HADOOP-6938. ConnectionId.getRemotePrincipal() should check if security is enabled. Contributed by Kan Zhang.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@992479 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Hairong Kuang 2010-09-03 21:24:29 +00:00
parent fa75e35f9e
commit becf8e919a
3 changed files with 47 additions and 4 deletions

View File

@ -232,6 +232,9 @@ Trunk (unreleased changes)
HADOOP-6907. Rpc client doesn't use the per-connection conf to figure
out server's Kerberos principal (Kan Zhang via hairong)
HADOOP-6938. ConnectionId.getRemotePrincipal() should check if security
is enabled. (Kan Zhang via hairong)
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES

View File

@ -87,7 +87,7 @@ public class Client {
private SocketFactory socketFactory; // how to create sockets
private int refCount = 1;
final private static String PING_INTERVAL_NAME = "ipc.ping.interval";
final static String PING_INTERVAL_NAME = "ipc.ping.interval";
final static int DEFAULT_PING_INTERVAL = 60000; // 1 min
final static int PING_CALL_ID = -1;
@ -1244,18 +1244,19 @@ static ConnectionId getConnectionId(InetSocketAddress addr,
Class<?> protocol, UserGroupInformation ticket, int rpcTimeout,
Configuration conf) throws IOException {
String remotePrincipal = getRemotePrincipal(conf, addr, protocol);
boolean doPing = conf.getBoolean("ipc.client.ping", true);
return new ConnectionId(addr, protocol, ticket,
rpcTimeout, remotePrincipal,
conf.getInt("ipc.client.connection.maxidletime", 10000), // 10s
conf.getInt("ipc.client.connect.max.retries", 10),
conf.getBoolean("ipc.client.tcpnodelay", false),
conf.getBoolean("ipc.client.ping", true),
Client.getPingInterval(conf));
doPing,
(doPing ? Client.getPingInterval(conf) : 0));
}
private static String getRemotePrincipal(Configuration conf,
InetSocketAddress address, Class<?> protocol) throws IOException {
if (protocol == null) {
if (!UserGroupInformation.isSecurityEnabled() || protocol == null) {
return null;
}
KerberosInfo krbInfo = protocol.getAnnotation(KerberosInfo.class);

View File

@ -254,6 +254,45 @@ private void doDigestRpc(Server server, TestTokenSecretManager sm)
}
}
@Test
public void testPingInterval() throws Exception {
Configuration newConf = new Configuration(conf);
newConf.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
conf.setInt(Client.PING_INTERVAL_NAME, Client.DEFAULT_PING_INTERVAL);
// set doPing to true
newConf.setBoolean("ipc.client.ping", true);
ConnectionId remoteId = ConnectionId.getConnectionId(
new InetSocketAddress(0), TestSaslProtocol.class, null, 0, newConf);
assertEquals(Client.DEFAULT_PING_INTERVAL, remoteId.getPingInterval());
// set doPing to false
newConf.setBoolean("ipc.client.ping", false);
remoteId = ConnectionId.getConnectionId(
new InetSocketAddress(0), TestSaslProtocol.class, null, 0, newConf);
assertEquals(0, remoteId.getPingInterval());
}
@Test
public void testGetRemotePrincipal() throws Exception {
try {
Configuration newConf = new Configuration(conf);
newConf.set(SERVER_PRINCIPAL_KEY, SERVER_PRINCIPAL_1);
ConnectionId remoteId = ConnectionId.getConnectionId(
new InetSocketAddress(0), TestSaslProtocol.class, null, 0, newConf);
assertEquals(SERVER_PRINCIPAL_1, remoteId.getServerPrincipal());
// this following test needs security to be off
newConf.set(HADOOP_SECURITY_AUTHENTICATION, "simple");
UserGroupInformation.setConfiguration(newConf);
remoteId = ConnectionId.getConnectionId(new InetSocketAddress(0),
TestSaslProtocol.class, null, 0, newConf);
assertEquals(
"serverPrincipal should be null when security is turned off", null,
remoteId.getServerPrincipal());
} finally {
// revert back to security is on
UserGroupInformation.setConfiguration(conf);
}
}
@Test
public void testPerConnectionConf() throws Exception {
TestTokenSecretManager sm = new TestTokenSecretManager();