From b2f619752355d4ef6733935c020f57c8a26d82e1 Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Tue, 7 Oct 2014 14:46:59 -0700 Subject: [PATCH] HADOOP-11169. Fix DelegationTokenAuthenticatedURL to pass the connection Configurator to the authenticator. (Arun Suresh via wang) --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../web/DelegationTokenAuthenticatedURL.java | 12 +++++++++--- .../delegation/web/DelegationTokenAuthenticator.java | 4 +++- .../apache/hadoop/crypto/key/kms/server/TestKMS.java | 5 +++++ 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 8bde810e5b..9e3508c170 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -803,6 +803,9 @@ Release 2.6.0 - UNRELEASED HADOOP-11168. Remove duplicated entry "dfs.webhdfs.enabled" in the useri doc. (Yi Liu via wheat9) + HADOOP-11169. Fix DelegationTokenAuthenticatedURL to pass the connection + Configurator to the authenticator. (Arun Suresh via wang) + BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS HADOOP-10734. Implement high-performance secure random number sources. diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java index 5aeb1772c8..8c7cbdf0e7 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticatedURL.java @@ -117,9 +117,14 @@ public static void setDefaultDelegationTokenAuthenticator( } private static DelegationTokenAuthenticator - obtainDelegationTokenAuthenticator(DelegationTokenAuthenticator dta) { + obtainDelegationTokenAuthenticator(DelegationTokenAuthenticator dta, + ConnectionConfigurator connConfigurator) { try { - return (dta != null) ? dta : DEFAULT_AUTHENTICATOR.newInstance(); + if (dta == null) { + dta = DEFAULT_AUTHENTICATOR.newInstance(); + dta.setConnectionConfigurator(connConfigurator); + } + return dta; } catch (Exception ex) { throw new IllegalArgumentException(ex); } @@ -169,7 +174,8 @@ public DelegationTokenAuthenticatedURL( public DelegationTokenAuthenticatedURL( DelegationTokenAuthenticator authenticator, ConnectionConfigurator connConfigurator) { - super(obtainDelegationTokenAuthenticator(authenticator), connConfigurator); + super(obtainDelegationTokenAuthenticator(authenticator, connConfigurator), + connConfigurator); } /** diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java index 7f22941774..c614ee314c 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java @@ -95,6 +95,7 @@ public boolean requiresKerberosCredentials() { } private Authenticator authenticator; + private ConnectionConfigurator connConfigurator; public DelegationTokenAuthenticator(Authenticator authenticator) { this.authenticator = authenticator; @@ -103,6 +104,7 @@ public DelegationTokenAuthenticator(Authenticator authenticator) { @Override public void setConnectionConfigurator(ConnectionConfigurator configurator) { authenticator.setConnectionConfigurator(configurator); + connConfigurator = configurator; } private boolean hasDelegationToken(URL url, AuthenticatedURL.Token token) { @@ -215,7 +217,7 @@ private Map doDelegationTokenOperation(URL url, separator = "&"; } url = new URL(sb.toString()); - AuthenticatedURL aUrl = new AuthenticatedURL(this); + AuthenticatedURL aUrl = new AuthenticatedURL(this, connConfigurator); HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod(operation.getHttpMethod()); HttpExceptionUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java index afa2d2750f..ad2f500f74 100644 --- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java @@ -35,6 +35,7 @@ import org.apache.hadoop.security.authentication.client.AuthenticatedURL; import org.apache.hadoop.security.authorize.AuthorizationException; import org.apache.hadoop.security.ssl.KeyStoreTestUtil; +import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL; import org.junit.AfterClass; import org.junit.Assert; @@ -321,6 +322,10 @@ public Void run() throws Exception { KeyProvider kp = new KMSClientProvider(uri, conf); // getKeys() empty Assert.assertTrue(kp.getKeys().isEmpty()); + + Token[] tokens = ((KMSClientProvider)kp).addDelegationTokens("myuser", new Credentials()); + Assert.assertEquals(1, tokens.length); + Assert.assertEquals("kms-dt", tokens[0].getKind().toString()); } return null; }