zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matteo Bertozzi" <theo.berto...@gmail.com>
Subject Re: Review Request: Allow server-side SASL login with JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)
Date Thu, 02 Aug 2012 06:35:40 GMT


> On Aug. 1, 2012, 10:55 p.m., Patrick Hunt wrote:
> > /src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedServerTest.java, line
90
> > <https://reviews.apache.org/r/6290/diff/1-2/?file=132325#file132325line90>
> >
> >     This timeout is too low. Typically we make it the connection timeout, otw it
has the tendency to fail intermittently (for example on slow/loaded test hardware)

sorry the code is a bit tricky, the ClientBase. createClient() waits 30sec for SyncConnected
or ConnectedReadOnly, while this class wait a little bit more for the auth.
Anyway I can increase this timeout if you say so.


- Matteo


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/6290/#review9727
-----------------------------------------------------------


On Aug. 1, 2012, 8:33 p.m., Matteo Bertozzi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/6290/
> -----------------------------------------------------------
> 
> (Updated Aug. 1, 2012, 8:33 p.m.)
> 
> 
> Review request for zookeeper, Patrick Hunt and Eugene Koontz.
> 
> 
> Description
> -------
> 
> Currently the CnxnFactory checks for "java.security.auth.login.config" to decide whether
or not enable SASL.
> - zookeeper/server/NIOServerCnxnFactory.java 
> - zookeeper/server/NettyServerCnxnFactory.java
>   - configure() checks for "java.security.auth.login.config"
>     - If present start the new Login("Server", SaslServerCallbackHandler(conf))
> 
> But since the SaslServerCallbackHandler does the right thing just checking if getAppConfigurationEntry()
is empty, we can allow SASL with JAAS configuration to be programmatically just checking weather
or not a configuration entry is present instead of "java.security.auth.login.config".
> (Something quite similar was done for the SaslClient in ZOOKEEPER-1373)
> 
> 
> This addresses bug ZOOKEEPER-1497.
>     https://issues.apache.org/jira/browse/ZOOKEEPER-1497
> 
> 
> Diffs
> -----
> 
>   /src/java/main/org/apache/zookeeper/Environment.java 1368201 
>   /src/java/main/org/apache/zookeeper/client/ZooKeeperSaslClient.java 1368201 
>   /src/java/main/org/apache/zookeeper/server/NIOServerCnxnFactory.java 1368201 
>   /src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java 1368201 
>   /src/java/main/org/apache/zookeeper/server/ServerCnxnFactory.java 1368201 
>   /src/java/main/org/apache/zookeeper/server/ZooKeeperSaslServer.java 1368201 
>   /src/java/main/org/apache/zookeeper/server/auth/SaslServerCallbackHandler.java 1368201

>   /src/java/test/org/apache/zookeeper/JaasConfiguration.java PRE-CREATION 
>   /src/java/test/org/apache/zookeeper/test/ClientBase.java 1368201 
>   /src/java/test/org/apache/zookeeper/test/SaslAuthDesignatedServerTest.java PRE-CREATION

> 
> Diff: https://reviews.apache.org/r/6290/diff/
> 
> 
> Testing
> -------
> 
> New testcase added SaslAuthDesignatedServerTest to check if ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY
is used.
> (A new JaasConfiguration class was added to wrap the jaas.conf)
> 
> +Manual testing for HBASE-4791
> 
> 
> Thanks,
> 
> Matteo Bertozzi
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message