12 年之前 · a82e67af6c
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -343,6 +343,9 @@ Release 2.0.4-beta - UNRELEASED
 
				     datanode to write the logs to right dir by default. (Arpit Gupta via
			
 
				     suresh)
			
 
				 
			
 
				+    HDFS-4540. Namenode http server should use the web authentication 
			
 
				+    keytab for spnego principal. (Arpit Gupta via suresh)
			
 
				+
			
 
				 Release 2.0.3-alpha - 2013-02-06
			
 
				 
			
 
				   INCOMPATIBLE CHANGES
			
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSUtil.java
@@ -1259,4 +1259,20 @@ public class DFSUtil {
 
				         "It should be a positive, non-zero integer value.");
			
 
				     return blocksReplWorkMultiplier;
			
 
				   }
			
 
				-}
			
 
				+  
			
 
				+  /**
			
 
				+   * Get SPNEGO keytab Key from configuration
			
 
				+   * 
			
 
				+   * @param conf
			
 
				+   *          Configuration
			
 
				+   * @param defaultKey
			
 
				+   * @return DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY if the key is not empty
			
 
				+   *         else return defaultKey
			
 
				+   */
			
 
				+  public static String getSpnegoKeytabKey(Configuration conf, String defaultKey) {
			
 
				+    String value = 
			
 
				+        conf.get(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY);
			
 
				+    return (value == null || value.isEmpty()) ?
			
 
				+        defaultKey : DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY;
			
 
				+  }
			
 
				+}
			
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
@@ -25,10 +25,10 @@ import java.util.Map;
 
				 
			
 
				 import javax.servlet.ServletContext;
			
 
				 
			
 
				-import org.apache.commons.logging.Log;
			
 
				 import org.apache.hadoop.classification.InterfaceAudience;
			
 
				 import org.apache.hadoop.conf.Configuration;
			
 
				 import org.apache.hadoop.hdfs.DFSConfigKeys;
			
 
				+import org.apache.hadoop.hdfs.DFSUtil;
			
 
				 import org.apache.hadoop.hdfs.server.common.JspHelper;
			
 
				 import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
			
 
				 import org.apache.hadoop.hdfs.web.AuthFilter;
			
@@ -77,7 +77,8 @@ public class NameNodeHttpServer {
 
				         if (UserGroupInformation.isSecurityEnabled()) {
			
 
				           initSpnego(conf,
			
 
				               DFSConfigKeys.DFS_NAMENODE_INTERNAL_SPNEGO_USER_NAME_KEY,
			
 
				-              DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY);
			
 
				+              DFSUtil.getSpnegoKeytabKey(conf,
			
 
				+                  DFSConfigKeys.DFS_NAMENODE_KEYTAB_FILE_KEY));
			
 
				         }
			
 
				         if (WebHdfsFileSystem.isEnabled(conf, LOG)) {
			
 
				           //add SPNEGO authentication filter for webhdfs
			
--- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSUtil.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/TestDFSUtil.java
@@ -641,4 +641,24 @@ public class TestDFSUtil {
 
				     assertFalse(DFSUtil.isValidName("/foo/:/bar"));
			
 
				     assertFalse(DFSUtil.isValidName("/foo:bar"));
			
 
				   }
			
 
				+  
			
 
				+  @Test(timeout=5000)
			
 
				+  public void testGetSpnegoKeytabKey() {
			
 
				+    HdfsConfiguration conf = new HdfsConfiguration();
			
 
				+    String defaultKey = "default.spengo.key";
			
 
				+    conf.unset(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY);
			
 
				+    assertEquals("Test spnego key in config is null", defaultKey,
			
 
				+        DFSUtil.getSpnegoKeytabKey(conf, defaultKey));
			
 
				+
			
 
				+    conf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY, "");
			
 
				+    assertEquals("Test spnego key is empty", defaultKey,
			
 
				+        DFSUtil.getSpnegoKeytabKey(conf, defaultKey));
			
 
				+
			
 
				+    String spengoKey = "spengo.key";
			
 
				+    conf.set(DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
			
 
				+        spengoKey);
			
 
				+    assertEquals("Test spnego key is NOT null",
			
 
				+        DFSConfigKeys.DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY,
			
 
				+        DFSUtil.getSpnegoKeytabKey(conf, defaultKey));
			
 
				+  }
			
 
				 }