Home Explore Help
Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

Merge -r 1173738:1173739 from trunk to branch. FIXES: HADOOP-7621

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.23@1294774 13f79535-47bb-0310-9956-ffa450edef68
Alejandro Abdelnur 13 years ago
parent
ec24989240
commit
ee11677f8a
6 changed files with 53 additions and 7 deletions
Unified View Show Diff Stats
  1. 3 0
      hadoop-common-project/hadoop-common/CHANGES.txt
  2. 5 3
      hadoop-common-project/hadoop-common/src/main/docs/src/documentation/content/xdocs/HttpAuthentication.xml
  3. 25 1
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationFilterInitializer.java
  4. 2 2
      hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
  5. 15 1
      hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestAuthenticationFilter.java
  6. 3 0
      hadoop-project/pom.xml

+ 3 - 0
hadoop-common-project/hadoop-common/CHANGES.txt
View File 

@@ -53,6 +53,9 @@ Release 0.23.3 - UNRELEASED
 
     HADOOP-8085. Add RPC metrics to ProtobufRpcEngine. (Hari Mankude via
 
     HADOOP-8085. Add RPC metrics to ProtobufRpcEngine. (Hari Mankude via
 
     suresh)
 
     suresh)
 
 
 
+    HADOOP-7621. alfredo config should be in a file not readable by users
 
+                 (Alejandro Abdelnur via atm)
 
+
 
   OPTIMIZATIONS
 
   OPTIMIZATIONS
 
 
 
   BUG FIXES
 
   BUG FIXES

+ 5 - 3
hadoop-common-project/hadoop-common/src/main/docs/src/documentation/content/xdocs/HttpAuthentication.xml
View File 

@@ -82,10 +82,12 @@
 
       <code>36000</code>.
 
       <code>36000</code>.
 
       </p>
 
       </p>
 
 
 
-      <p><code>hadoop.http.authentication.signature.secret</code>: The signature secret for  
-      signing the authentication tokens. If not set a random secret is generated at 
+      <p><code>hadoop.http.authentication.signature.secret.file</code>: The signature secret 
+      file for signing the authentication tokens. If not set a random secret is generated at 
       startup time. The same secret should be used for all nodes in the cluster, JobTracker, 
       startup time. The same secret should be used for all nodes in the cluster, JobTracker, 
-      NameNode, DataNode and TastTracker. The default value is a <code>hadoop</code> value.
 
+      NameNode, DataNode and TastTracker. The default value is 
+      <code>${user.home}/hadoop-http-auth-signature-secret</code>.
 
+      IMPORTANT: This file should be readable only by the Unix user running the daemons.
 
       </p>
 
       </p>
 
         
         
       <p><code>hadoop.http.authentication.cookie.domain</code>: The domain to use for the HTTP 
       <p><code>hadoop.http.authentication.cookie.domain</code>: The domain to use for the HTTP

+ 25 - 1
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationFilterInitializer.java
View File 

@@ -22,6 +22,9 @@ import org.apache.hadoop.conf.Configuration;
 
 import org.apache.hadoop.http.FilterContainer;
 
 import org.apache.hadoop.http.FilterContainer;
 
 import org.apache.hadoop.http.FilterInitializer;
 
 import org.apache.hadoop.http.FilterInitializer;
 
 
 
+import java.io.FileReader;
 
+import java.io.IOException;
 
+import java.io.Reader;
 
 import java.util.HashMap;
 
 import java.util.HashMap;
 
 import java.util.Map;
 
 import java.util.Map;
 
 
 
@@ -40,8 +43,10 @@ import java.util.Map;
 
  */
 
  */
 
 public class AuthenticationFilterInitializer extends FilterInitializer {
 
 public class AuthenticationFilterInitializer extends FilterInitializer {
 
 
 
-  private static final String PREFIX = "hadoop.http.authentication.";
 
+  static final String PREFIX = "hadoop.http.authentication.";
 
 
 
+  static final String SIGNATURE_SECRET_FILE = AuthenticationFilter.SIGNATURE_SECRET + ".file";
 
+  
   /**
 
   /**
 
    * Initializes hadoop-auth AuthenticationFilter.
 
    * Initializes hadoop-auth AuthenticationFilter.
 
