Author: tgraves
Date: Thu Jan 31 22:19:49 2013
New Revision: 1441225
URL: http://svn.apache.org/viewvc?rev=1441225&view=rev
Log:
HADOOP-6941. Support non-SUN JREs in UserGroupInformation (Devaraj Das via
tgraves
Added:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
- copied, changed from r1301308,
hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java
Thu Jan 31 22:19:49 2013
@@ -13,12 +13,12 @@
*/
package org.apache.hadoop.security.authentication.client;
-import com.sun.security.auth.module.Krb5LoginModule;
import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
-import sun.security.jgss.GSSUtil;
+import org.ietf.jgss.Oid;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
@@ -26,6 +26,7 @@ import javax.security.auth.login.Configu
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.IOException;
+import java.lang.reflect.Field;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.AccessControlContext;
@@ -97,7 +98,7 @@ public class KerberosAuthenticator imple
}
private static final AppConfigurationEntry USER_KERBEROS_LOGIN =
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL,
USER_KERBEROS_OPTIONS);
@@ -109,7 +110,7 @@ public class KerberosAuthenticator imple
return USER_KERBEROS_CONF;
}
}
-
+
private URL url;
private HttpURLConnection conn;
private Base64 base64;
@@ -195,9 +196,12 @@ public class KerberosAuthenticator imple
try {
GSSManager gssManager = GSSManager.getInstance();
String servicePrincipal = "HTTP/" +
KerberosAuthenticator.this.url.getHost();
+
GSSName serviceName = gssManager.createName(servicePrincipal,
-
GSSUtil.NT_GSS_KRB5_PRINCIPAL);
- gssContext = gssManager.createContext(serviceName,
GSSUtil.GSS_KRB5_MECH_OID, null,
+
GSSName.NT_HOSTBASED_SERVICE);
+ Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
+ gssManager);
+ gssContext = gssManager.createContext(serviceName, oid, null,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
Thu Jan 31 22:19:49 2013
@@ -15,9 +15,9 @@ package org.apache.hadoop.security.authe
import
org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
-import com.sun.security.auth.module.Krb5LoginModule;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
@@ -95,7 +95,7 @@ public class KerberosAuthenticationHandl
}
return new AppConfigurationEntry[]{
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
options),};
}
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java
Thu Jan 31 22:19:49 2013
@@ -23,12 +23,11 @@ import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import java.lang.reflect.Method;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
-import sun.security.krb5.Config;
-import sun.security.krb5.KrbException;
/**
* This class implements parsing and handling of Kerberos principal names. In
@@ -77,13 +76,11 @@ public class KerberosName {
private static List<Rule> rules;
private static String defaultRealm;
- private static Config kerbConf;
static {
try {
- kerbConf = Config.getInstance();
- defaultRealm = kerbConf.getDefaultRealm();
- } catch (KrbException ke) {
+ defaultRealm = KerberosUtil.getDefaultRealm();
+ } catch (Exception ke) {
defaultRealm="";
}
}
Copied:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
(from r1301308,
hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java)
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java?p2=hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java&p1=hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java&r1=1301308&r2=1441225&rev=1441225&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java
Thu Jan 31 22:19:49 2013
@@ -1,3 +1,20 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.hadoop.security.authentication.util;
import java.lang.reflect.Field;
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/KerberosTestUtils.java
Thu Jan 31 22:19:49 2013
@@ -13,13 +13,15 @@
*/
package org.apache.hadoop.security.authentication;
-import com.sun.security.auth.module.Krb5LoginModule;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
+
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
+
import java.io.File;
import java.security.Principal;
import java.security.PrivilegedActionException;
@@ -88,7 +90,7 @@ public class KerberosTestUtils {
options.put("debug", "true");
return new AppConfigurationEntry[]{
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
options),};
}
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
Thu Jan 31 22:19:49 2013
@@ -19,14 +19,16 @@ import org.apache.hadoop.security.authen
import junit.framework.TestCase;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.mockito.Mockito;
-import sun.security.jgss.GSSUtil;
+import org.ietf.jgss.Oid;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.lang.reflect.Field;
import java.util.Properties;
import java.util.concurrent.Callable;
@@ -143,9 +145,12 @@ public class TestKerberosAuthenticationH
GSSContext gssContext = null;
try {
String servicePrincipal = KerberosTestUtils.getServerPrincipal();
- GSSName serviceName = gssManager.createName(servicePrincipal,
GSSUtil.NT_GSS_KRB5_PRINCIPAL);
- gssContext = gssManager.createContext(serviceName,
GSSUtil.GSS_KRB5_MECH_OID, null,
- GSSContext.DEFAULT_LIFETIME);
+ GSSName serviceName = gssManager.createName(servicePrincipal,
+ GSSName.NT_HOSTBASED_SERVICE);
+ Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal,
+ gssManager);
+ gssContext = gssManager.createContext(serviceName, oid, null,
+ GSSContext.DEFAULT_LIFETIME);
gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
Thu Jan 31 22:19:49 2013
@@ -37,6 +37,9 @@ Release 0.23.7 - UNRELEASED
HADOOP-9221. Convert remaining xdocs to APT. (Andy Isaacson via tgraves)
+ HADOOP-6941. Support non-SUN JREs in UserGroupInformation (Devaraj Das
+ via tgraves)
+
Release 0.23.6 - UNRELEASED
INCOMPATIBLE CHANGES
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/HadoopKerberosName.java
Thu Jan 31 22:19:49 2013
@@ -24,9 +24,7 @@ import org.apache.hadoop.classification.
