hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-7853) multiple javax security configurations cause conflicts
Date Wed, 30 Nov 2011 01:41:40 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13159736#comment-13159736
] 

Alejandro Abdelnur commented on HADOOP-7853:
--------------------------------------------

and the *setupMockJassParent()* method should do something like:

{code}
  private static void setupMockJaasParent() {
    javax.security.auth.login.Configuration existing = null;
    try {
      existing =javax.security.auth.login.Configuration.getConfiguration();
      assertFalse("setupMockJaasParent should run before the Hadoop " +
                  "configuration provider is installed.",
                  existing.getClass().getCanonicalName()
                  .startsWith("org.apache.hadoop") && ! existing.getClass().getCanonicalName()
                  .endsWith("DummyLoginConfiguration"));
    } catch (SecurityException se) {
      // We get this if no configuration has been set. So it's OK.
    }

    mockJaasConf = mock(javax.security.auth.login.Configuration.class);
    Mockito.doReturn(new AppConfigurationEntry[] {})
      .when(mockJaasConf)
      .getAppConfigurationEntry("foobar-app");
    javax.security.auth.login.Configuration.setConfiguration(mockJaasConf);
  }
{code}

Although, I'd question the need for the *testDelegateJaasConfiguration()* method. And If you
agree, then all this mock thingy goes.
                
> multiple javax security configurations cause conflicts
> ------------------------------------------------------
>
>                 Key: HADOOP-7853
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7853
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.23.0, 0.24.0, 0.23.1, 1.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>             Fix For: 1.0.0
>
>         Attachments: HADOOP-7853-1.patch, HADOOP-7853-1.patch, HADOOP-7853-testfix-branch-1.0.0.patch,
HADOOP-7853-trunk.patch, HADOOP-7853.patch
>
>
> Both UGI and the SPNEGO KerberosAuthenticator set the global javax security configuration.
 SPNEGO stomps on UGI's security config which leads to kerberos/SASL authentication errors.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message