hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ga...@apache.org
Subject svn commit: r1422185 - in /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase: ipc/HBaseClient.java ipc/HBaseServer.java ipc/ProtobufRpcEngine.java security/User.java
Date Sat, 15 Dec 2012 04:06:37 GMT
Author: garyh
Date: Sat Dec 15 04:06:35 2012
New Revision: 1422185

URL: http://svn.apache.org/viewvc?rev=1422185&view=rev
Log:
HBASE-7357  Use hbase.security.authentication for HBaseClient / HBaseServer negotiation

Modified:
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseClient.java Sat
Dec 15 04:06:35 2012
@@ -349,7 +349,7 @@ public class HBaseClient {
 
       UserGroupInformation ticket = remoteId.getTicket().getUGI();
       Class<?> protocol = remoteId.getProtocol();
-      this.useSasl = UserGroupInformation.isSecurityEnabled();
+      this.useSasl = User.isHBaseSecurityEnabled(conf);
       if (useSasl && protocol != null) {
         TokenInfo tokenInfo = protocol.getAnnotation(TokenInfo.class);
         if (tokenInfo != null) {

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/HBaseServer.java Sat
Dec 15 04:06:35 2012
@@ -124,7 +124,7 @@ import org.cloudera.htrace.Trace;
 @InterfaceAudience.Private
 public abstract class HBaseServer implements RpcServer {
   private final boolean authorize;
-  private boolean isSecurityEnabled;
+  protected boolean isSecurityEnabled;
   /**
    * The first four bytes of Hadoop RPC connections
    */
@@ -1929,7 +1929,7 @@ public abstract class HBaseServer implem
     responder = new Responder();
     this.authorize =
         conf.getBoolean(HADOOP_SECURITY_AUTHORIZATION, false);
-    this.isSecurityEnabled = UserGroupInformation.isSecurityEnabled();
+    this.isSecurityEnabled = User.isHBaseSecurityEnabled(this.conf);
     if (isSecurityEnabled) {
       HBaseSaslRpcServer.init(conf);
     }

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java
(original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/ProtobufRpcEngine.java
Sat Dec 15 04:06:35 2012
@@ -264,7 +264,7 @@ class ProtobufRpcEngine implements RpcEn
         new ConcurrentHashMap<String, Method>();
 
     private AuthenticationTokenSecretManager createSecretManager(){
-      if (!User.isSecurityEnabled() ||
+      if (!isSecurityEnabled ||
           !(instance instanceof org.apache.hadoop.hbase.Server)) {
         return null;
       }

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java?rev=1422185&r1=1422184&r2=1422185&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/User.java Sat
Dec 15 04:06:35 2012
@@ -23,6 +23,7 @@ import org.apache.commons.logging.LogFac
 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.fs.CommonConfigurationKeys;
 import org.apache.hadoop.hbase.util.Methods;
 import org.apache.hadoop.mapred.JobConf;
 import org.apache.hadoop.mapreduce.Job;
@@ -184,12 +185,15 @@ public abstract class User {
   }
 
   /**
-   * Returns whether or not secure authentication is enabled for HBase
-   * (whether <code>hbase.security.authentication</code> is set to
-   * <code>kerberos</code>.
+   * Returns whether or not secure authentication is enabled for HBase.  Note that
+   * HBase security requires HDFS security to provide any guarantees, so this requires that
+   * both <code>hbase.security.authentication</code> and <code>hadoop.security.authentication</code>
+   * are set to <code>kerberos</code>.
    */
   public static boolean isHBaseSecurityEnabled(Configuration conf) {
-    return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY));
+    return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
+        "kerberos".equalsIgnoreCase(
+            conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
   }
 
   /* Concrete implementations */



Mime
View raw message