Author: tgraves Date: Thu Jan 31 22:19:49 2013 New Revision: 1441225 URL: http://svn.apache.org/viewvc?rev=1441225&view=rev Log: HADOOP-6941. Support non-SUN JREs in UserGroupInformation (Devaraj Das via tgraves
Added: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java - copied, changed from r1301308, hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java Thu Jan 31 22:19:49 2013 @@ -13,12 +13,12 @@ */ package org.apache.hadoop.security.authentication.client; -import com.sun.security.auth.module.Krb5LoginModule; import org.apache.commons.codec.binary.Base64; +import org.apache.hadoop.security.authentication.util.KerberosUtil; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSManager; import org.ietf.jgss.GSSName; -import sun.security.jgss.GSSUtil; +import org.ietf.jgss.Oid; import javax.security.auth.Subject; import javax.security.auth.login.AppConfigurationEntry; @@ -26,6 +26,7 @@ import javax.security.auth.login.Configu import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import java.io.IOException; +import java.lang.reflect.Field; import java.net.HttpURLConnection; import java.net.URL; import java.security.AccessControlContext; @@ -97,7 +98,7 @@ public class KerberosAuthenticator imple } private static final AppConfigurationEntry USER_KERBEROS_LOGIN = - new AppConfigurationEntry(Krb5LoginModule.class.getName(), + new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, USER_KERBEROS_OPTIONS); @@ -109,7 +110,7 @@ public class KerberosAuthenticator imple return USER_KERBEROS_CONF; } } - + private URL url; private HttpURLConnection conn; private Base64 base64; @@ -195,9 +196,12 @@ public class KerberosAuthenticator imple try { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost(); + GSSName serviceName = gssManager.createName(servicePrincipal, - GSSUtil.NT_GSS_KRB5_PRINCIPAL); - gssContext = gssManager.createContext(serviceName, GSSUtil.GSS_KRB5_MECH_OID, null, + GSSName.NT_HOSTBASED_SERVICE); + Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, + gssManager); + gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java Thu Jan 31 22:19:49 2013 @@ -15,9 +15,9 @@ package org.apache.hadoop.security.authe import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; -import com.sun.security.auth.module.Krb5LoginModule; import org.apache.commons.codec.binary.Base64; import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.authentication.util.KerberosUtil; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSManager; @@ -95,7 +95,7 @@ public class KerberosAuthenticationHandl } return new AppConfigurationEntry[]{ - new AppConfigurationEntry(Krb5LoginModule.class.getName(), + new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options),}; } Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java Thu Jan 31 22:19:49 2013 @@ -23,12 +23,11 @@ import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.lang.reflect.Method; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; -import sun.security.krb5.Config; -import sun.security.krb5.KrbException; /** * This class implements parsing and handling of Kerberos principal names. In @@ -77,13 +76,11 @@ public class KerberosName { private static List<Rule> rules; private static String defaultRealm; - private static Config kerbConf; static { try { - kerbConf = Config.getInstance(); - defaultRealm = kerbConf.getDefaultRealm(); - } catch (KrbException ke) { + defaultRealm = KerberosUtil.getDefaultRealm(); + } catch (Exception ke) { defaultRealm=""; } } Copied: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java (from r1301308, hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java) URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java?p2=hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java&p1=hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java&r1=1301308&r2=1441225&rev=1441225&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java Thu Jan 31 22:19:49 2013 @@ -1,3 +1,20 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.apache.hadoop.security.authentication.util; import java.lang.reflect.Field; Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java Thu Jan 31 22:19:49 2013 @@ -13,13 +13,15 @@ */ package org.apache.hadoop.security.authentication; -import com.sun.security.auth.module.Krb5LoginModule; import javax.security.auth.Subject; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginContext; + +import org.apache.hadoop.security.authentication.util.KerberosUtil; + import java.io.File; import java.security.Principal; import java.security.PrivilegedActionException; @@ -88,7 +90,7 @@ public class KerberosTestUtils { options.put("debug", "true"); return new AppConfigurationEntry[]{ - new