    * <p/>
 
    * <p/>
 
@@ -67,6 +72,25 @@ public class AuthenticationFilterInitializer extends FilterInitializer {
 
       }
 
       }
 
     }
 
     }
 
 
 
+    String signatureSecretFile = filterConfig.get(SIGNATURE_SECRET_FILE);
 
+    if (signatureSecretFile == null) {
 
+      throw new RuntimeException("Undefined property: " + SIGNATURE_SECRET_FILE);      
+    }
 
+    
+    try {
 
+      StringBuilder secret = new StringBuilder();
 
+      Reader reader = new FileReader(signatureSecretFile);
 
+      int c = reader.read();
 
+      while (c > -1) {
 
+        secret.append((char)c);
 
+        c = reader.read();
 
+      }
 
+      reader.close();
 
+      filterConfig.put(AuthenticationFilter.SIGNATURE_SECRET, secret.toString());
 
+    } catch (IOException ex) {
 
+      throw new RuntimeException("Could not read HTTP signature secret file: " + signatureSecretFile);            
+    }
 
+    
     container.addFilter("authentication",
 
     container.addFilter("authentication",
 
                         AuthenticationFilter.class.getName(),
 
                         AuthenticationFilter.class.getName(),
 
                         filterConfig);
 
                         filterConfig);

+ 2 - 2
hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
View File 

@@ -801,8 +801,8 @@
 
 </property>
 
 </property>
 
 
 
 <property>
 
 <property>
 
-  <name>hadoop.http.authentication.signature.secret</name>
 
-  <value>hadoop</value>
 
+  <name>hadoop.http.authentication.signature.secret.file</name>
 
+  <value>${user.home}/hadoop-http-auth-signature-secret</value>
 
   <description>
 
   <description>
 
     The signature secret for signing the authentication tokens.
 
     The signature secret for signing the authentication tokens.
 
     If not set a random secret is generated at startup time.
 
     If not set a random secret is generated at startup time.

+ 15 - 1
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestAuthenticationFilter.java
View File 

@@ -25,14 +25,28 @@ import org.mockito.Mockito;
 
 import org.mockito.invocation.InvocationOnMock;
 
 import org.mockito.invocation.InvocationOnMock;
 
 import org.mockito.stubbing.Answer;
 
 import org.mockito.stubbing.Answer;
 
 
 
+import java.io.File;
 
+import java.io.FileWriter;
 
+import java.io.Writer;
 
 import java.util.Map;
 
 import java.util.Map;
 
 
 
 public class TestAuthenticationFilter extends TestCase {
 
 public class TestAuthenticationFilter extends TestCase {
 
 
 
   @SuppressWarnings("unchecked")
 
   @SuppressWarnings("unchecked")
 
-  public void testConfiguration() {
 
+  public void testConfiguration() throws Exception {
 
     Configuration conf = new Configuration();
 
     Configuration conf = new Configuration();
 
     conf.set("hadoop.http.authentication.foo", "bar");
 
     conf.set("hadoop.http.authentication.foo", "bar");
 
+    
+    File testDir = new File(System.getProperty("test.build.data", 
+                                               "target/test-dir"));
 
+    testDir.mkdirs();
 
+    File secretFile = new File(testDir, "http-secret.txt");
 
+    Writer writer = new FileWriter(new File(testDir, "http-secret.txt"));
 
+    writer.write("hadoop");
 
+    writer.close();
 
+    conf.set(AuthenticationFilterInitializer.PREFIX + 
+             AuthenticationFilterInitializer.SIGNATURE_SECRET_FILE, 
+             secretFile.getAbsolutePath());
 
 
 
     FilterContainer container = Mockito.mock(FilterContainer.class);
 
     FilterContainer container = Mockito.mock(FilterContainer.class);
 
     Mockito.doAnswer(
 
     Mockito.doAnswer(

+ 3 - 0
hadoop-project/pom.xml
View File 

@@ -47,6 +47,9 @@
 
 
 
     <test.build.dir>${project.build.directory}/test-dir</test.build.dir>
 
     <test.build.dir>${project.build.directory}/test-dir</test.build.dir>
 
     <test.build.data>${test.build.dir}</test.build.data>
 
     <test.build.data>${test.build.dir}</test.build.data>
 
+    
+    <test.build.dir>${project.build.directory}/test-dir</test.build.dir>
 
+    <test.build.data>${test.build.dir}</test.build.data>
 
   </properties>
 
   </properties>
 
 
 
   <dependencyManagement>
 
   <dependencyManagement>