Commit Graph

153 Commits

Author SHA1 Message Date
Tamas Domok
798a0837c1
YARN-10814. Fallback to RandomSecretProvider if the secret file is empty (#3206)
The rest endpoint would be unusable with an empty secret file
(throwing IllegalArgumentExceptions).

Any IO error would have resulted in the same fallback path.

Co-authored-by: Tamas Domok <tdomok@cloudera.com>
2021-07-30 12:16:46 +02:00
Ayush Saxena
7f93349ee7 HADOOP-17644. Add back the exceptions removed by HADOOP-17432 for compatibility. Contributed by Quan Li. 2021-05-09 03:40:08 +05:30
Wei-Chiu Chuang
dac60b8282
HADOOP-17621. hadoop-auth to remove jetty-server dependency. (#2865)
Reviewed-by: Akira Ajisaka <aajisaka@apache.org>
2021-04-06 21:55:01 -07:00
Renukaprasad C
924fa87010
HADOOP-17510. Hadoop prints sensitive Cookie information. (#2673) 2021-02-24 01:29:25 -08:00
Akira Ajisaka
52217fce3d
HADOOP-17432. [JDK 16] KerberosUtil#getOidInstance is broken by JEP 396 (#2546)
Reviewed-by: Steve Loughran <stevel@apache.org>
2021-02-05 16:14:10 +09:00
Wei-Chiu Chuang
66ee0a6df0
HADOOP-17371. Bump Jetty to the latest version 9.4.34. Contributed by Wei-Chiu Chuang. (#2453) 2021-01-04 09:43:58 -08:00
Attila Magyar
db73e994ed HADOOP-16881. KerberosAuthentication does not disconnect HttpURLConnection leading to CLOSE_WAIT cnxns. Contributed by Attila Magyar.
Signed-off-by: Wei-Chiu Chuang <weichiu@apache.org>
2020-12-03 12:05:20 -08:00
Ayush Saxena
1e3a6efcef
HADOOP-17288. Use shaded guava from thirdparty. (#2342). Contributed by Ayush Saxena. 2020-10-17 12:01:18 +05:30
Ayush Saxena
23787e4bdd HDFS-15136. LOG flooding in secure mode when Cookies are not set in request header. Contributed by Renukaprasad C 2020-02-08 01:17:59 +05:30
Mate Szalay-Beko
6d92aa7c30 HADOOP-16579. Upgrade to Curator 4.2.0 and ZooKeeper 3.5.5 (#1656). Contributed by Norbert Kalmár, Mate Szalay-Beko
* HADOOP-16579 - Upgrade to Apache Curator 4.2.0 and ZooKeeper 3.5.5

- Add a static initializer for the unit tests using ZooKeeper to enable
the four-letter-words diagnostic telnet commands. (this is an interface
that become disabled by default, so to keep the ZooKeeper 3.4.x behavior
we enabled it for the tests)
- Also fix ZKFailoverController to look for relevant fail-over ActiveAttempt
records. The new ZooKeeper seems to respond quicker during the fail-over
tests than the ZooKeeper, so we made sure to catch all the relevant records
by adding a new parameter to ZKFailoverontroller.waitForActiveAttempt().

Co-authored-by: Norbert Kalmár <nkalmar@cloudera.com>
2019-10-18 13:26:20 -07:00
Malcolm Taylor
56248f9d87
HADOOP-16556. Fix some alerts raised by LGTM.
Contributed by Malcolm Taylor.

Change-Id: Ic60c3f4681dd9d48b3afcba7520bd1e4d3cc4231
2019-09-19 16:00:05 +01:00
Akira Ajisaka
55cc115878 HADOOP-16527. Add a whitelist of endpoints to skip Kerberos authentication (#1336) Contributed by Akira Ajisaka. 2019-08-28 14:28:41 +09:00
Wei-Chiu Chuang
e20b19543b HADOOP-15681. AuthenticationFilter should generate valid date format for Set-Cookie header regardless of default Locale. Contributed by Cao Manh Dat. 2019-08-01 17:35:31 -07:00
Don Jeba
204a977f55
HADOOP-15910. Fix Javadoc for LdapAuthenticationHandler#ENABLE_START_TLS
Contributed by Don Jeba.

