Return-Path: 
 <commits-return-14155-apmail-accumulo-commits-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-commits-archive@www.apache.org
Delivered-To: apmail-accumulo-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8CBEE10B52
	for <apmail-accumulo-commits-archive@www.apache.org>;
 Mon, 22 Dec 2014 19:17:46 +0000 (UTC)
Received: (qmail 43437 invoked by uid 500); 22 Dec 2014 19:17:46 -0000
Delivered-To: apmail-accumulo-commits-archive@accumulo.apache.org
Received: (qmail 43330 invoked by uid 500); 22 Dec 2014 19:17:46 -0000
Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@accumulo.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@accumulo.apache.org>
List-Post: <mailto:commits@accumulo.apache.org>
List-Id: <commits.accumulo.apache.org>
Reply-To: dev@accumulo.apache.org
Delivered-To: mailing list commits@accumulo.apache.org
Received: (qmail 43313 invoked by uid 99); 22 Dec 2014 19:17:46 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Dec 2014 19:17:46 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 3133DA33395; Mon, 22 Dec 2014 19:17:46 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: elserj@apache.org
To: commits@accumulo.apache.org
Date: Mon, 22 Dec 2014 19:17:47 -0000
Message-Id: <3a3e29116cb84884b6369ca8e52236e6@git.apache.org>
In-Reply-To: <b85485a601af4dfdbbde96c0e09481d3@git.apache.org>
References: <b85485a601af4dfdbbde96c0e09481d3@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [3/9] accumulo git commit: ACCUMULO-3445 ACCUMULO-3446 Throw an RTE
 on keytab login failure

ACCUMULO-3445 ACCUMULO-3446 Throw an RTE on keytab login failure

Also relocates this class into "server code" as it makes
no sense to be located in the client package. Clients will
just need an active ticket, it's of no concern to us how they
get that ticket.


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/37ed176f
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/37ed176f
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/37ed176f

Branch: refs/heads/master
Commit: 37ed176f7169058a5442f0f786951970200ff286
Parents: 0398fa7
Author: Josh Elser <elserj@apache.org>
Authored: Mon Dec 22 13:36:49 2014 -0500
Committer: Josh Elser <elserj@apache.org>
Committed: Mon Dec 22 13:40:25 2014 -0500

----------------------------------------------------------------------
 .../accumulo/core/security/SecurityUtil.java    | 88 -------------------
 .../accumulo/server/security/SecurityUtil.java  | 91 ++++++++++++++++++++
 2 files changed, 91 insertions(+), 88 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/37ed176f/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java b/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
deleted file mode 100644
index 65cb7ed..0000000
--- a/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.accumulo.core.security;
-
-import java.io.IOException;
-import java.net.InetAddress;
-
-import org.apache.accumulo.core.conf.AccumuloConfiguration;
-import org.apache.accumulo.core.conf.Property;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.log4j.Logger;
-
-/**
- * 
- */
-public class SecurityUtil {
-  private static final Logger log = Logger.getLogger(SecurityUtil.class);
-  private static final String ACCUMULO_HOME = "ACCUMULO_HOME", ACCUMULO_CONF_DIR = "ACCUMULO_CONF_DIR";
-  public static boolean usingKerberos = false;
-
-  /**
-   * This method is for logging a server in kerberos. If this is used in client code, it will fail unless run as the accumulo keytab's owner. Instead, use
-   * {@link #login(String, String)}
-   */
-  public static void serverLogin() {
-    @SuppressWarnings("deprecation")
-    AccumuloConfiguration acuConf = AccumuloConfiguration.getSiteConfiguration();
-    String keyTab = acuConf.get(Property.GENERAL_KERBEROS_KEYTAB);
-    if (keyTab == null || keyTab.length() == 0)
-      return;
-    
-    usingKerberos = true;
-    if (keyTab.contains("$" + ACCUMULO_HOME) && System.getenv(ACCUMULO_HOME) != null)
-      keyTab = keyTab.replace("$" + ACCUMULO_HOME, System.getenv(ACCUMULO_HOME));
-    
-    if (keyTab.contains("$" + ACCUMULO_CONF_DIR) && System.getenv(ACCUMULO_CONF_DIR) != null)
-      keyTab = keyTab.replace("$" + ACCUMULO_CONF_DIR, System.getenv(ACCUMULO_CONF_DIR));
-    
-    String principalConfig = acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
-    if (principalConfig == null || principalConfig.length() == 0)
-      return;
-    
-    if (login(principalConfig, keyTab)) {
-      try {
-        // This spawns a thread to periodically renew the logged in (accumulo) user
-        UserGroupInformation.getLoginUser();
-      } catch (IOException io) {
-        log.error("Error starting up renewal thread. This shouldn't be happenining.", io);
-      }
-    }
-  }
-  
-  /**
-   * This will log in the given user in kerberos.
-   * 
-   * @param principalConfig
-   *          This is the principals name in the format NAME/HOST@REALM. {@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will automatically be
-   *          replaced by the systems host name.
-   * @return true if login succeeded, otherwise false
-   */
-  public static boolean login(String principalConfig, String keyTabPath) {
-    try {
-      String principalName = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(principalConfig, InetAddress.getLocalHost().getCanonicalHostName());
-      if (keyTabPath != null && principalName != null && keyTabPath.length() != 0 && principalName.length() != 0) {
-        UserGroupInformation.loginUserFromKeytab(principalName, keyTabPath);
-        log.info("Succesfully logged in as user " + principalConfig);
-        return true;
-      }
-    } catch (IOException io) {
-      log.error("Error logging in user " + principalConfig + " using keytab at " + keyTabPath, io);
-    }
-    return false;
-  }
-}

