hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maha...@apache.org
Subject svn commit: r1150294 - in /hadoop/common/branches/MR-279/common: ./ src/java/ src/java/org/apache/hadoop/fs/ src/java/org/apache/hadoop/ipc/ src/java/org/apache/hadoop/security/ src/java/org/apache/hadoop/security/authorize/ src/test/core/org/apache/ha...
Date Sun, 24 Jul 2011 08:11:51 GMT
Author: mahadev
Date: Sun Jul 24 08:11:42 2011
New Revision: 1150294

URL: http://svn.apache.org/viewvc?rev=1150294&view=rev
Log:
HADOOP-6929. Backport changes to MR-279 (mahadev and owen)

Modified:
    hadoop/common/branches/MR-279/common/build.xml
    hadoop/common/branches/MR-279/common/src/java/core-default.xml
    hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
    hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/ipc/Client.java
    hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java
    hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityInfo.java
    hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityUtil.java
    hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
    hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestAvroRpc.java
    hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java

Modified: hadoop/common/branches/MR-279/common/build.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/build.xml?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/build.xml (original)
+++ hadoop/common/branches/MR-279/common/build.xml Sun Jul 24 08:11:42 2011
@@ -454,6 +454,11 @@
     <property name="jar.properties.list" value="commons-logging.properties, log4j.properties,
hadoop-metrics.properties" />
     <jar jarfile="${build.dir}/${final.name}.jar"
          basedir="${build.classes}">
+      <service type="org.apache.hadoop.security.SecurityInfo">
+        <provider 
+           classname="org.apache.hadoop.security.AnnotatedSecurityInfo"/>
+      </service>
+
       <manifest>
         <section name="org/apache/hadoop">
           <attribute name="Implementation-Title" value="${ant.project.name}"/>

Modified: hadoop/common/branches/MR-279/common/src/java/core-default.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/java/core-default.xml?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/java/core-default.xml (original)
+++ hadoop/common/branches/MR-279/common/src/java/core-default.xml Sun Jul 24 08:11:42 2011
@@ -98,15 +98,6 @@
 </property>
 
 <property>
-  <name>hadoop.security.info.class.name</name>
-  <value>org.apache.hadoop.security.AnnotatedSecurityInfo</value>
-  <description>
-    Implementation of org.apache.hadoop.security.SecurityInfo interface to 
-    be used by RPC for a given protocol.
-  </description>
-</property>
-
-<property>
   <name>hadoop.rpc.protection</name>
   <value>authentication</value>
   <description>This field sets the quality of protection for secured sasl 

Modified: hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
(original)
+++ hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
Sun Jul 24 08:11:42 2011
@@ -216,8 +216,5 @@ public class CommonConfigurationKeysPubl
   /** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */
   public static final String  HADOOP_SECURITY_SERVICE_USER_NAME_KEY =
     "hadoop.security.service.user.name.key";
-  /** See <a href="{@docRoot}/../core-default.html">core-default.xml</a> */
-  public static final String  HADOOP_SECURITY_INFO_CLASS_NAME =
-    "hadoop.security.info.class.name";
 }
 

Modified: hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/ipc/Client.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/ipc/Client.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/ipc/Client.java (original)
+++ hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/ipc/Client.java Sun Jul
24 08:11:42 2011
@@ -58,10 +58,8 @@ import org.apache.hadoop.io.Writable;
 import org.apache.hadoop.io.WritableUtils;
 import org.apache.hadoop.io.DataOutputBuffer;
 import org.apache.hadoop.net.NetUtils;
-import org.apache.hadoop.security.AnnotatedSecurityInfo;
 import org.apache.hadoop.security.KerberosInfo;
 import org.apache.hadoop.security.SaslRpcClient;
-import org.apache.hadoop.security.SecurityInfo;
 import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
@@ -257,8 +255,7 @@ public class Client {
       this.useSasl = UserGroupInformation.isSecurityEnabled();
       LOG.debug("Protocol is " + protocol + " useSasl is " + useSasl);
       if (useSasl && protocol != null) {
-        TokenInfo tokenInfo = SecurityUtil.getSecurityInfo(
-            remoteId.conf).getTokenInfo(protocol);
+        TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol, remoteId.conf);
         if (tokenInfo != null) {
           TokenSelector<? extends TokenIdentifier> tokenSelector = null;
           try {
@@ -273,10 +270,7 @@ public class Client {
               .getHostAddress() + ":" + addr.getPort()), 
               ticket.getTokens());
         }
-        KerberosInfo krbInfo = SecurityUtil.getSecurityInfo(
-            remoteId.conf).getKerborosInfo(protocol);
-        LOG.debug("securityinfo class is " + SecurityUtil.getSecurityInfo(
-            remoteId.conf).getClass().getCanonicalName());
+        KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, remoteId.conf);
         LOG.debug("KerberosInfo object's class is " + krbInfo);
         if (krbInfo != null) {
           serverPrincipal = remoteId.getServerPrincipal();
@@ -1295,8 +1289,7 @@ public class Client {
       if (!UserGroupInformation.isSecurityEnabled() || protocol == null) {
         return null;
       }
-      KerberosInfo krbInfo = SecurityUtil.getSecurityInfo(
-          conf).getKerborosInfo(protocol);
+      KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
       if (krbInfo != null) {
         String serverKey = krbInfo.serverPrincipal();
         if (serverKey == null) {

