HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due to fixes introduced by the IBM JDK compatibility patch. Contributed by Devaraj Das.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1333557 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Devaraj Das 2012-05-03 17:16:44 +00:00
parent d948998777
commit e3242b95b3
4 changed files with 11 additions and 12 deletions

View File

@ -26,7 +26,6 @@
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException; import javax.security.auth.login.LoginException;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.Field;
import java.net.HttpURLConnection; import java.net.HttpURLConnection;
import java.net.URL; import java.net.URL;
import java.security.AccessControlContext; import java.security.AccessControlContext;
@ -196,11 +195,10 @@ public Void run() throws Exception {
try { try {
GSSManager gssManager = GSSManager.getInstance(); GSSManager gssManager = GSSManager.getInstance();
String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost(); String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.createName(servicePrincipal, GSSName serviceName = gssManager.createName(servicePrincipal,
GSSName.NT_HOSTBASED_SERVICE); oid);
Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
gssManager);
gssContext = gssManager.createContext(serviceName, oid, null, gssContext = gssManager.createContext(serviceName, oid, null,
GSSContext.DEFAULT_LIFETIME); GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true); gssContext.requestCredDeleg(true);

View File

@ -22,7 +22,6 @@
import java.lang.reflect.Method; import java.lang.reflect.Method;
import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid; import org.ietf.jgss.Oid;
public class KerberosUtil { public class KerberosUtil {
@ -34,8 +33,7 @@ public static String getKrb5LoginModuleName() {
: "com.sun.security.auth.module.Krb5LoginModule"; : "com.sun.security.auth.module.Krb5LoginModule";
} }
public static Oid getOidClassInstance(String servicePrincipal, public static Oid getOidInstance(String oidName)
GSSManager gssManager)
throws ClassNotFoundException, GSSException, NoSuchFieldException, throws ClassNotFoundException, GSSException, NoSuchFieldException,
IllegalAccessException { IllegalAccessException {
Class<?> oidClass; Class<?> oidClass;
@ -44,7 +42,7 @@ public static Oid getOidClassInstance(String servicePrincipal,
} else { } else {
oidClass = Class.forName("sun.security.jgss.GSSUtil"); oidClass = Class.forName("sun.security.jgss.GSSUtil");
} }
Field oidField = oidClass.getDeclaredField("GSS_KRB5_MECH_OID"); Field oidField = oidClass.getDeclaredField(oidName);
return (Oid)oidField.get(oidClass); return (Oid)oidField.get(oidClass);
} }

View File

@ -145,10 +145,10 @@ public String call() throws Exception {
GSSContext gssContext = null; GSSContext gssContext = null;
try { try {
String servicePrincipal = KerberosTestUtils.getServerPrincipal(); String servicePrincipal = KerberosTestUtils.getServerPrincipal();
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.createName(servicePrincipal, GSSName serviceName = gssManager.createName(servicePrincipal,
GSSName.NT_HOSTBASED_SERVICE); oid);
Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
gssManager);
gssContext = gssManager.createContext(serviceName, oid, null, gssContext = gssManager.createContext(serviceName, oid, null,
GSSContext.DEFAULT_LIFETIME); GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true); gssContext.requestCredDeleg(true);

View File

@ -409,6 +409,9 @@ Release 2.0.0 - UNRELEASED
HADOOP-8342. HDFS command fails with exception following merge of HADOOP-8342. HDFS command fails with exception following merge of
HADOOP-8325 (tucu) HADOOP-8325 (tucu)
HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due
to fixes introduced by the IBM JDK compatibility patch. (ddas)
BREAKDOWN OF HADOOP-7454 SUBTASKS BREAKDOWN OF HADOOP-7454 SUBTASKS
HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh) HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh)