Repository: hadoop Updated Branches: refs/heads/trunk cc09b2b0c -> cd2158456
HADOOP-15418. Hadoop KMSAuthenticationFilter needs to use getPropsByPrefix instead of iterator to avoid ConcurrentModificationException. Contributed by lqjack and Suma Shivaprasad Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/cd215845 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/cd215845 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/cd215845 Branch: refs/heads/trunk Commit: cd2158456db8c89eeea64b72654a736ea8607e23 Parents: cc09b2b Author: Wei-Chiu Chuang <[email protected]> Authored: Thu Oct 18 17:25:57 2018 -0700 Committer: Wei-Chiu Chuang <[email protected]> Committed: Thu Oct 18 17:28:28 2018 -0700 ---------------------------------------------------------------------- .../key/kms/server/KMSAuthenticationFilter.java | 23 ++++++---- .../kms/server/TestKMSAuthenticationFilter.java | 48 ++++++++++++++++++++ 2 files changed, 63 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/cd215845/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java index 3e98a25..da542ff 100644 --- a/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java +++ b/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java @@ -17,6 +17,7 @@ */ package org.apache.hadoop.crypto.key.kms.server; +import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.crypto.key.kms.KMSDelegationToken; @@ -54,16 +55,22 @@ public class KMSAuthenticationFilter @Override protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) { - Properties props = new Properties(); + Configuration conf = KMSWebApp.getConfiguration(); - for (Map.Entry<String, String> entry : conf) { - String name = entry.getKey(); - if (name.startsWith(CONFIG_PREFIX)) { - String value = conf.get(name); - name = name.substring(CONFIG_PREFIX.length()); - props.setProperty(name, value); - } + return getKMSConfiguration(conf); + } + + @VisibleForTesting + Properties getKMSConfiguration(Configuration conf) { + Properties props = new Properties(); + + Map<String, String> propsWithPrefixMap = conf.getPropsWithPrefix( + CONFIG_PREFIX); + + for (Map.Entry<String, String> entry : propsWithPrefixMap.entrySet()) { + props.setProperty(entry.getKey(), entry.getValue()); } + String authType = props.getProperty(AUTH_TYPE); if (authType.equals(PseudoAuthenticationHandler.TYPE)) { props.setProperty(AUTH_TYPE, http://git-wip-us.apache.org/repos/asf/hadoop/blob/cd215845/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java new file mode 100644 index 0000000..da3913b --- /dev/null +++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.crypto.key.kms.server; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.crypto.key.kms.KMSDelegationToken; +import org.apache.hadoop.security.token.delegation.web + .DelegationTokenAuthenticationHandler; +import org.apache.hadoop.security.token.delegation.web + .PseudoDelegationTokenAuthenticationHandler; +import org.junit.Test; +import java.util.Properties; + +import static org.junit.Assert.assertEquals; + +/** + * Test KMS Authentication Filter. + */ +public class TestKMSAuthenticationFilter { + + @Test public void testConfiguration() throws Exception { + Configuration conf = new Configuration(); + conf.set("hadoop.kms.authentication.type", "simple"); + + Properties prop = new KMSAuthenticationFilter().getKMSConfiguration(conf); + assertEquals(prop.getProperty(KMSAuthenticationFilter.AUTH_TYPE), + PseudoDelegationTokenAuthenticationHandler.class.getName()); + assertEquals( + prop.getProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND), + KMSDelegationToken.TOKEN_KIND_STR); + } +} + --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
