zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi" <theo.berto...@gmail.com>
Subject Review Request: Allow server-side SASL login with JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
Date Wed, 01 Aug 2012 18:20:53 GMT

This is an automatically generated e-mail. To reply, visit:

Review request for zookeeper, Patrick Hunt and Eugene Koontz.


Currently the CnxnFactory checks for "java.security.auth.login.config" to decide whether or
not enable SASL.
- zookeeper/server/NIOServerCnxnFactory.java 
- zookeeper/server/NettyServerCnxnFactory.java
  - configure() checks for "java.security.auth.login.config"
    - If present start the new Login("Server", SaslServerCallbackHandler(conf))

But since the SaslServerCallbackHandler does the right thing just checking if getAppConfigurationEntry()
is empty, we can allow SASL with JAAS configuration to be programmatically just checking weather
or not a configuration entry is present instead of "java.security.auth.login.config".
(Something quite similar was done for the SaslClient in ZOOKEEPER-1373)

This addresses bug ZOOKEEPER-1497.


  /src/java/main/org/apache/zookeeper/server/NIOServerCnxnFactory.java 1360369 
  /src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java 1360369 
  /src/java/main/org/apache/zookeeper/server/ServerCnxnFactory.java 1360369 
  /src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 1360369 
  /src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 1360369 
  /src/java/test/org/apache/zookeeper/JaasConfiguration.java PRE-CREATION 
  /src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedServerTest.java PRE-CREATION

Diff: https://reviews.apache.org/r/6290/diff/


New testcase added SaslAuthDesignatedServerTest to check if ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY
is used.
(A new JaasConfiguration class was added to wrap the jaas.conf)

+Manual testing for HBASE-4791


Matteo Bertozzi

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message