Repository: hadoop Updated Branches: refs/heads/trunk 190969006 -> 95904f6b3
YARN-7942. Add check for JAAS configuration for Yarn Service. Contributed by Billie Rinaldi Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/95904f6b Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/95904f6b Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/95904f6b Branch: refs/heads/trunk Commit: 95904f6b3ccd1d167088086472eabdd85b2d148d Parents: 1909690 Author: Eric Yang <ey...@apache.org> Authored: Thu Feb 22 16:12:40 2018 -0500 Committer: Eric Yang <ey...@apache.org> Committed: Thu Feb 22 16:12:40 2018 -0500 ---------------------------------------------------------------------- .../client/impl/zk/RegistrySecurity.java | 44 +++++++++++++++----- 1 file changed, 33 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/95904f6b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java index bb829d8..5c6c983 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java @@ -736,8 +736,10 @@ public class RegistrySecurity extends AbstractService { * Apply the security environment to this curator instance. This * may include setting up the ZK system properties for SASL * @param builder curator builder + * @throws IOException if jaas configuration can't be generated or found */ - public void applySecurityEnvironment(CuratorFrameworkFactory.Builder builder) { + public void applySecurityEnvironment(CuratorFrameworkFactory.Builder + builder) throws IOException { if (isSecureRegistry()) { switch (access) { @@ -752,16 +754,36 @@ public class RegistrySecurity extends AbstractService { break; case sasl: - JaasConfiguration jconf = - new JaasConfiguration(jaasClientEntry, principal, keytab); - javax.security.auth.login.Configuration.setConfiguration(jconf); - setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY, - "true"); - setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, - jaasClientEntry); - LOG.info( - "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry - + ", principal = " + principal + ", keytab = " + keytab); + String existingJaasConf = System.getProperty( + "java.security.auth.login.config"); + if (existingJaasConf == null || existingJaasConf.isEmpty()) { + if (principal == null || keytab == null) { + throw new IOException("SASL is configured for registry, " + + "but neither keytab/principal nor java.security.auth.login" + + ".config system property are specified"); + } + // in this case, keytab and principal are specified and no jaas + // config is specified, so we will create one + LOG.info( + "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry + + ", principal = " + principal + ", keytab = " + keytab); + JaasConfiguration jconf = + new JaasConfiguration(jaasClientEntry, principal, keytab); + javax.security.auth.login.Configuration.setConfiguration(jconf); + setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY, + "true"); + setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, + jaasClientEntry); + } else { + // in this case, jaas config is specified so we will not change it + LOG.info("Using existing ZK sasl configuration: " + + "jaasClientEntry = " + System.getProperty( + ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client") + + ", sasl client = " + System.getProperty( + ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY, + ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT) + + ", jaas = " + existingJaasConf); + } break; default: --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org