hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ga...@apache.org
Subject svn commit: r1494869 - in /hbase/branches/0.95: hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/ hbase-client/src/main/java/org/apache/hadoop/hbase/security/ hbase-common/src/main/resources/ hbase-server/src/test/resources/
Date Thu, 20 Jun 2013 06:39:54 GMT
Author: garyh
Date: Thu Jun 20 06:39:54 2013
New Revision: 1494869

URL: http://svn.apache.org/r1494869
Log:
Fix up RPC handling

Modified:
    hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcClient.java
    hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
    hbase/branches/0.95/hbase-common/src/main/resources/hbase-default.xml
    hbase/branches/0.95/hbase-server/src/test/resources/hbase-site.xml

Modified: hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcClient.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcClient.java?rev=1494869&r1=1494868&r2=1494869&view=diff
==============================================================================
--- hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcClient.java
(original)
+++ hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/RpcClient.java
Thu Jun 20 06:39:54 2013
@@ -126,6 +126,8 @@ public class RpcClient {
   protected final SocketFactory socketFactory;           // how to create sockets
   protected String clusterId;
 
+  private final boolean fallbackAllowed;
+
   final private static String PING_INTERVAL_NAME = "ipc.ping.interval";
   final private static String SOCKET_TIMEOUT = "ipc.socket.timeout";
   final static int DEFAULT_PING_INTERVAL = 60000;  // 1 min
@@ -135,6 +137,10 @@ public class RpcClient {
   public final static String FAILED_SERVER_EXPIRY_KEY = "hbase.ipc.client.failed.servers.expiry";
   public final static int FAILED_SERVER_EXPIRY_DEFAULT = 2000;
 
+  public static final String IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY =
+      "hbase.ipc.client.fallback-to-simple-auth-allowed";
+  public static final boolean IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT = false;
+
   // thread-specific RPC timeout, which may override that of what was passed in.
   // TODO: Verify still being used.
   private static ThreadLocal<Integer> rpcTimeout = new ThreadLocal<Integer>()
{
@@ -711,7 +717,7 @@ public class RpcClient {
 
     private synchronized boolean setupSaslConnection(final InputStream in2,
         final OutputStream out2) throws IOException {
-      saslRpcClient = new HBaseSaslRpcClient(authMethod, token, serverPrincipal);
+      saslRpcClient = new HBaseSaslRpcClient(authMethod, token, serverPrincipal, fallbackAllowed);
       return saslRpcClient.saslConnect(in2, out2);
     }
 
@@ -1179,12 +1185,15 @@ public class RpcClient {
     this.clusterId = clusterId != null ? clusterId : HConstants.CLUSTER_ID_DEFAULT;
     this.connections = new PoolMap<ConnectionId, Connection>(getPoolType(conf), getPoolSize(conf));
     this.failedServers = new FailedServers(conf);
+    this.fallbackAllowed = conf.getBoolean(IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY,
+        IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_DEFAULT);
     if (LOG.isDebugEnabled()) {
       LOG.debug("Codec=" + this.codec + ", compressor=" + this.compressor +
         ", tcpKeepAlive=" + this.tcpKeepAlive +
         ", tcpNoDelay=" + this.tcpNoDelay +
         ", maxIdleTime=" + this.maxIdleTime +
         ", maxRetries=" + this.maxRetries +
+        ", fallbackAllowed=" + this.fallbackAllowed +
         ", ping interval=" + this.pingInterval + "ms.");
     }
   }

Modified: hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java?rev=1494869&r1=1494868&r2=1494869&view=diff
==============================================================================
--- hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
(original)
+++ hbase/branches/0.95/hbase-client/src/main/java/org/apache/hadoop/hbase/security/HBaseSaslRpcClient.java
Thu Jun 20 06:39:54 2013
@@ -53,6 +53,7 @@ public class HBaseSaslRpcClient {
   public static final Log LOG = LogFactory.getLog(HBaseSaslRpcClient.class);
 
   private final SaslClient saslClient;
+  private final boolean fallbackAllowed;
 
   /**
    * Create a HBaseSaslRpcClient for an authentication method
@@ -63,8 +64,9 @@ public class HBaseSaslRpcClient {
    *          token to use if needed by the authentication method
    */
   public HBaseSaslRpcClient(AuthMethod method,
-      Token<? extends TokenIdentifier> token, String serverPrincipal)
+      Token<? extends TokenIdentifier> token, String serverPrincipal, boolean fallbackAllowed)
       throws IOException {
+    this.fallbackAllowed = fallbackAllowed;
     switch (method) {
     case DIGEST:
       if (LOG.isDebugEnabled())
@@ -144,8 +146,13 @@ public class HBaseSaslRpcClient {
         readStatus(inStream);
         int len = inStream.readInt();
         if (len == SaslUtil.SWITCH_TO_SIMPLE_AUTH) {
-          if (LOG.isDebugEnabled())
+          if (!fallbackAllowed) {
+            throw new IOException("Server asks us to fall back to SIMPLE auth, " +
+                "but this client is configured to only allow secure connections.");
+          }
+          if (LOG.isDebugEnabled()) {
             LOG.debug("Server asks us to fall back to simple auth.");
+          }
           saslClient.dispose();
           return false;
         }

Modified: hbase/branches/0.95/hbase-common/src/main/resources/hbase-default.xml
URL: http://svn.apache.org/viewvc/hbase/branches/0.95/hbase-common/src/main/resources/hbase-default.xml?rev=1494869&r1=1494868&r2=1494869&view=diff
==============================================================================
--- hbase/branches/0.95/hbase-common/src/main/resources/hbase-default.xml (original)
+++ hbase/branches/0.95/hbase-common/src/main/resources/hbase-default.xml Thu Jun 20 06:39:54
2013
@@ -834,6 +834,18 @@ possible configurations would overwhelm 
     </description>
   </property>
   <property>
+    <name>hbase.ipc.client.fallback-to-simple-auth-allowed</name>
+    <value>false</value>
+    <description>
+      When a client is configured to attempt a secure connection, but attempts to
+      connect to an insecure server, that server may instruct the client to
+      switch to SASL SIMPLE (unsecure) authentication. This setting controls
+      whether or not the client will accept this instruction from the server.
+      When false (the default), the client will not allow the fallback to SIMPLE
+      authentication, and will abort the connection.
+    </description>
+  </property>
+  <property>
     <name>hbase.coprocessor.region.classes</name>
     <value></value>
     <description>A comma-separated list of Coprocessors that are loaded by

Modified: hbase/branches/0.95/hbase-server/src/test/resources/hbase-site.xml
URL: http://svn.apache.org/viewvc/hbase/branches/0.95/hbase-server/src/test/resources/hbase-site.xml?rev=1494869&r1=1494868&r2=1494869&view=diff
==============================================================================
--- hbase/branches/0.95/hbase-server/src/test/resources/hbase-site.xml (original)
+++ hbase/branches/0.95/hbase-server/src/test/resources/hbase-site.xml Thu Jun 20 06:39:54
2013
@@ -90,6 +90,10 @@
       default ports.
     </description>
   </property>
+  <property>
+    <name>hbase.ipc.client.fallback-to-simple-auth-allowed</name>
+    <value>true</value>
+  </property>
 
   <property>
     <name>hbase.regionserver.info.port</name>



Mime
View raw message