This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 60ff4ec Issue #2127: Allow user override default SASL service name
bookkeeper
60ff4ec is described below
commit 60ff4ec791f94362eee9aecc67670cbdbf2b2ee6
Author: BINLEI XUE <[email protected]>
AuthorDate: Mon Jul 29 14:11:14 2019 +0800
Issue #2127: Allow user override default SASL service name bookkeeper
Descriptions of the changes in this PR:
default SASL service name "bookkeeper" can be override by JVM property
"bookkeeper.sasl.servicename"
### Motivation
### Changes
Instead of use a constant value, it would read from JVM property first, if
it doesn't exists, then use default value from constant variable
SaslConstants.SASL_BOOKKEEPER_PROTOCOL
Master Issue: #2127
Reviewers: Enrico Olivelli <[email protected]>, Jia Zhai
<[email protected]>, Sijie Guo
This closes #2128 from 29x10/master, closes #2127
---
.../src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java | 4 +++-
.../src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java | 2 ++
.../test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java | 7 +++++--
site/docs/4.9.2/security/sasl.md | 7 +++++++
4 files changed, 17 insertions(+), 3 deletions(-)
diff --git
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java
index 324480c..63d7de9 100644
---
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java
+++
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslClientState.java
@@ -50,7 +50,9 @@ public class SaslClientState {
private String password;
public SaslClientState(String serverHostname, Subject subject) throws
SaslException {
- String serverPrincipal = SaslConstants.SASL_BOOKKEEPER_PROTOCOL + "/"
+ serverHostname;
+ String saslServiceName =
System.getProperty(SaslConstants.SASL_SERVICE_NAME,
+
SaslConstants.SASL_SERVICE_NAME_DEFAULT);
+ String serverPrincipal = saslServiceName + "/" + serverHostname;
this.clientSubject = subject;
if (clientSubject == null) {
throw new SaslException("Cannot create JAAS Sujbect for SASL");
diff --git
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java
index 98a83b7..719f1ec 100644
---
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java
+++
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/sasl/SaslConstants.java
@@ -52,6 +52,8 @@ public class SaslConstants {
static final String SASL_BOOKKEEPER_PROTOCOL = "bookkeeper";
static final String SASL_BOOKKEEPER_REALM = "bookkeeper";
+ static final String SASL_SERVICE_NAME = "bookkeeper.sasl.servicename";
+ static final String SASL_SERVICE_NAME_DEFAULT = "bookkeeper";
static final String SASL_MD5_DUMMY_HOSTNAME = "bookkeeper";
diff --git
a/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java
b/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java
index a538950..fc2df20 100644
---
a/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java
+++
b/bookkeeper-server/src/test/java/org/apache/bookkeeper/sasl/GSSAPIBookKeeperTest.java
@@ -68,6 +68,8 @@ public class GSSAPIBookKeeperTest extends
BookKeeperClusterTestCase {
private static MiniKdc kdc;
private static Properties conf;
+ private static final String non_default_sasl_service_name =
"non_default_servicename";
+
@ClassRule
public static TemporaryFolder kdcDir = new TemporaryFolder();
@@ -86,8 +88,8 @@ public class GSSAPIBookKeeperTest extends
BookKeeperClusterTestCase {
bookieConf.setUseHostNameAsBookieID(true);
String localhostName =
Bookie.getBookieAddress(bookieConf).getHostName();
- String principalServerNoRealm = "bookkeeper/" + localhostName;
- String principalServer = "bookkeeper/" + localhostName + "@" +
kdc.getRealm();
+ String principalServerNoRealm = non_default_sasl_service_name + "/" +
localhostName;
+ String principalServer = non_default_sasl_service_name + "/" +
localhostName + "@" + kdc.getRealm();
LOG.info("principalServer: " + principalServer);
String principalClientNoRealm = "bookkeeperclient/" + localhostName;
String principalClient = principalClientNoRealm + "@" + kdc.getRealm();
@@ -252,6 +254,7 @@ public class GSSAPIBookKeeperTest extends
BookKeeperClusterTestCase {
}
BookieServer startAndStoreBookie(ServerConfiguration conf) throws
Exception {
+ System.setProperty(SaslConstants.SASL_SERVICE_NAME,
non_default_sasl_service_name);
bsConfs.add(conf);
BookieServer s = startBookie(conf);
bs.add(s);
diff --git a/site/docs/4.9.2/security/sasl.md b/site/docs/4.9.2/security/sasl.md
index ffb972a..e943ec8 100644
--- a/site/docs/4.9.2/security/sasl.md
+++ b/site/docs/4.9.2/security/sasl.md
@@ -195,6 +195,13 @@ To configure SASL authentication on the clients:
```shell
clientAuthProviderFactoryClass=org.apache.bookkeeper.sasl.SASLClientProviderFactory
```
+5. By default bookie service name is `bookkeeper`, you could override it by
passing a JVM parameter to the client JVM or set System Property manually.
+
+ For example, if your bookie's principle is
[email protected]@EXAMPLE.COM, then pass:
+
+ ```shell
+ -Dbookkeeper.sasl.servicename=bk
+ ```
## Enabling Logging for SASL