Modified: hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java
(original)
+++ hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/AnnotatedSecurityInfo.java
Sun Jul 24 08:11:42 2011
@@ -18,6 +18,7 @@
 
 package org.apache.hadoop.security;
 
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.token.TokenInfo;
 
 /**
@@ -26,12 +27,12 @@ import org.apache.hadoop.security.token.
 public class AnnotatedSecurityInfo implements SecurityInfo {
 
   @Override
-  public KerberosInfo getKerborosInfo(Class<?> protocol) {
+  public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
     return protocol.getAnnotation(KerberosInfo.class);
   }
 
   @Override
-  public TokenInfo getTokenInfo(Class<?> protocol) {
+  public TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
     return protocol.getAnnotation(TokenInfo.class);
   }
 

Modified: hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityInfo.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityInfo.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityInfo.java
(original)
+++ hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityInfo.java
Sun Jul 24 08:11:42 2011
@@ -18,8 +18,13 @@
 
 package org.apache.hadoop.security;
 
+import org.apache.hadoop.classification.InterfaceAudience.LimitedPrivate;
+import org.apache.hadoop.classification.InterfaceStability.Evolving;
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.token.TokenInfo;
 
+@Evolving
+@LimitedPrivate({"MapReduce"})
 /**
  * Interface used by RPC to get the Security information for a given 
  * protocol.
@@ -29,15 +34,17 @@ public interface SecurityInfo {
   /**
    * Get the KerberosInfo for a given protocol.
    * @param protocol interface class
+   * @param conf configuration object
    * @return KerberosInfo
    */
-  KerberosInfo getKerborosInfo(Class<?> protocol);
+  KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf);
 
   /**
    * Get the TokenInfo for a given protocol.
    * @param protocol interface class
+   * @param conf configuration object
    * @return TokenInfo instance
    */
-  TokenInfo getTokenInfo(Class<?> protocol);
+  TokenInfo getTokenInfo(Class<?> protocol, Configuration conf);
 
 }

Modified: hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityUtil.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityUtil.java
(original)
+++ hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/SecurityUtil.java
Sun Jul 24 08:11:42 2011
@@ -22,6 +22,7 @@ import java.net.URI;
 import java.net.URL;
 import java.net.UnknownHostException;
 import java.security.AccessController;
+import java.util.ServiceLoader;
 import java.util.Set;
 
 import javax.security.auth.Subject;
@@ -33,8 +34,8 @@ import org.apache.commons.logging.LogFac
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
 import org.apache.hadoop.net.NetUtils;
+import org.apache.hadoop.security.token.TokenInfo;
 
 import sun.security.jgss.krb5.Krb5Util;
 import sun.security.krb5.Credentials;
@@ -283,26 +284,63 @@ public class SecurityUtil {
     return sb.toString();
   }
 
