiplier;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get SPNEGO keytab Key from configuration
|
||||||
|
*
|
||||||
|
* @param conf
|
||||||
|
* Configuration
|
||||||
|
* @param defaultKey
|
||||||
|
* @return DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY if the key is not empty
|
||||||
|
* else return defaultKey
|
||||||
|
*/
|
||||||
|
public static String getSpnegoKeytabKey(Configuration conf, String defaultKey) {
|
||||||
|
String value =
|
||||||
|
conf.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY);
|
||||||
|
return (value == null || value.isEmpty()) ?
|
||||||
|
defaultKey : DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY;
|
||||||
|
}
|
||||||
}
|
}
|
@ -25,10 +25,10 @@ import java.util.Map;
|
|||||||
|
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
||||||
|
import org.apache.hadoop.hdfs.DFSUtil;
|
||||||
import org.apache.hadoop.hdfs.server.common.JspHelper;
|
import org.apache.hadoop.hdfs.server.common.JspHelper;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
|
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
|
||||||
import org.apache.hadoop.hdfs.web.AuthFilter;
|
import org.apache.hadoop.hdfs.web.AuthFilter;
|
||||||
@ -77,7 +77,8 @@ public class NameNodeHttpServer {
|
|||||||
if (UserGroupInformation.isSecurityEnabled()) {
|
if (UserGroupInformation.isSecurityEnabled()) {
|
||||||
initSpnego(conf,
|
initSpnego(conf,
|
||||||
DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
|
||||||
DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY);
|
DFSUtil.getSpnegoKeytabKey(conf,
|
||||||
|
DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY));
|
||||||
}
|
}
|
||||||
if (WebHdfsFileSystem.isEnabled(conf, LOG)) {
|
if (WebHdfsFileSystem.isEnabled(conf, LOG)) {
|
||||||
//add SPNEGO authentication filter for webhdfs
|
//add SPNEGO authentication filter for webhdfs
|
||||||
|
@ -641,4 +641,24 @@ public class TestDFSUtil {
|
|||||||
assertFalse(DFSUtil.isValidName("/foo/:/bar"));
|
assertFalse(DFSUtil.isValidName("/foo/:/bar"));
|
||||||
assertFalse(DFSUtil.isValidName("/foo:bar"));
|
assertFalse(DFSUtil.isValidName("/foo:bar"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test(timeout=5000)
|
||||||
|
public void testGetSpnegoKeytabKey() {
|
||||||
|
HdfsConfiguration conf = new HdfsConfiguration();
|
||||||
|
String defaultKey = "default.spengo.key";
|
||||||
|
conf.unset(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY);
|
||||||
|
assertEquals("Test spnego key in config is null", defaultKey,
|
||||||
|
DFSUtil.getSpnegoKeytabKey(conf, defaultKey));
|
||||||
|
|
||||||
|
conf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY, "");
|
||||||
|
assertEquals("Test spnego key is empty", defaultKey,
|
||||||
|
DFSUtil.getSpnegoKeytabKey(conf, defaultKey));
|
||||||
|
|
||||||
|
String spengoKey = "spengo.key";
|
||||||
|
conf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
|
||||||
|
spengoKey);
|
||||||
|
assertEquals("Test spnego key is NOT null",
|
||||||
|
DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
|
||||||
|
DFSUtil.getSpnegoKeytabKey(conf, defaultKey));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user