hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9926) Authentication specific login implementation in separate class from UGI
Date Fri, 13 Sep 2013 01:12:57 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9926?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13766126#comment-13766126
] 

Kai Zheng commented on HADOOP-9926:
-----------------------------------

The related codes in the patch regarding how JAAS login configuration is managed and loaded
for specific authentication method:
{code}
+public class HadoopLoginManager {
+  
+  public static final String SIMPLE_CONFIG_NAME = "hadoop-simple";
+  public static final String KEYTAB_KERBEROS_CONFIG_NAME = 
+    "hadoop-keytab-kerberos";
+  public static final String USER_KERBEROS_CONFIG_NAME = 
+      "hadoop-user-kerberos";
+  public static final String TICKETCACHE_KERBEROS_CONFIG_NAME = 
+      "hadoop-ticketcache-kerberos";
+  private static Map<String, HadoopLoginFactory> configurations = 
+      new HashMap<String, HadoopLoginFactory>();
+  
+  static {
+    registerLoginFactory(
+        new HadoopLoginFactory(SIMPLE_CONFIG_NAME) {
+          @Override
+          public HadoopLoginConfiguration createLoginConf() {
+            return HadoopLoginManager.createLoginConf(getConfName(), 
+                new OSSpecificLoginEntry(), new HadoopLoginEntry());
+          }
+
+          @Override
+          public HadoopLogin createHadoopLogin() {
+            return new SimpleAuthnLogin(getConfName());
+          }      
+    });
+    
+    registerLoginFactory(
+        new HadoopLoginFactory(KEYTAB_KERBEROS_CONFIG_NAME) {
+          @Override
+          public HadoopLoginConfiguration createLoginConf() {
+            return HadoopLoginManager.createLoginConf(getConfName(), 
+                new OSSpecificLoginEntry(), new KeytabKerberosLoginEntry(), new HadoopLoginEntry());
+          }
+          
+          @Override
+          public HadoopLogin createHadoopLogin() {
+            return new KeytabKerberosLogin(getConfName());
+          }
+    });
...
+  }
...

+  /**
+   * Get and return new login with fresh configuration
+   */
+  public static HadoopLogin createHadoopLogin(String confName) {
+    if (!configurations.containsKey(confName)) {
+      return null;
+    }
+    
+    HadoopLoginFactory factory = configurations.get(confName);
+    HadoopLogin login = factory.createHadoopLogin();
+    
+    return login;
+  }

...

{code}
                
> Authentication specific login implementation in separate class from UGI
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-9926
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9926
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>         Attachments: HADOOP-9926.patch
>
>
> As discussed in HADOOP-9797, we would improve UGI class in incremental patches. This
issue covers the following in the patch that will be attached for this issue:
>  
> * HadoopLogin is an interface, and AbstractHadoopLogin is the abstract implementation
for it, to define the API and common implementation for various login mechanisms, not just
for JAAS based. 
> * Login implementation details, are removed from UGI and wrapped in concrete HadoopLogin
implementations like SimpleAuthnLogin, UserKerberosLogin and KeytabKerberosLogin, which will
be simply employed by appropriate UGI login related methods to do the login work. 
> * The login result can be returned via getSubject() for now from the HadoopLogin interface,
and UGI can call it to get the result. The result is then wrapped in a UGI object.
> * For Kerberos part, we might cover it in another JIRA since the change is big.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message