hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ji...@apache.org
Subject svn commit: r1616296 - in /hadoop/common/branches/branch-1: CHANGES.txt src/core/org/apache/hadoop/http/HttpServer.java src/core/org/apache/hadoop/security/AuthenticationFilterInitializer.java
Date Wed, 06 Aug 2014 18:30:47 GMT
Author: jing9
Date: Wed Aug  6 18:30:47 2014
New Revision: 1616296

URL: http://svn.apache.org/r1616296
Log:
HDFS-6822. Namenode and datanode fails to replace _HOST to hostname for hadoop.http.authentication.kerberos.principal.
Contributed by Jing Zhao.

Modified:
    hadoop/common/branches/branch-1/CHANGES.txt
    hadoop/common/branches/branch-1/src/core/org/apache/hadoop/http/HttpServer.java
    hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/AuthenticationFilterInitializer.java

Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1616296&r1=1616295&r2=1616296&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Wed Aug  6 18:30:47 2014
@@ -236,6 +236,9 @@ Release 1.3.0 - unreleased
     MAPREDUCE-5968. Work directory is not deleted when downloadCacheObject 
     throws IOException. (Zhihai Xu va kasha)
 
+    HDFS-6822. Namenode and datanode fails to replace "_HOST" to hostname for
+    hadoop.http.authentication.kerberos.principal. (jing9)
+
 Release 1.2.2 - unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/http/HttpServer.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/http/HttpServer.java?rev=1616296&r1=1616295&r2=1616296&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/http/HttpServer.java (original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/http/HttpServer.java Wed Aug
 6 18:30:47 2014
@@ -93,6 +93,7 @@ public class HttpServer implements Filte
   static final String ADMINS_ACL = "admins.acl";
   public static final String SPNEGO_FILTER = "SpnegoFilter";
   public static final String KRB5_FILTER = "krb5Filter";
+  public static final String BIND_ADDRESS = "bind.address";
 
   private AccessControlList adminsAcl;
 
@@ -159,6 +160,7 @@ public class HttpServer implements Filte
     }
     
     webServer.addConnector(listener);
+    final String hostName = listener.getHost();
 
     QueuedThreadPool threadPool = new QueuedThreadPool();
     threadPool.setName("httpServerThreadPool");
@@ -186,6 +188,7 @@ public class HttpServer implements Filte
     final FilterInitializer[] initializers = getFilterInitializers(conf); 
     if (initializers != null) {
       for(FilterInitializer c : initializers) {
+        conf.set(BIND_ADDRESS, hostName);
         c.initFilter(this, conf);
       }
     }

Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/AuthenticationFilterInitializer.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/AuthenticationFilterInitializer.java?rev=1616296&r1=1616295&r2=1616296&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/AuthenticationFilterInitializer.java
(original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/AuthenticationFilterInitializer.java
Wed Aug  6 18:30:47 2014
@@ -17,17 +17,19 @@
  */
 package org.apache.hadoop.security;
 
-import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.http.FilterContainer;
-import org.apache.hadoop.http.FilterInitializer;
-
 import java.io.FileReader;
 import java.io.IOException;
 import java.io.Reader;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.http.FilterContainer;
+import org.apache.hadoop.http.FilterInitializer;
+import org.apache.hadoop.http.HttpServer;
+import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
+import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler;
+
 /**
  * Initializes Alfredo AuthenticationFilter which provides support for
  * Kerberos HTTP SPNEGO authentication.
@@ -91,6 +93,20 @@ public class AuthenticationFilterInitial
       throw new RuntimeException("Could not read HTTP signature secret file: " + signatureSecretFile);
     }
 
+    // Resolve _HOST into bind address
+    String bindAddress = conf.get(HttpServer.BIND_ADDRESS);
+    String principal = filterConfig
+        .get(KerberosAuthenticationHandler.PRINCIPAL);
+    if (principal != null) {
+      try {
+        principal = SecurityUtil.getServerPrincipal(principal, bindAddress);
+      } catch (IOException ex) {
+        throw new RuntimeException(
+            "Could not resolve Kerberos principal name: " + ex.toString(), ex);
+      }
+      filterConfig.put(KerberosAuthenticationHandler.PRINCIPAL, principal);
+    }
+
     container.addFilter("authentication",
                         AuthenticationFilter.class.getName(),
                         filterConfig);



Mime
View raw message