Change-Id: I2755bfb1263fc659078a1af8f0bdfd739fd1ae40
2019-07-30 12:39:48 +01:00
Wei-Chiu Chuang
f1c239c6a4 HADOOP-9157. Better option for curl in hadoop-auth-examples. Contributed by Andras Bokor. 2019-06-17 21:51:33 -07:00
Akira Ajisaka
0d47d283a6
HADOOP-10848. Cleanup calling of sun.security.krb5.Config. 2019-04-08 10:02:34 +09:00
Xiaoyu Yao
ca4e46a05e HDDS-1075. Fix CertificateUtil#parseRSAPublicKey charsetName. Contributed by Siddharth Wagle. 2019-02-11 12:09:14 -08:00
Akira Ajisaka
1129288cf5
HADOOP-14178. Move Mockito up to version 2.23.4. Contributed by Akira Ajisaka and Masatake Iwasaki. 2019-01-29 18:29:56 -08:00
Xiaoyu Yao
ff61931f91 HDDS-6. Enable SCM kerberos auth. Contributed by Ajay Kumar. 2019-01-15 22:16:58 -07:00
Eric Yang
d43af8b3db HADOOP-15996. Improved Kerberos username mapping strategy in Hadoop.
Contributed by Bolke de Bruin
2019-01-04 17:54:15 -05:00
Bharat Viswanadham
2499435d9d HADOOP-16014. Fix test, checkstyle and javadoc issues in TestKerberosAuthenticationHandler. Contributed by Dinesh Chitlangia. 2018-12-21 13:30:48 -08:00
Steve Loughran
d0edd37269
HADOOP-15959. Revert "HADOOP-12751. While using kerberos Hadoop incorrectly assumes names with '@' to be non-simple"
This reverts commit 829a2e4d27.
2018-11-29 17:52:11 +00:00
Steve Loughran
b738cb148c
HADOOP-15854. AuthToken Use StringBuilder instead of StringBuffer.
Contributed by Beluga Behr.
2018-10-17 10:29:09 +01:00
Arpit Agarwal
b0d3c877e3 HADOOP-12897. KerberosAuthenticator.authenticate to include URL on IO failures. Contributed by Ajay Kumar. 2018-02-20 18:18:58 -08:00
Robert Kanter
324e5a7cf2 HADOOP-15235. Authentication Tokens should use HMAC instead of MAC (rkanter) 2018-02-20 17:24:37 -08:00
Xiao Chen
1f20f432d2 Revert "HADOOP-12897. KerberosAuthenticator.authenticate to include URL on IO failures. Contributed by Ajay Kumar."
This reverts commit 332269de06.
2018-02-14 10:25:05 -08:00
Arpit Agarwal
332269de06 HADOOP-12897. KerberosAuthenticator.authenticate to include URL on IO failures. Contributed by Ajay Kumar. 2018-02-13 10:14:16 -08:00
Xiao Chen
09dd709d6e HADOOP-15197. Remove tomcat from the Hadoop-auth test bundle. 2018-02-01 15:33:52 -08:00
Ray Chiang
556812c179 HADOOP-14799. Update nimbus-jose-jwt to 4.41.1. (rchiang) 2017-09-12 10:19:34 -07:00
Jason Lowe
c379310212 HADOOP-14687. AuthenticatedURL will reuse bad/expired session cookies. Contributed by Daryn Sharp 2017-08-22 16:50:01 -05:00
Daniel Templeton
c21c260392 HADOOP-14666. Tests use assertTrue(....equals(...)) instead of assertEquals() 2017-07-19 13:58:55 -07:00
Akira Ajisaka
092ebdf885
HADOOP-12940. Fix warnings from Spotbugs in hadoop-common. 2017-06-23 10:28:58 +09:00
Daryn Sharp
e806c6e0ce HADOOP-14146. KerberosAuthenticationHandler should authenticate with SPN in AP-REQ. Contributed by Daryn Sharp 2017-06-21 11:03:41 -05:00
Daniel Templeton
86368cc766 HADOOP-14310. RolloverSignerSecretProvider.LOG should be @VisibleForTesting
(Contributed by Arun Shanmugam Kumar via Daniel Templeton)
2017-06-12 09:42:16 -07:00
Xiao Chen
0202480742 HADOOP-13174. Add more debug logs for delegation tokens and authentication. 2017-06-08 21:34:15 -07:00
Sunil G
b6f66b0da1 YARN-6584. Correct license headers in hadoop-common, hdfs, yarn and mapreduce. Contributed by Yeliang Cang. 2017-05-22 14:10:06 +05:30
Daniel Templeton
4dd6206547 HADOOP-14246. Authentication Tokens should use SecureRandom instead of Random and 256 bit secrets
(Conttributed by Robert Konter via Daniel Templeton)
2017-04-12 11:17:31 -07:00
Xiao Chen
5d182949ba HADOOP-13597. Switch KMS from Tomcat to Jetty. Contributed by John Zhuge. 2017-01-05 17:21:57 -08:00
Xiaoyu Yao
f5e0bd30fd HADOOP-13890. Maintain HTTP/host as SPNEGO SPN support and fix KerberosName parsing. Contributed by Xiaoyu Yao. 2016-12-14 13:45:21 -08:00
Xiaoyu Yao
4c38f11cec HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao. 2016-12-09 21:27:04 -08:00
Andrew Wang
7b988e8899 HADOOP-13861. Spelling errors in logging and exceptions for code. Contributed by Grant Sohn. 2016-12-05 23:18:18 -08:00
Xiaoyu Yao
95665a6eea Revert "HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao."
This reverts commit 9097e2efe4.
2016-11-04 16:02:47 -07:00
Robert Kanter
5877f20f9c HADOOP-10075. Update jetty dependency to version 9 (rkanter) 2016-10-27 16:09:00 -07:00
Benoy Antony
4bca385241 HADOOP-12082 Support multiple authentication schemes via AuthenticationFilter 2016-10-18 18:32:01 -07:00
Akira Ajisaka
5a5a724731 HADOOP-13417. Fix javac and checkstyle warnings in hadoop-auth package. 2016-10-14 14:45:55 +09:00
Xiaoyu Yao
9097e2efe4 HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao. 2016-10-13 10:52:28 -07:00
Robert Kanter
c183b9de8d HADOOP-12611. TestZKSignerSecretProvider#testMultipleInit occasionally fail (ebadger via rkanter) 2016-10-07 09:33:31 -07:00
Wei-Chiu Chuang
f6f3a447bf HADOOP-13580. If user is unauthorized, log "unauthorized" instead of "Invalid signed text:". Contributed by Wei-Chiu Chuang. 2016-09-16 14:53:30 -07:00
Chris Nauroth
255ea45e50 HADOOP-13422. ZKDelegationTokenSecretManager JaasConfig does not work well with other ZK users in process. Contributed by Sergey Shelukhin. 2016-07-26 15:33:20 -07:00
Allen Wittenauer
be38e530bb HADOOP-9888. KerberosName static initialization gets default realm, which is unneeded in non-secure deployment. (Dmytro Kabakchei via aw) 2016-06-28 07:22:51 -07:00