http://git-wip-us.apache.org/repos/asf/accumulo/blob/37ed176f/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java b/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java
new file mode 100644
index 0000000..88e70cd
--- /dev/null
+++ b/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.core.security;
+
+import java.io.IOException;
+import java.net.InetAddress;
+
+import org.apache.accumulo.core.conf.AccumuloConfiguration;
+import org.apache.accumulo.core.conf.Property;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.Logger;
+
+/**
+ * 
+ */
+public class SecurityUtil {
+  private static final Logger log = Logger.getLogger(SecurityUtil.class);
+  private static final String ACCUMULO_HOME = "ACCUMULO_HOME", ACCUMULO_CONF_DIR = "ACCUMULO_CONF_DIR";
+  public static boolean usingKerberos = false;
+
+  /**
+   * This method is for logging a server in kerberos. If this is used in client code, it will fail unless run as the accumulo keytab's owner. Instead, use
+   * {@link #login(String, String)}
+   */
+  public static void serverLogin() {
+    @SuppressWarnings("deprecation")
+    AccumuloConfiguration acuConf = AccumuloConfiguration.getSiteConfiguration();
+    String keyTab = acuConf.get(Property.GENERAL_KERBEROS_KEYTAB);
+    if (keyTab == null || keyTab.length() == 0)
+      return;
+    
+    usingKerberos = true;
+    if (keyTab.contains("$" + ACCUMULO_HOME) && System.getenv(ACCUMULO_HOME) != null)
+      keyTab = keyTab.replace("$" + ACCUMULO_HOME, System.getenv(ACCUMULO_HOME));
+    
+    if (keyTab.contains("$" + ACCUMULO_CONF_DIR) && System.getenv(ACCUMULO_CONF_DIR) != null)
+      keyTab = keyTab.replace("$" + ACCUMULO_CONF_DIR, System.getenv(ACCUMULO_CONF_DIR));
+    
+    String principalConfig = acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
+    if (principalConfig == null || principalConfig.length() == 0)
+      return;
+    
+    if (login(principalConfig, keyTab)) {
+      try {
+        // This spawns a thread to periodically renew the logged in (accumulo) user
+        UserGroupInformation.getLoginUser();
+        return;
+      } catch (IOException io) {
+        log.error("Error starting up renewal thread. This shouldn't be happenining.", io);
+      }
+    }
+
+    throw new RuntimeException("Failed to perform Kerberos login for " + principalConfig + " using  " + keyTab);
+  }
+  
+  /**
+   * This will log in the given user in kerberos.
+   * 
+   * @param principalConfig
+   *          This is the principals name in the format NAME/HOST@REALM. {@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will automatically be
+   *          replaced by the systems host name.
+   * @return true if login succeeded, otherwise false
+   */
+  public static boolean login(String principalConfig, String keyTabPath) {
+    try {
+      String principalName = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(principalConfig, InetAddress.getLocalHost().getCanonicalHostName());
+      if (keyTabPath != null && principalName != null && keyTabPath.length() != 0 && principalName.length() != 0) {
+        UserGroupInformation.loginUserFromKeytab(principalName, keyTabPath);
+        log.info("Succesfully logged in as user " + principalConfig);
+        return true;
+      }
+    } catch (IOException io) {
+      log.error("Error logging in user " + principalConfig + " using keytab at " + keyTabPath, io);
+    }
+    return false;
+  }
+}