HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due to fixes introduced by the IBM JDK compatibility patch. Contributed by Devaraj Das.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1333557 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
d948998777
commit
e3242b95b3
@ -26,7 +26,6 @@
|
|||||||
import javax.security.auth.login.LoginContext;
|
import javax.security.auth.login.LoginContext;
|
||||||
import javax.security.auth.login.LoginException;
|
import javax.security.auth.login.LoginException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.reflect.Field;
|
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.security.AccessControlContext;
|
import java.security.AccessControlContext;
|
||||||
@ -196,11 +195,10 @@ public Void run() throws Exception {
|
|||||||
try {
|
try {
|
||||||
GSSManager gssManager = GSSManager.getInstance();
|
GSSManager gssManager = GSSManager.getInstance();
|
||||||
String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
|
String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
|
||||||
|
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
|
||||||
GSSName serviceName = gssManager.createName(servicePrincipal,
|
GSSName serviceName = gssManager.createName(servicePrincipal,
|
||||||
GSSName.NT_HOSTBASED_SERVICE);
|
oid);
|
||||||
Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
|
oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
|
||||||
gssManager);
|
|
||||||
gssContext = gssManager.createContext(serviceName, oid, null,
|
gssContext = gssManager.createContext(serviceName, oid, null,
|
||||||
GSSContext.DEFAULT_LIFETIME);
|
GSSContext.DEFAULT_LIFETIME);
|
||||||
gssContext.requestCredDeleg(true);
|
gssContext.requestCredDeleg(true);
|
||||||
|
@ -22,7 +22,6 @@
|
|||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
|
||||||
import org.ietf.jgss.GSSException;
|
import org.ietf.jgss.GSSException;
|
||||||
import org.ietf.jgss.GSSManager;
|
|
||||||
import org.ietf.jgss.Oid;
|
import org.ietf.jgss.Oid;
|
||||||
|
|
||||||
public class KerberosUtil {
|
public class KerberosUtil {
|
||||||
@ -34,8 +33,7 @@ public static String getKrb5LoginModuleName() {
|
|||||||
: "com.sun.security.auth.module.Krb5LoginModule";
|
: "com.sun.security.auth.module.Krb5LoginModule";
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Oid getOidClassInstance(String servicePrincipal,
|
public static Oid getOidInstance(String oidName)
|
||||||
GSSManager gssManager)
|
|
||||||
throws ClassNotFoundException, GSSException, NoSuchFieldException,
|
throws ClassNotFoundException, GSSException, NoSuchFieldException,
|
||||||
IllegalAccessException {
|
IllegalAccessException {
|
||||||
Class<?> oidClass;
|
Class<?> oidClass;
|
||||||
@ -44,7 +42,7 @@ public static Oid getOidClassInstance(String servicePrincipal,
|
|||||||
} else {
|
} else {
|
||||||
oidClass = Class.forName("sun.security.jgss.GSSUtil");
|
oidClass = Class.forName("sun.security.jgss.GSSUtil");
|
||||||
}
|
}
|
||||||
Field oidField = oidClass.getDeclaredField("GSS_KRB5_MECH_OID");
|
Field oidField = oidClass.getDeclaredField(oidName);
|
||||||
return (Oid)oidField.get(oidClass);
|
return (Oid)oidField.get(oidClass);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -145,10 +145,10 @@ public String call() throws Exception {
|
|||||||
GSSContext gssContext = null;
|
GSSContext gssContext = null;
|
||||||
try {
|
try {
|
||||||
String servicePrincipal = KerberosTestUtils.getServerPrincipal();
|
String servicePrincipal = KerberosTestUtils.getServerPrincipal();
|
||||||
|
Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
|
||||||
GSSName serviceName = gssManager.createName(servicePrincipal,
|
GSSName serviceName = gssManager.createName(servicePrincipal,
|
||||||
GSSName.NT_HOSTBASED_SERVICE);
|
oid);
|
||||||
Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
|
oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
|
||||||
gssManager);
|
|
||||||
gssContext = gssManager.createContext(serviceName, oid, null,
|
gssContext = gssManager.createContext(serviceName, oid, null,
|
||||||
GSSContext.DEFAULT_LIFETIME);
|
GSSContext.DEFAULT_LIFETIME);
|
||||||
gssContext.requestCredDeleg(true);
|
gssContext.requestCredDeleg(true);
|
||||||
|
@ -409,6 +409,9 @@ Release 2.0.0 - UNRELEASED
|
|||||||
HADOOP-8342. HDFS command fails with exception following merge of
|
HADOOP-8342. HDFS command fails with exception following merge of
|
||||||
HADOOP-8325 (tucu)
|
HADOOP-8325 (tucu)
|
||||||
|
|
||||||
|
HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due
|
||||||
|
to fixes introduced by the IBM JDK compatibility patch. (ddas)
|
||||||
|
|
||||||
BREAKDOWN OF HADOOP-7454 SUBTASKS
|
BREAKDOWN OF HADOOP-7454 SUBTASKS
|
||||||
|
|
||||||
HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh)
|
HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh)
|
||||||
|
Loading…
Reference in New Issue
Block a user