Author: tgraves Date: Thu Jan 31 22:24:26 2013 New Revision: 1441227 URL: http://svn.apache.org/viewvc?rev=1441227&view=rev Log: HADOOP-8346. Changes to support Kerberos with non Sun JVM (HADOOP-6941) broke SPNEGO (Devaraj Das via tgraves)
Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1441227&r1=1441226&r2=1441227&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java Thu Jan 31 22:24:26 2013 @@ -26,7 +26,6 @@ import javax.security.auth.login.Configu import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import java.io.IOException; -import java.lang.reflect.Field; import java.net.HttpURLConnection; import java.net.URL; import java.security.AccessControlContext; @@ -196,11 +195,10 @@ public class KerberosAuthenticator imple try { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost(); - + Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, - GSSName.NT_HOSTBASED_SERVICE); - Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, - gssManager); + oid); + oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java?rev=1441227&r1=1441226&r2=1441227&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java Thu Jan 31 22:24:26 2013 @@ -22,7 +22,6 @@ import java.lang.reflect.InvocationTarge import java.lang.reflect.Method; import org.ietf.jgss.GSSException; -import org.ietf.jgss.GSSManager; import org.ietf.jgss.Oid; public class KerberosUtil { @@ -34,8 +33,7 @@ public class KerberosUtil { : "com.sun.security.auth.module.Krb5LoginModule"; } - public static Oid getOidClassInstance(String servicePrincipal, - GSSManager gssManager) + public static Oid getOidInstance(String oidName) throws ClassNotFoundException, GSSException, NoSuchFieldException, IllegalAccessException { Class<?> oidClass; @@ -44,7 +42,7 @@ public class KerberosUtil { } else { oidClass = Class.forName("sun.security.jgss.GSSUtil"); } - Field oidField = oidClass.getDeclaredField("GSS_KRB5_MECH_OID"); + Field oidField = oidClass.getDeclaredField(oidName); return (Oid)oidField.get(oidClass); } Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1441227&r1=1441226&r2=1441227&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java Thu Jan 31 22:24:26 2013 @@ -145,10 +145,10 @@ public class TestKerberosAuthenticationH GSSContext gssContext = null; try { String servicePrincipal = KerberosTestUtils.getServerPrincipal(); + Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, - GSSName.NT_HOSTBASED_SERVICE); - Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, - gssManager); + oid); + oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1441227&r1=1441226&r2=1441227&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt Thu Jan 31 22:24:26 2013 @@ -40,6 +40,9 @@ Release 0.23.7 - UNRELEASED HADOOP-6941. Support non-SUN JREs in UserGroupInformation (Devaraj Das via tgraves) + HADOOP-8346. Changes to support Kerberos with non Sun JVM (HADOOP-6941) + broke SPNEGO (Devaraj Das via tgraves) + Release 0.23.6 - UNRELEASED INCOMPATIBLE CHANGES