Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

YARN-7942. Add check for JAAS configuration for Yarn Service.
Contributed by Billie Rinaldi
(Cherry-picked from commit 95904f6b3ccd1d167088086472eabdd85b2d148d)

Eric Yang 7 years ago
parent
13922cc32d
commit
7fac69ea48
1 changed files with 33 additions and 11 deletions
Split View Show Diff Stats
  1. 33 11
      hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java

+ 33 - 11
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-registry/src/main/java/org/apache/hadoop/registry/client/impl/zk/RegistrySecurity.java
View File 

@@ -736,8 +736,10 @@ public class RegistrySecurity extends AbstractService {
 
    * Apply the security environment to this curator instance. This
 
    * may include setting up the ZK system properties for SASL
 
    * @param builder curator builder
 
+   * @throws IOException if jaas configuration can't be generated or found
 
    */
 
-  public void applySecurityEnvironment(CuratorFrameworkFactory.Builder builder) {
 
+  public void applySecurityEnvironment(CuratorFrameworkFactory.Builder
 
+      builder) throws IOException {
 
 
     if (isSecureRegistry()) {
 
       switch (access) {
 
@@ -752,16 +754,36 @@ public class RegistrySecurity extends AbstractService {
 
           break;
 
 
         case sasl:
 
-          JaasConfiguration jconf =
 
-              new JaasConfiguration(jaasClientEntry, principal, keytab);
 
-          javax.security.auth.login.Configuration.setConfiguration(jconf);
 
-          setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
 
-              "true");
 
-          setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,
 
-              jaasClientEntry);
 
-          LOG.info(
 
-              "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry
 
-                  + ", principal = " + principal + ", keytab = " + keytab);
 
+          String existingJaasConf = System.getProperty(
 
+              "java.security.auth.login.config");
 
+          if (existingJaasConf == null || existingJaasConf.isEmpty()) {
 
+            if (principal == null || keytab == null) {
 
+              throw new IOException("SASL is configured for registry, " +
 
+                  "but neither keytab/principal nor java.security.auth.login" +
 
+                  ".config system property are specified");
 
+            }
 
+            // in this case, keytab and principal are specified and no jaas
 
+            // config is specified, so we will create one
 
+            LOG.info(
 
+                "Enabling ZK sasl client: jaasClientEntry = " + jaasClientEntry
 
+                    + ", principal = " + principal + ", keytab = " + keytab);
 
+            JaasConfiguration jconf =
 
+                new JaasConfiguration(jaasClientEntry, principal, keytab);
 
+            javax.security.auth.login.Configuration.setConfiguration(jconf);
 
+            setSystemPropertyIfUnset(ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
 
+                "true");
 
+            setSystemPropertyIfUnset(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY,
 
+                jaasClientEntry);
 
+          } else {
 
+            // in this case, jaas config is specified so we will not change it
 
+            LOG.info("Using existing ZK sasl configuration: " +
 
+                "jaasClientEntry = " + System.getProperty(
 
+                    ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client") +
 
+                ", sasl client = " + System.getProperty(
 
+                    ZooKeeperSaslClient.ENABLE_CLIENT_SASL_KEY,
 
+                    ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT) +
 
+                ", jaas = " + existingJaasConf);
 
+          }
 
           break;
 
 
         default: