This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new c7328c9 KNOX-1959 - HadoopAuthCookieStore should not read krb5 login
config each time
c7328c9 is described below
commit c7328c9e44d353f3d6ac949cdb193650186cf7c4
Author: Kevin Risden <[email protected]>
AuthorDate: Wed Jul 31 14:13:47 2019 -0400
KNOX-1959 - HadoopAuthCookieStore should not read krb5 login config each
time
Signed-off-by: Kevin Risden <[email protected]>
---
.../gateway/dispatch/HadoopAuthCookieStore.java | 74 ++++++++++++----------
.../dispatch/HadoopAuthCookieStoreTest.java | 4 +-
2 files changed, 41 insertions(+), 37 deletions(-)
diff --git
a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStore.java
b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStore.java
index 06c9967..bd85617 100644
---
a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStore.java
+++
b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStore.java
@@ -34,28 +34,49 @@ import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
public class HadoopAuthCookieStore extends BasicCookieStore {
+ private static final SpiGatewayMessages LOG =
MessagesFactory.get(SpiGatewayMessages.class);
- private static SpiGatewayMessages LOG = MessagesFactory.get(
SpiGatewayMessages.class );
+ private static final String HADOOP_AUTH_COOKIE_NAME = "hadoop.auth";
+ private static final String HIVE_SERVER2_AUTH_COOKIE_NAME =
"hive.server2.auth";
- private GatewayConfig gatewayConfig;
+ private static String knoxPrincipal;
HadoopAuthCookieStore(GatewayConfig config) {
- this.gatewayConfig = config;
+ // Read knoxPrincipal from krb5 login jaas config file
+ String krb5Config = config.getKerberosLoginConfig();
+ if (krb5Config != null && !krb5Config.isEmpty()) {
+ Properties p = new Properties();
+ try (InputStream in = Files.newInputStream(Paths.get(krb5Config))){
+ p.load(in);
+ String configuredKnoxPrincipal = p.getProperty("principal");
+ // Strip off enclosing quotes, if present
+ if (configuredKnoxPrincipal.startsWith("\"")) {
+ configuredKnoxPrincipal = configuredKnoxPrincipal.substring(1,
+ configuredKnoxPrincipal.length() - 1);
+ }
+ knoxPrincipal = configuredKnoxPrincipal;
+ } catch (IOException e) {
+ LOG.errorReadingKerberosLoginConfig(krb5Config, e);
+ }
+ }
}
@Override
public void addCookie(Cookie cookie) {
- if (cookie.getName().equals("hadoop.auth") ||
cookie.getName().equals("hive.server2.auth")) {
- // Only add the cookie if it's Knox's cookie
- if (isKnoxCookie(gatewayConfig, cookie)) {
- Wrapper wrapper = new Wrapper(cookie);
- LOG.acceptingServiceCookie(wrapper);
- super.addCookie(wrapper);
- }
+ // Only add the cookie if it is an auth cookie and belongs to Knox
+ if (isAuthCookie(cookie) && isKnoxCookie(cookie)) {
+ Wrapper wrapper = new Wrapper(cookie);
+ LOG.acceptingServiceCookie(wrapper);
+ super.addCookie(wrapper);
}
}
- private static boolean isKnoxCookie(GatewayConfig config, Cookie cookie) {
+ private boolean isAuthCookie(Cookie cookie) {
+ return HADOOP_AUTH_COOKIE_NAME.equals(cookie.getName()) ||
+ HIVE_SERVER2_AUTH_COOKIE_NAME.equals(cookie.getName());
+ }
+
+ private boolean isKnoxCookie(Cookie cookie) {
boolean result = false;
if (cookie != null) {
@@ -71,22 +92,7 @@ public class HadoopAuthCookieStore extends BasicCookieStore {
}
if (principal != null) {
- String krb5Config = config.getKerberosLoginConfig();
- if (krb5Config != null && !krb5Config.isEmpty()) {
- Properties p = new Properties();
- try (InputStream in =
Files.newInputStream(Paths.get(krb5Config))){
- p.load(in);
- String configuredPrincipal = p.getProperty("principal");
- // Strip off enclosing quotes, if present
- if (configuredPrincipal.startsWith("\"")) {
- configuredPrincipal = configuredPrincipal.substring(1,
configuredPrincipal.length() - 1);
- }
- // Check if they're the same principal
- result = principal.equals(configuredPrincipal);
- } catch (IOException e) {
- LOG.errorReadingKerberosLoginConfig(krb5Config, e);
- }
- }
+ result = principal.equals(knoxPrincipal);
}
}
}
@@ -96,11 +102,11 @@ public class HadoopAuthCookieStore extends
BasicCookieStore {
}
private static class Wrapper extends BasicClientCookie {
+ private static final String DELEGATE_STR = "delegate";
+ private final Cookie delegate;
- private Cookie delegate;
-
- Wrapper( Cookie delegate ) {
- super( delegate.getName(), delegate.getValue() );
+ Wrapper(Cookie delegate ) {
+ super(delegate.getName(), delegate.getValue());
this.delegate = delegate;
}
@@ -189,11 +195,9 @@ public class HadoopAuthCookieStore extends
BasicCookieStore {
return (new ReflectionToStringBuilder(this) {
@Override
protected boolean accept(Field f) {
- return super.accept(f) && !f.getName().equals("delegate");
+ return super.accept(f) && !DELEGATE_STR.equals(f.getName());
}
}).toString();
}
-
}
-
-}
\ No newline at end of file
+}
diff --git
a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStoreTest.java
b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStoreTest.java
index a711be5..cc58347 100644
---
a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStoreTest.java
+++
b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/HadoopAuthCookieStoreTest.java
@@ -167,6 +167,7 @@ public class HadoopAuthCookieStoreTest {
File result = null;
try {
File f = File.createTempFile(filename, ".conf");
+ f.deleteOnExit();
try(OutputStream out = Files.newOutputStream(f.toPath())) {
out.write(contents.getBytes(StandardCharsets.UTF_8));
out.flush();
@@ -194,5 +195,4 @@ public class HadoopAuthCookieStoreTest {
"storeKey=true\n" +
"useTicketCache=false;";
}
-
-}
\ No newline at end of file
+}
