Repository: oozie Updated Branches: refs/heads/master 05916d2be -> 3fb549f3a
OOZIE-1726 Oozie does not support _HOST when configuring kerberos security (venkatnrangan via bzhang) Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/3fb549f3 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/3fb549f3 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/3fb549f3 Branch: refs/heads/master Commit: 3fb549f3ad9c35e133a55287099e325ab2f45715 Parents: 05916d2 Author: Bowen Zhang <[email protected]> Authored: Wed Apr 8 15:32:48 2015 -0700 Committer: Bowen Zhang <[email protected]> Committed: Wed Apr 8 15:33:46 2015 -0700 ---------------------------------------------------------------------- .../oozie/service/HadoopAccessorService.java | 5 ++++- .../java/org/apache/oozie/servlet/AuthFilter.java | 18 +++++++++++++++++- release-log.txt | 1 + 3 files changed, 22 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/3fb549f3/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java b/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java index 18de48a..47d44cd 100644 --- a/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java +++ b/core/src/main/java/org/apache/oozie/service/HadoopAccessorService.java @@ -41,6 +41,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.net.InetAddress; import java.net.URI; import java.net.URISyntaxException; import java.security.PrivilegedExceptionAction; @@ -164,7 +165,9 @@ public class HadoopAccessorService implements Service { if (keytabFile.length() == 0) { throw new ServiceException(ErrorCode.E0026, KERBEROS_KEYTAB); } - String principal = ConfigurationService.get(serviceConf, KERBEROS_PRINCIPAL); + String principal = SecurityUtil.getServerPrincipal( + serviceConf.get(KERBEROS_PRINCIPAL, "oozie/localhost@LOCALHOST"), + InetAddress.getLocalHost().getCanonicalHostName()); if (principal.length() == 0) { throw new ServiceException(ErrorCode.E0026, KERBEROS_PRINCIPAL); } http://git-wip-us.apache.org/repos/asf/oozie/blob/3fb549f3/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java b/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java index a2bc2c5..b5b477d 100644 --- a/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java +++ b/core/src/main/java/org/apache/oozie/servlet/AuthFilter.java @@ -21,6 +21,7 @@ package org.apache.oozie.servlet; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; import org.apache.hadoop.conf.Configuration; import org.apache.oozie.service.Services; +import org.apache.hadoop.security.SecurityUtil; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -32,6 +33,8 @@ import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.util.Map; import java.util.Properties; +import java.net.InetAddress; +import java.net.UnknownHostException; import org.apache.oozie.service.JobsConcurrencyService; import org.apache.oozie.util.ZKUtils; @@ -41,6 +44,7 @@ import org.apache.oozie.util.ZKUtils; */ public class AuthFilter extends AuthenticationFilter { public static final String OOZIE_PREFIX = "oozie.authentication."; + private static final String KERBEROS_PRINCIPAL_CONFIG = "kerberos.principal"; private HttpServlet optionsServlet; private ZKUtils zkUtils = null; @@ -105,7 +109,19 @@ public class AuthFilter extends AuthenticationFilter { if (name.startsWith(OOZIE_PREFIX)) { String value = conf.get(name); name = name.substring(OOZIE_PREFIX.length()); - props.setProperty(name, value); + if (name.equals(KERBEROS_PRINCIPAL_CONFIG)) { + String hostName = "localhost"; + String principal = value; + try { + hostName = InetAddress.getLocalHost().getCanonicalHostName(); + principal = SecurityUtil.getServerPrincipal(value, hostName); + } catch (IOException ioe) { + // ignore. + } + props.setProperty(name, principal); + } else { + props.setProperty(name, value); + } } } http://git-wip-us.apache.org/repos/asf/oozie/blob/3fb549f3/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index aa1b380..ae581ac 100644 --- a/release-log.txt +++ b/release-log.txt @@ -1,5 +1,6 @@ -- Oozie 4.2.0 release (trunk - unreleased) +OOZIE-1726 Oozie does not support _HOST when configuring kerberos security (venkatnrangan via bzhang) OOZIE-2197 ooziedb.cmd command failed due to classpath being too long on windows (me.venkatr via bzhang) OOZIE-2182 SLA alert commands are not in sync with doc (puru) OOZIE-2191 Upgrade jackson version for hadoop-2 profile (ryota)
