Repository: atlas Updated Branches: refs/heads/branch-1.0 9097d695c -> e218c9ed5
ATLAS-2793: updated AtlasClient approach of determining if kerberos authentication is enabled or not (cherry picked from commit b02238491e451bda71e399725ea4a4d021ec766f) Project: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/e218c9ed Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/e218c9ed Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/e218c9ed Branch: refs/heads/branch-1.0 Commit: e218c9ed503b00f8cc59edcf4e285c01da884d57 Parents: 9097d69 Author: Madhan Neethiraj <mad...@apache.org> Authored: Sun Jul 29 08:39:15 2018 -0700 Committer: Madhan Neethiraj <mad...@apache.org> Committed: Mon Jul 30 09:49:09 2018 -0700 ---------------------------------------------------------------------- .../java/org/apache/atlas/AtlasBaseClient.java | 4 +++- .../apache/atlas/utils/AuthenticationUtil.java | 19 +++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/atlas/blob/e218c9ed/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java ---------------------------------------------------------------------- diff --git a/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java b/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java index f8e78ee..4464ade 100644 --- a/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java +++ b/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java @@ -266,7 +266,9 @@ public abstract class AtlasBaseClient { final URLConnectionClientHandler handler; - if ((AuthenticationUtil.isKerberosAuthenticationEnabled())) { + boolean isKerberosEnabled = AuthenticationUtil.isKerberosAuthenticationEnabled(ugi); + + if (isKerberosEnabled) { handler = SecureClientUtils.getClientConnectionHandler(config, configuration, doAsUser, ugi); } else { if (configuration.getBoolean(TLS_ENABLED, false)) { http://git-wip-us.apache.org/repos/asf/atlas/blob/e218c9ed/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java ---------------------------------------------------------------------- diff --git a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java index 99b58fe..cf2b38f 100644 --- a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java +++ b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java @@ -20,6 +20,7 @@ package org.apache.atlas.utils; import org.apache.atlas.ApplicationProperties; import org.apache.atlas.AtlasException; import org.apache.commons.configuration.Configuration; +import org.apache.hadoop.security.UserGroupInformation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.Console; @@ -34,17 +35,27 @@ public final class AuthenticationUtil { } public static boolean isKerberosAuthenticationEnabled() { - boolean isKerberosAuthenticationEnabled = false; + return isKerberosAuthenticationEnabled((UserGroupInformation) null); + } + + public static boolean isKerberosAuthenticationEnabled(UserGroupInformation ugi) { + boolean defaultValue = ugi != null && ugi.hasKerberosCredentials(); + try { - isKerberosAuthenticationEnabled = isKerberosAuthenticationEnabled(ApplicationProperties.get()); + return isKerberosAuthenticationEnabled(ApplicationProperties.get(), defaultValue); } catch (AtlasException e) { LOG.error("Error while isKerberosAuthenticationEnabled ", e); } - return isKerberosAuthenticationEnabled; + + return defaultValue; } public static boolean isKerberosAuthenticationEnabled(Configuration atlasConf) { - return atlasConf.getBoolean("atlas.authentication.method.kerberos", false); + return isKerberosAuthenticationEnabled(atlasConf, false); + } + + public static boolean isKerberosAuthenticationEnabled(Configuration atlasConf, boolean defaultValue) { + return atlasConf.getBoolean("atlas.authentication.method.kerberos", defaultValue); } public static boolean includeHadoopGroups(){