Repository: ambari Updated Branches: refs/heads/trunk 575097117 -> 7b73e225b
AMBARI-9742. Kerberos: fails when entering admin principal with blank password (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7b73e225 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7b73e225 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7b73e225 Branch: refs/heads/trunk Commit: 7b73e225b4b82f195286f3610f191cc196ae7071 Parents: 5750971 Author: Robert Levas <rle...@hortonworks.com> Authored: Mon Feb 23 14:54:27 2015 -0500 Committer: Robert Levas <rle...@hortonworks.com> Committed: Mon Feb 23 14:54:27 2015 -0500 ---------------------------------------------------------------------- .../kerberos/KerberosOperationHandler.java | 40 +++++++++++++++++++- .../kerberos/KerberosOperationHandlerTest.java | 39 +++++++++++++++++++ 2 files changed, 78 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/7b73e225/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java index 9d41691..b62f6f9 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java @@ -411,7 +411,45 @@ public abstract class KerberosOperationHandler { return administratorCredentials; } - public void setAdministratorCredentials(KerberosCredential administratorCredentials) { + /** + * Sets the administrator credentials for this KerberosOperationHandler. + * <p/> + * If the supplied {@link KerberosCredential} is not <code>null</code>, validates that the administrator + * principal is not <code>null</code> or empty and that either the password or the keytab value + * is not <code>null</code> or empty. If the credential value does not validate, then a + * {@link KerberosAdminAuthenticationException} will be thrown. + * + * @param administratorCredentials the relevant KerberosCredential + * @throws KerberosAdminAuthenticationException if the non-null KerberosCredential fails contain + * a non-empty principal and a non-empty password or + * keytab value. + */ + public void setAdministratorCredentials(KerberosCredential administratorCredentials) + throws KerberosAdminAuthenticationException { + + // Ensure the KerberosCredential is not null + if (administratorCredentials == null) { + throw new KerberosAdminAuthenticationException("The administrator credential must not be null"); + } + + String value; + + // Ensure the principal is not null or empty + value = administratorCredentials.getPrincipal(); + if ((value == null) || value.isEmpty()) { + throw new KerberosAdminAuthenticationException("Must specify a principal but it is null or empty"); + } + + // Ensure either the password or the keytab value is not null or empty + value = administratorCredentials.getPassword(); + if ((value == null) || value.isEmpty()) { + value = administratorCredentials.getKeytab(); + + if ((value == null) || value.isEmpty()) { + throw new KerberosAdminAuthenticationException("Must specify either a password or a keytab but both are null or empty"); + } + } + this.administratorCredentials = administratorCredentials; } http://git-wip-us.apache.org/repos/asf/ambari/blob/7b73e225/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java index f4551d2..e1d5fce 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java @@ -278,6 +278,45 @@ public abstract class KerberosOperationHandlerTest extends EasyMockSupport { Assert.assertEquals("\\A's are special!", handler.escapeCharacters("A's are special!", Collections.singleton('A'), '\\')); } + @Test(expected = KerberosAdminAuthenticationException.class) + public void testAdminCredentialsNullPrincipal() throws KerberosOperationException { + KerberosOperationHandler handler = createHandler(); + + KerberosCredential credentials = new KerberosCredential(null, "password", null); + handler.setAdministratorCredentials(credentials); + } + + @Test(expected = KerberosAdminAuthenticationException.class) + public void testAdminCredentialsEmptyPrincipal() throws KerberosOperationException { + KerberosOperationHandler handler = createHandler(); + + KerberosCredential credentials = new KerberosCredential("", "password", null); + handler.setAdministratorCredentials(credentials); + } + + @Test(expected = KerberosAdminAuthenticationException.class) + public void testAdminCredentialsNullCredential() throws KerberosOperationException { + KerberosOperationHandler handler = createHandler(); + + KerberosCredential credentials = new KerberosCredential("principal", null, null); + handler.setAdministratorCredentials(credentials); + } + + @Test(expected = KerberosAdminAuthenticationException.class) + public void testAdminCredentialsEmptyCredential1() throws KerberosOperationException { + KerberosOperationHandler handler = createHandler(); + + KerberosCredential credentials = new KerberosCredential("principal", "", null); + handler.setAdministratorCredentials(credentials); + } + + @Test(expected = KerberosAdminAuthenticationException.class) + public void testAdminCredentialsEmptyCredential2() throws KerberosOperationException { + KerberosOperationHandler handler = createHandler(); + + KerberosCredential credentials = new KerberosCredential("principal", null, ""); + handler.setAdministratorCredentials(credentials); + } private KerberosOperationHandler createHandler() throws KerberosOperationException { KerberosOperationHandler handler = new KerberosOperationHandler() {