Author: ddas
Date: Thu May 3 17:29:34 2012
New Revision: 1333564
URL: http://svn.apache.org/viewvc?rev=1333564&view=rev
Log:
HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due to fixes
introduced by the IBM JDK compatibility patch. Contributed by Devaraj Das.
Modified:
hadoop/common/branches/branch-1/CHANGES.txt
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1333564&r1=1333563&r2=1333564&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Thu May 3 17:29:34 2012
@@ -302,6 +302,9 @@ Release 1.0.3 - unreleased
HADOOP-8338. Fix renew and cancel of RPC HDFS delegation tokens. (omalley)
+ HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due to
fixes
+ introduced by the IBM JDK compatibility patch. (ddas)
+
Release 1.0.2 - 2012.03.24
NEW FEATURES
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1333564&r1=1333563&r2=1333564&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
Thu May 3 17:29:34 2012
@@ -26,7 +26,6 @@ import javax.security.auth.login.Configu
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.IOException;
-import java.lang.reflect.Field;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.AccessControlContext;
@@ -196,11 +195,10 @@ public class KerberosAuthenticator imple
try {
GSSManager gssManager = GSSManager.getInstance();
String servicePrincipal = "HTTP/" +
KerberosAuthenticator.this.url.getHost();
-
+ Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.createName(servicePrincipal,
-
GSSName.NT_HOSTBASED_SERVICE);
- Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
- gssManager);
+ oid);
+ oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
gssContext = gssManager.createContext(serviceName, oid, null,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java?rev=1333564&r1=1333563&r2=1333564&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Thu May 3 17:29:34 2012
@@ -22,7 +22,6 @@ import java.lang.reflect.InvocationTarge
import java.lang.reflect.Method;
import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
public class KerberosUtil {
@@ -34,8 +33,7 @@ public class KerberosUtil {
: "com.sun.security.auth.module.Krb5LoginModule";
}
- public static Oid getOidClassInstance(String servicePrincipal,
- GSSManager gssManager)
+ public static Oid getOidInstance(String oidName)
throws ClassNotFoundException, GSSException, NoSuchFieldException,
IllegalAccessException {
Class<?> oidClass;
@@ -44,7 +42,7 @@ public class KerberosUtil {
} else {
oidClass = Class.forName("sun.security.jgss.GSSUtil");
}
- Field oidField = oidClass.getDeclaredField("GSS_KRB5_MECH_OID");
+ Field oidField = oidClass.getDeclaredField(oidName);
return (Oid)oidField.get(oidClass);
}
Modified:
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1333564&r1=1333563&r2=1333564&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
(original)
+++
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
Thu May 3 17:29:34 2012
@@ -118,10 +118,10 @@ public class TestKerberosAuthenticationH
GSSContext gssContext = null;
try {
String servicePrincipal = KerberosTestUtils.getServerPrincipal();
+ Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.createName(servicePrincipal,
- GSSName.NT_HOSTBASED_SERVICE);
- Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
- gssManager);
+ oid);
+ oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
gssContext = gssManager.createContext(serviceName, oid, null,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);