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.authentication.util.KerberosName;
-
-import sun.security.krb5.Config;
-import sun.security.krb5.KrbException;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
/**
* This class implements parsing and handling of Kerberos principal names. In
@@ -40,8 +38,8 @@ public class HadoopKerberosName extends
static {
try {
- Config.getInstance().getDefaultRealm();
- } catch (KrbException ke) {
+ KerberosUtil.getDefaultRealm();
+ } catch (Exception ke) {
if(UserGroupInformation.isSecurityEnabled())
throw new IllegalArgumentException("Can't get Kerberos
configuration",ke);
}
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
Thu Jan 31 22:19:49 2013
@@ -17,6 +17,10 @@
package org.apache.hadoop.security;
import java.io.IOException;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
@@ -48,9 +52,6 @@ import com.google.common.annotations.Vis
//this will need to be replaced someday when there is a suitable replacement
import sun.net.dns.ResolverConfiguration;
import sun.net.util.IPAddressUtil;
-import sun.security.jgss.krb5.Krb5Util;
-import sun.security.krb5.Credentials;
-import sun.security.krb5.PrincipalName;
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
@@ -154,12 +155,41 @@ public class SecurityUtil {
String serviceName = "host/" + remoteHost.getHost();
if (LOG.isDebugEnabled())
LOG.debug("Fetching service ticket for host at: " + serviceName);
- Credentials serviceCred = null;
+ Object serviceCred = null;
+ Method credsToTicketMeth;
+ Class<?> krb5utilClass;
try {
- PrincipalName principal = new PrincipalName(serviceName,
- PrincipalName.KRB_NT_SRV_HST);
- serviceCred = Credentials.acquireServiceCreds(principal
- .toString(), Krb5Util.ticketToCreds(getTgtFromSubject()));
+ Class<?> principalClass;
+ Class<?> credentialsClass;
+
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ principalClass = Class.forName("com.ibm.security.krb5.PrincipalName");
+
+ credentialsClass = Class.forName("com.ibm.security.krb5.Credentials");
+ krb5utilClass = Class.forName("com.ibm.security.jgss.mech.krb5");
+ } else {
+ principalClass = Class.forName("sun.security.krb5.PrincipalName");
+ credentialsClass = Class.forName("sun.security.krb5.Credentials");
+ krb5utilClass = Class.forName("sun.security.jgss.krb5");
+ }
+ @SuppressWarnings("rawtypes")
+ Constructor principalConstructor =
principalClass.getConstructor(String.class,
+ int.class);
+ Field KRB_NT_SRV_HST = principalClass.getDeclaredField("KRB_NT_SRV_HST");
+ Method acquireServiceCredsMeth =
+ credentialsClass.getDeclaredMethod("acquireServiceCreds",
+ String.class, credentialsClass);
+ Method ticketToCredsMeth =
krb5utilClass.getDeclaredMethod("ticketToCreds",
+ KerberosTicket.class);
+ credsToTicketMeth = krb5utilClass.getDeclaredMethod("credsToTicket",
+ credentialsClass);
+
+ Object principal = principalConstructor.newInstance(serviceName,
+ KRB_NT_SRV_HST.get(principalClass));
+
+ serviceCred = acquireServiceCredsMeth.invoke(credentialsClass,
+ principal.toString(),
+ ticketToCredsMeth.invoke(krb5utilClass, getTgtFromSubject()));
} catch (Exception e) {
throw new IOException("Can't get service ticket for: "
+ serviceName, e);
@@ -167,8 +197,13 @@ public class SecurityUtil {
if (serviceCred == null) {
throw new IOException("Can't get service ticket for " + serviceName);
}
- Subject.getSubject(AccessController.getContext()).getPrivateCredentials()
- .add(Krb5Util.credsToTicket(serviceCred));
+ try {
+ Subject.getSubject(AccessController.getContext()).getPrivateCredentials()
+ .add(credsToTicketMeth.invoke(krb5utilClass, serviceCred));
+ } catch (Exception e) {
+ throw new IOException("Can't get service ticket for: "
+ + serviceName, e);
+ }
}
/**
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1441225&r1=1441224&r2=1441225&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
(original)
+++
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Thu Jan 31 22:19:49 2013
@@ -59,14 +59,11 @@ import org.apache.hadoop.metrics2.annota
import org.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import org.apache.hadoop.metrics2.lib.MutableRate;
import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.Shell;
-import com.sun.security.auth.NTUserPrincipal;
-import com.sun.security.auth.UnixPrincipal;
-import com.sun.security.auth.module.Krb5LoginModule;
-
/**
* User and group information for Hadoop.