AppConfigurationEntry(Krb5LoginModule.class.getName(), + new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options),}; } Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java Thu Jan 31 22:19:49 2013 @@ -19,14 +19,16 @@ import org.apache.hadoop.security.authen import junit.framework.TestCase; import org.apache.commons.codec.binary.Base64; import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.authentication.util.KerberosUtil; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSManager; import org.ietf.jgss.GSSName; import org.mockito.Mockito; -import sun.security.jgss.GSSUtil; +import org.ietf.jgss.Oid; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.lang.reflect.Field; import java.util.Properties; import java.util.concurrent.Callable; @@ -143,9 +145,12 @@ public class TestKerberosAuthenticationH GSSContext gssContext = null; try { String servicePrincipal = KerberosTestUtils.getServerPrincipal(); - GSSName serviceName = gssManager.createName(servicePrincipal, GSSUtil.NT_GSS_KRB5_PRINCIPAL); - gssContext = gssManager.createContext(serviceName, GSSUtil.GSS_KRB5_MECH_OID, null, - GSSContext.DEFAULT_LIFETIME); + GSSName serviceName = gssManager.createName(servicePrincipal, + GSSName.NT_HOSTBASED_SERVICE); + Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, + gssManager); + gssContext = gssManager.createContext(serviceName, oid, null, + GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt Thu Jan 31 22:19:49 2013 @@ -37,6 +37,9 @@ Release 0.23.7 - UNRELEASED HADOOP-9221. Convert remaining xdocs to APT. (Andy Isaacson via tgraves) + HADOOP-6941. Support non-SUN JREs in UserGroupInformation (Devaraj Das + via tgraves) + Release 0.23.6 - UNRELEASED INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java Thu Jan 31 22:19:49 2013 @@ -24,9 +24,7 @@ import org.apache.hadoop.classification. import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.authentication.util.KerberosName; - -import sun.security.krb5.Config; -import sun.security.krb5.KrbException; +import org.apache.hadoop.security.authentication.util.KerberosUtil; /** * This class implements parsing and handling of Kerberos principal names. In @@ -40,8 +38,8 @@ public class HadoopKerberosName extends static { try { - Config.getInstance().getDefaultRealm(); - } catch (KrbException ke) { + KerberosUtil.getDefaultRealm(); + } catch (Exception ke) { if(UserGroupInformation.isSecurityEnabled()) throw new IllegalArgumentException("Can't get Kerberos configuration",ke); } Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java Thu Jan 31 22:19:49 2013 @@ -17,6 +17,10 @@ package org.apache.hadoop.security; import java.io.IOException; +import java.lang.reflect.Constructor; +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.URI; @@ -48,9 +52,6 @@ import com.google.common.annotations.Vis //this will need to be replaced someday when there is a suitable replacement import sun.net.dns.ResolverConfiguration; import sun.net.util.IPAddressUtil; -import sun.security.jgss.krb5.Krb5Util; -import sun.security.krb5.Credentials; -import sun.security.krb5.PrincipalName; @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) @InterfaceStability.Evolving @@ -154,12 +155,41 @@ public class SecurityUtil { String serviceName = "host/" + remoteHost.getHost(); if (LOG.isDebugEnabled()) LOG.debug("Fetching service ticket for host at: " + serviceName); - Credentials serviceCred = null; + Object serviceCred = null; + Method credsToTicketMeth; + Class<?> krb5utilClass; try { - PrincipalName principal = new PrincipalName(serviceName, - PrincipalName.KRB_NT_SRV_HST); - serviceCred = Credentials.acquireServiceCreds(principal - .toString(), Krb5Util.ticketToCreds(getTgtFromSubject())); + Class<?> principalClass; + Class<?> credentialsClass; + + if (System.getProperty("java.vendor").contains("IBM")) { + principalClass = Class.forName("com.ibm.security.krb5.PrincipalName"); + + credentialsClass = Class.forName("com.ibm.security.krb5.Credentials"); + krb5utilClass = Class.forName("com.ibm.security.jgss.mech.krb5"); + } else { + principalClass = Class.forName("sun.security.krb5.PrincipalName"); + credentialsClass = Class.forName("sun.security.krb5.Credentials"); + krb5utilClass = Class.forName("sun.security.jgss.krb5"); + } + @SuppressWarnings("rawtypes") + Constructor principalConstructor = principalClass.getConstructor(String.class, + int.class); + Field KRB_NT_SRV_HST = principalClass.getDeclaredField("KRB_NT_SRV_HST"); + Method acquireServiceCredsMeth = + credentialsClass.getDeclaredMethod("acquireServiceCreds", + String.class, credentialsClass); + Method ticketToCredsMeth = krb5utilClass.getDeclaredMethod("ticketToCreds", + KerberosTicket.class); + credsToTicketMeth = krb5utilClass.getDeclaredMethod("credsToTicket", + credentialsClass); + + Object principal = principalConstructor.newInstance(serviceName, + KRB_NT_SRV_HST.get(principalClass)); + + serviceCred = acquireServiceCredsMeth.invoke(credentialsClass, + principal.toString(), + ticketToCredsMeth.invoke(krb5utilClass, getTgtFromSubject())); } catch (Exception e) { throw new IOException("Can't get service ticket for: " + serviceName, e); @@ -167,8 +197,13 @@ public class SecurityUtil { if (serviceCred == null) { throw new IOException("Can't get service ticket for " + serviceName); } - Subject.getSubject(AccessController.getContext()).getPrivateCredentials() - .add(Krb5Util.credsToTicket(serviceCred)); + try { + Subject.getSubject(AccessController.getContext()).getPrivateCredentials() + .add(credsToTicketMeth.invoke(krb5utilClass, serviceCred)); + } catch (Exception e) { + throw new IOException("Can't get service ticket for: " + + serviceName, e); + } } /** Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1441225&r1=1441224&r2=1441225&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Thu Jan 31 22:19:49 2013 @@ -59,14 +59,11 @@ import org.apache.hadoop.metrics2.annota import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem; import org.apache.hadoop.metrics2.lib.MutableRate; import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.authentication.util.KerberosUtil; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.util.Shell; -import com.sun.security.auth.NTUserPrincipal; -import com.sun.security.auth.UnixPrincipal; -import com.sun.security.auth.module.Krb5LoginModule; - /** * User and group information for Hadoop. * This class wraps around a JAAS Subject and provides methods to determine the @@ -291,20 +288,51 @@ public class UserGroupInformation { private final boolean isKeytab; private final boolean isKrbTkt; - private static final String OS_LOGIN_MODULE_NAME; - private static final Class<? extends Principal> OS_PRINCIPAL_CLASS; + private static String OS_LOGIN_MODULE_NAME; + private static Class<? extends Principal> OS_PRINCIPAL_CLASS; private static final boolean windows = System.getProperty("os.name").startsWith("Windows"); - static { - if (windows) { - OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.NTLoginModule"; - OS_PRINCIPAL_CLASS = NTUserPrincipal.class; + /* Return the OS login module class name */ + private static String getOSLoginModuleName() { + if (System.getProperty("java.vendor").contains("IBM")) { + return windows ? "com.ibm.security.auth.module.NTLoginModule" + : "com.ibm.security.auth.module.LinuxLoginModule"; } else { - OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.UnixLoginModule"; - OS_PRINCIPAL_CLASS = UnixPrincipal.class; + return windows ? "com.sun.security.auth.module.NTLoginModule" + : "com.sun.security.auth.module.UnixLoginModule"; } } - + + /* Return the OS principal class */ + @SuppressWarnings("unchecked") + private static Class<? extends Principal> getOsPrincipalClass() { + ClassLoader cl = ClassLoader.getSystemClassLoader(); + try { + if (System.getProperty("java.vendor").contains("IBM")) { + if (windows) { + return (Class<? extends Principal>) + cl.loadClass("com.ibm.security.auth.UsernamePrincipal"); + } else { + return (Class<? extends Principal>) + (System.getProperty("os.arch").contains("64") + ? cl.loadClass("com.ibm.security.auth.UsernamePrincipal") + : cl.loadClass("com.ibm.security.auth.LinuxPrincipal")); + } + } else { + return (Class<? extends Principal>) (windows + ? cl.loadClass("com.sun.security.auth.NTUserPrincipal") + : cl.loadClass("com.sun.security.auth.UnixPrincipal")); + } + } catch (ClassNotFoundException e) { + LOG.error("Unable to find JAAS classes:" + e.getMessage()); + } + return null; + } + static { + OS_LOGIN_MODULE_NAME = getOSLoginModuleName(); + OS_PRINCIPAL_CLASS = getOsPrincipalClass(); + } + private static class RealUser implements Principal { private final UserGroupInformation realUser; @@ -384,7 +412,7 @@ public class UserGroupInformation { USER_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS); } private static final AppConfigurationEntry USER_KERBEROS_LOGIN = - new AppConfigurationEntry(Krb5LoginModule.class.getName(), + new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), LoginModuleControlFlag.OPTIONAL, USER_KERBEROS_OPTIONS); private static final Map<String,String> KEYTAB_KERBEROS_OPTIONS = @@ -397,7 +425,7 @@ public class UserGroupInformation { KEYTAB_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS); } private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN = - new AppConfigurationEntry(Krb5LoginModule.class.getName(), + new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(), LoginModuleControlFlag.REQUIRED, KEYTAB_KERBEROS_OPTIONS);