-  @SuppressWarnings("unchecked")
+  private static ServiceLoader<SecurityInfo> securityInfoProviders = 
+      ServiceLoader.load(SecurityInfo.class);
+  private static SecurityInfo[] testProviders = new SecurityInfo[0];
+
   /**
-   * Construct the SecurityInfo instance from the given conf for a 
-   * protocol.
-   * @param conf Configuration object with which the protocol is registered.
+   * Test setup method to register additional providers.
+   * @param providers a list of high priority providers to use
    */
-  public static SecurityInfo getSecurityInfo(Configuration conf)
-      throws IOException {
-    try {
-      Class<SecurityInfo> secInfoClass = (Class<SecurityInfo>) 
-      conf.getClass(
-        CommonConfigurationKeysPublic.HADOOP_SECURITY_INFO_CLASS_NAME, 
-        AnnotatedSecurityInfo.class);
-      SecurityInfo secInfo = secInfoClass.newInstance();
-      return secInfo;
-    } catch (Exception e) {
-      throw new IOException("Can't create the SecurityInfo instance", e);
+  @InterfaceAudience.Private
+  public static void setSecurityInfoProviders(SecurityInfo... providers) {
+    testProviders = providers;
+  }
+  
+  /**
+   * Look up the KerberosInfo for a given protocol. It searches all known
+   * SecurityInfo providers.
+   * @param protocol the protocol class to get the information for
+   * @return the KerberosInfo or null if it has no KerberosInfo defined
+   */
+  public static KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf)
{
+    for(SecurityInfo provider: testProviders) {
+      KerberosInfo result = provider.getKerberosInfo(protocol, conf);
+      if (result != null) {
+        return result;
+      }
+    }
+    for(SecurityInfo provider: securityInfoProviders) {
+      KerberosInfo result = provider.getKerberosInfo(protocol, conf);
+      if (result != null) {
+        return result;
+      }
     }
+    return null;
+  }
+ 
+  /**
+   * Look up the TokenInfo for a given protocol. It searches all known
+   * SecurityInfo providers.
+   * @param protocol The protocol class to get the information for.
+   * @param conf configuration object
+   * @return the TokenInfo or null if it has no KerberosInfo defined
+   */
+  public static TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
+    for(SecurityInfo provider: testProviders) {
+      TokenInfo result = provider.getTokenInfo(protocol, conf);
+      if (result != null) {
+        return result;
+      }      
+    }
+    for(SecurityInfo provider: securityInfoProviders) {
+      TokenInfo result = provider.getTokenInfo(protocol, conf);
+      if (result != null) {
+        return result;
+      }
+    } 
+    return null;
   }
-
   
   /**
    * Get the host name from the principal name of format <service>/host@realm.

Modified: hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
(original)
+++ hadoop/common/branches/MR-279/common/src/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
Sun Jul 24 08:11:42 2011
@@ -41,8 +41,6 @@ import org.apache.hadoop.security.UserGr
 @InterfaceStability.Evolving
 public class ServiceAuthorizationManager {
   private static final String HADOOP_POLICY_FILE = "hadoop-policy.xml";
-  private static final Log LOG = LogFactory
-  .getLog(ServiceAuthorizationManager.class);
 
   private Map<Class<?>, AccessControlList> protocolToAcl =
     new IdentityHashMap<Class<?>, AccessControlList>();
@@ -86,13 +84,7 @@ public class ServiceAuthorizationManager
     }
     
     // get client principal key to verify (if available)
-    KerberosInfo krbInfo;
-    try {
-      krbInfo = SecurityUtil.getSecurityInfo(
-          conf).getKerborosInfo(protocol);
-    } catch (IOException e1) {
-      throw new AuthorizationException(e1);
-    }
+    KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
     String clientPrincipal = null; 
     if (krbInfo != null) {
       String clientKey = krbInfo.clientPrincipal();

Modified: hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestAvroRpc.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestAvroRpc.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestAvroRpc.java
(original)
+++ hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestAvroRpc.java
Sun Jul 24 08:11:42 2011
@@ -40,6 +40,8 @@ import org.apache.hadoop.ipc.TestSaslRPC
 import org.apache.hadoop.ipc.TestSaslRPC.TestTokenSecretManager;
 import org.apache.hadoop.net.NetUtils;
 import org.apache.hadoop.security.SaslRpcServer;
+import org.apache.hadoop.security.SecurityInfo;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 
@@ -129,6 +131,7 @@ public class TestAvroRpc extends TestCas
       assertTrue(caught);
 
     } finally {
+      clearSecure();
       server.stop();
     }
   }
@@ -138,8 +141,13 @@ public class TestAvroRpc extends TestCas
     conf.set("hadoop.rpc.socket.factory.class.default", "");
     //Avro doesn't work with security annotations on protocol.
     //Avro works ONLY with custom security context
-    conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_INFO_CLASS_NAME,
-        CustomSecurityInfo.class.getName());
+    SecurityUtil.setSecurityInfoProviders(new SecurityInfo[] {
+        new CustomSecurityInfo()
+    });
+  }
+
+  private void clearSecure() {
+    SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
   }
 
   private void addToken(TestTokenSecretManager sm, 
@@ -191,6 +199,7 @@ public class TestAvroRpc extends TestCas
       assertEquals(3, intResult);
 