* This class wraps around a JAAS Subject and provides methods to determine the
@@ -291,20 +288,51 @@ public class UserGroupInformation {
private final boolean isKeytab;
private final boolean isKrbTkt;
- private static final String OS_LOGIN_MODULE_NAME;
- private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
+ private static String OS_LOGIN_MODULE_NAME;
+ private static Class<? extends Principal> OS_PRINCIPAL_CLASS;
private static final boolean windows =
System.getProperty("os.name").startsWith("Windows");
- static {
- if (windows) {
- OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.NTLoginModule";
- OS_PRINCIPAL_CLASS = NTUserPrincipal.class;
+ /* Return the OS login module class name */
+ private static String getOSLoginModuleName() {
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ return windows ? "com.ibm.security.auth.module.NTLoginModule"
+ : "com.ibm.security.auth.module.LinuxLoginModule";
} else {
- OS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.UnixLoginModule";
- OS_PRINCIPAL_CLASS = UnixPrincipal.class;
+ return windows ? "com.sun.security.auth.module.NTLoginModule"
+ : "com.sun.security.auth.module.UnixLoginModule";
}
}
-
+
+ /* Return the OS principal class */
+ @SuppressWarnings("unchecked")
+ private static Class<? extends Principal> getOsPrincipalClass() {
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ try {
+ if (System.getProperty("java.vendor").contains("IBM")) {
+ if (windows) {
+ return (Class<? extends Principal>)
+ cl.loadClass("com.ibm.security.auth.UsernamePrincipal");
+ } else {
+ return (Class<? extends Principal>)
+ (System.getProperty("os.arch").contains("64")
+ ? cl.loadClass("com.ibm.security.auth.UsernamePrincipal")
+ : cl.loadClass("com.ibm.security.auth.LinuxPrincipal"));
+ }
+ } else {
+ return (Class<? extends Principal>) (windows
+ ? cl.loadClass("com.sun.security.auth.NTUserPrincipal")
+ : cl.loadClass("com.sun.security.auth.UnixPrincipal"));
+ }
+ } catch (ClassNotFoundException e) {
+ LOG.error("Unable to find JAAS classes:" + e.getMessage());
+ }
+ return null;
+ }
+ static {
+ OS_LOGIN_MODULE_NAME = getOSLoginModuleName();
+ OS_PRINCIPAL_CLASS = getOsPrincipalClass();
+ }
+
private static class RealUser implements Principal {
private final UserGroupInformation realUser;
@@ -384,7 +412,7 @@ public class UserGroupInformation {
USER_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS);
}
private static final AppConfigurationEntry USER_KERBEROS_LOGIN =
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
LoginModuleControlFlag.OPTIONAL,
USER_KERBEROS_OPTIONS);
private static final Map<String,String> KEYTAB_KERBEROS_OPTIONS =
@@ -397,7 +425,7 @@ public class UserGroupInformation {
KEYTAB_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS);
}
private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN =
- new AppConfigurationEntry(Krb5LoginModule.class.getName(),
+ new AppConfigurationEntry(KerberosUtil.getKrb5LoginModuleName(),
LoginModuleControlFlag.REQUIRED,
KEYTAB_KERBEROS_OPTIONS);
