Repository: hadoop Updated Branches: refs/heads/branch-3.0 36c9dda07 -> 2f3415a4d
Revert "HADOOP-12897. KerberosAuthenticator.authenticate to include URL on IO failures. Contributed by Ajay Kumar." This reverts commit 16b2cad8e8f5215325c51eb582f58640a386b06b. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/2f3415a4 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/2f3415a4 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/2f3415a4 Branch: refs/heads/branch-3.0 Commit: 2f3415a4d6e3c70730f8ef733e99706b38756842 Parents: 36c9dda Author: Xiao Chen <x...@apache.org> Authored: Wed Feb 14 10:24:49 2018 -0800 Committer: Xiao Chen <x...@apache.org> Committed: Wed Feb 14 10:25:15 2018 -0800 ---------------------------------------------------------------------- .../client/KerberosAuthenticator.java | 80 +++++++------------- .../client/TestKerberosAuthenticator.java | 29 ------- 2 files changed, 27 insertions(+), 82 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/2f3415a4/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java index 64d4330..942d13c 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java @@ -13,8 +13,6 @@ */ package org.apache.hadoop.security.authentication.client; -import com.google.common.annotations.VisibleForTesting; -import java.lang.reflect.Constructor; import org.apache.commons.codec.binary.Base64; import org.apache.hadoop.security.authentication.server.HttpConstants; import org.apache.hadoop.security.authentication.util.AuthToken; @@ -179,62 +177,38 @@ public class KerberosAuthenticator implements Authenticator { */ @Override public void authenticate(URL url, AuthenticatedURL.Token token) - throws IOException, AuthenticationException { + throws IOException, AuthenticationException { if (!token.isSet()) { this.url = url; base64 = new Base64(0); - try { - HttpURLConnection conn = token.openConnection(url, connConfigurator); - conn.setRequestMethod(AUTH_HTTP_METHOD); - conn.connect(); - - boolean needFallback = false; - if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) { - LOG.debug("JDK performed authentication on our behalf."); - // If the JDK already did the SPNEGO back-and-forth for - // us, just pull out the token. - AuthenticatedURL.extractToken(conn, token); - if (isTokenKerberos(token)) { - return; - } - needFallback = true; + HttpURLConnection conn = token.openConnection(url, connConfigurator); + conn.setRequestMethod(AUTH_HTTP_METHOD); + conn.connect(); + + boolean needFallback = false; + if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) { + LOG.debug("JDK performed authentication on our behalf."); + // If the JDK already did the SPNEGO back-and-forth for + // us, just pull out the token. + AuthenticatedURL.extractToken(conn, token); + if (isTokenKerberos(token)) { + return; } - if (!needFallback && isNegotiate(conn)) { - LOG.debug("Performing our own SPNEGO sequence."); - doSpnegoSequence(token); - } else { - LOG.debug("Using fallback authenticator sequence."); - Authenticator auth = getFallBackAuthenticator(); - // Make sure that the fall back authenticator have the same - // ConnectionConfigurator, since the method might be overridden. - // Otherwise the fall back authenticator might not have the - // information to make the connection (e.g., SSL certificates) - auth.setConnectionConfigurator(connConfigurator); - auth.authenticate(url, token); - } - } catch (IOException ex){ - throw wrapExceptionWithMessage(ex, - "Error while authenticating with endpoint: " + url); - } catch (AuthenticationException ex){ - throw wrapExceptionWithMessage(ex, - "Error while authenticating with endpoint: " + url); + needFallback = true; + } + if (!needFallback && isNegotiate(conn)) { + LOG.debug("Performing our own SPNEGO sequence."); + doSpnegoSequence(token); + } else { + LOG.debug("Using fallback authenticator sequence."); + Authenticator auth = getFallBackAuthenticator(); + // Make sure that the fall back authenticator have the same + // ConnectionConfigurator, since the method might be overridden. + // Otherwise the fall back authenticator might not have the information + // to make the connection (e.g., SSL certificates) + auth.setConnectionConfigurator(connConfigurator); + auth.authenticate(url, token); } - } - } - - @VisibleForTesting - static <T extends Exception> T wrapExceptionWithMessage( - T exception, String msg) { - Class<? extends Throwable> exceptionClass = exception.getClass(); - try { - Constructor<? extends Throwable> ctor = exceptionClass - .getConstructor(String.class); - Throwable t = ctor.newInstance(msg); - return (T) (t.initCause(exception)); - } catch (Throwable e) { - LOG.debug("Unable to wrap exception of type {}, it has " - + "no (String) constructor.", exceptionClass, e); - return exception; } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/2f3415a4/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java index 4aabb34..7db53ba 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java @@ -20,9 +20,6 @@ import static org.apache.hadoop.security.authentication.server.KerberosAuthentic import static org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.KEYTAB; import static org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.NAME_RULES; -import java.io.IOException; -import java.nio.charset.CharacterCodingException; -import javax.security.sasl.AuthenticationException; import org.apache.hadoop.minikdc.KerberosSecurityTestcase; import org.apache.hadoop.security.authentication.KerberosTestUtils; import org.apache.hadoop.security.authentication.server.AuthenticationFilter; @@ -221,30 +218,4 @@ public class TestKerberosAuthenticator extends KerberosSecurityTestcase { }); } - @Test(timeout = 60000) - public void testWrapExceptionWithMessage() { - IOException ex; - ex = new IOException("Induced exception"); - ex = KerberosAuthenticator.wrapExceptionWithMessage(ex, "Error while " - + "authenticating with endpoint: localhost"); - Assert.assertEquals("Induced exception", ex.getCause().getMessage()); - Assert.assertEquals("Error while authenticating with endpoint: localhost", - ex.getMessage()); - - ex = new AuthenticationException("Auth exception"); - ex = KerberosAuthenticator.wrapExceptionWithMessage(ex, "Error while " - + "authenticating with endpoint: localhost"); - Assert.assertEquals("Auth exception", ex.getCause().getMessage()); - Assert.assertEquals("Error while authenticating with endpoint: localhost", - ex.getMessage()); - - // Test for Exception with no (String) constructor - // redirect the LOG to and check log message - ex = new CharacterCodingException(); - Exception ex2 = KerberosAuthenticator.wrapExceptionWithMessage(ex, - "Error while authenticating with endpoint: localhost"); - Assert.assertTrue(ex instanceof CharacterCodingException); - Assert.assertTrue(ex.equals(ex2)); - } - } --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
