HADOOP-13503. Improve SaslRpcClient failure logging. Contributed by Xiaobing Zhou.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c5c3e81b Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c5c3e81b Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c5c3e81b Branch: refs/heads/HDFS-9806 Commit: c5c3e81b49ae6ef0cf9022f90f3709166aa4488d Parents: 0f51eae Author: Jing Zhao <ji...@apache.org> Authored: Thu Aug 18 14:55:26 2016 -0700 Committer: Jing Zhao <ji...@apache.org> Committed: Thu Aug 18 14:55:26 2016 -0700 ---------------------------------------------------------------------- .../apache/hadoop/security/SaslRpcClient.java | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/c5c3e81b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java index 850f27c..c360937 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java @@ -305,13 +305,16 @@ public class SaslRpcClient { authType.getProtocol() + "/" + authType.getServerId(), KerberosPrincipal.KRB_NT_SRV_HST).getName(); - boolean isPrincipalValid = false; - // use the pattern if defined String serverKeyPattern = conf.get(serverKey + ".pattern"); if (serverKeyPattern != null && !serverKeyPattern.isEmpty()) { Pattern pattern = GlobPattern.compile(serverKeyPattern); - isPrincipalValid = pattern.matcher(serverPrincipal).matches(); + if (!pattern.matcher(serverPrincipal).matches()) { + throw new IllegalArgumentException(String.format( + "Server has invalid Kerberos principal: %s," + + " doesn't match the pattern: %s", + serverPrincipal, serverKeyPattern)); + } } else { // check that the server advertised principal matches our conf String confPrincipal = SecurityUtil.getServerPrincipal( @@ -330,11 +333,11 @@ public class SaslRpcClient { "Kerberos principal name does NOT have the expected hostname part: " + confPrincipal); } - isPrincipalValid = serverPrincipal.equals(confPrincipal); - } - if (!isPrincipalValid) { - throw new IllegalArgumentException( - "Server has invalid Kerberos principal: " + serverPrincipal); + if (!serverPrincipal.equals(confPrincipal)) { + throw new IllegalArgumentException(String.format( + "Server has invalid Kerberos principal: %s, expecting: %s", + serverPrincipal, confPrincipal)); + } } return serverPrincipal; } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