     } finally {
+      clearSecure();
       server.stop();
     }
   }

Modified: hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java?rev=1150294&r1=1150293&r2=1150294&view=diff
==============================================================================
--- hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java
(original)
+++ hadoop/common/branches/MR-279/common/src/test/core/org/apache/hadoop/ipc/TestSaslRPC.java
Sun Jul 24 08:11:42 2011
@@ -191,10 +191,10 @@ public class TestSaslRPC {
     }
   }
 
-  public static class CustomSecurityInfo implements SecurityInfo {
+  public static class CustomSecurityInfo  implements SecurityInfo {
 
     @Override
-    public KerberosInfo getKerborosInfo(Class<?> protocol) {
+    public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
       return new KerberosInfo() {
         @Override
         public Class<? extends Annotation> annotationType() {
@@ -212,7 +212,7 @@ public class TestSaslRPC {
     }
 
     @Override
-    public TokenInfo getTokenInfo(Class<?> protocol) {
+    public TokenInfo getTokenInfo(Class<?> protocol, Configuration conf) {
       return new TokenInfo() {
         @Override
         public Class<? extends TokenSelector<? extends 
@@ -233,19 +233,24 @@ public class TestSaslRPC {
     final Server server = RPC.getServer(TestSaslProtocol.class,
         new TestSaslImpl(), ADDRESS, 0, 5, true, conf, sm);
 
-    doDigestRpc(server, sm, conf);
+    doDigestRpc(server, sm);
   }
 
   @Test
   public void testDigestRpcWithoutAnnotation() throws Exception {
     TestTokenSecretManager sm = new TestTokenSecretManager();
     Configuration conf1 = new Configuration(conf);
-    conf1.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_INFO_CLASS_NAME,
-        CustomSecurityInfo.class.getName());
-    final Server server = RPC.getServer(TestSaslProtocol.class,
-        new TestSaslImpl(), ADDRESS, 0, 5, true, conf1, sm);
+    try {
+      SecurityUtil.setSecurityInfoProviders(new SecurityInfo[] {
+        new CustomSecurityInfo()
+      });
+      final Server server = RPC.getServer(TestSaslProtocol.class,
+          new TestSaslImpl(), ADDRESS, 0, 5, true, conf, sm);
 
-    doDigestRpc(server, sm, conf1);
+      doDigestRpc(server, sm);
+    } finally {
+      SecurityUtil.setSecurityInfoProviders(new SecurityInfo[0]);
+    }
   }
 
   @Test
@@ -254,7 +259,7 @@ public class TestSaslRPC {
         new TestSaslImpl(), ADDRESS, 0, 5, true, conf, null);
     server.disableSecurity();
     TestTokenSecretManager sm = new TestTokenSecretManager();
-    doDigestRpc(server, sm, conf);
+    doDigestRpc(server, sm);
   }
   
   @Test
@@ -265,7 +270,7 @@ public class TestSaslRPC {
 
     boolean succeeded = false;
     try {
-      doDigestRpc(server, sm, conf);
+      doDigestRpc(server, sm);
     } catch (RemoteException e) {
       LOG.info("LOGGING MESSAGE: " + e.getLocalizedMessage());
       assertTrue(ERROR_MESSAGE.equals(e.getLocalizedMessage()));
@@ -275,9 +280,8 @@ public class TestSaslRPC {
     assertTrue(succeeded);
   }
   
-  private void doDigestRpc(Server server, TestTokenSecretManager sm, 
-      Configuration config)
-      throws Exception {
+  private void doDigestRpc(Server server, TestTokenSecretManager sm
+                           ) throws Exception {
     server.start();
 
     final UserGroupInformation current = UserGroupInformation.getCurrentUser();
@@ -295,7 +299,7 @@ public class TestSaslRPC {
     TestSaslProtocol proxy = null;
     try {
       proxy = (TestSaslProtocol) RPC.getProxy(TestSaslProtocol.class,
-          TestSaslProtocol.versionID, addr, config);
+          TestSaslProtocol.versionID, addr, conf);
       //QOP must be auth
       Assert.assertEquals(SaslRpcServer.SASL_PROPS.get(Sasl.QOP), "auth");
       proxy.ping();



Mime
View raw message