Repository: atlas Updated Branches: refs/heads/branch-0.8 fa97b5252 -> 3d2bda3a0
ATLAS-2793: updated AtlasClient approach of determining if kerberos authentication is enabled or not (cherry picked from commit b02238491e451bda71e399725ea4a4d021ec766f) Project: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/3d2bda3a Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/3d2bda3a Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/3d2bda3a Branch: refs/heads/branch-0.8 Commit: 3d2bda3a02398329fcd4a6a2c3224d6e637e8e86 Parents: fa97b52 Author: Madhan Neethiraj <mad...@apache.org> Authored: Sun Jul 29 08:39:15 2018 -0700 Committer: Madhan Neethiraj <mad...@apache.org> Committed: Mon Jul 30 09:50:02 2018 -0700 ---------------------------------------------------------------------- .../java/org/apache/atlas/AtlasBaseClient.java | 4 +++- .../apache/atlas/utils/AuthenticationUtil.java | 19 +++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/atlas/blob/3d2bda3a/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java ---------------------------------------------------------------------- diff --git a/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java b/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java index aa1c773..e48061c 100644 --- a/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java +++ b/client/common/src/main/java/org/apache/atlas/AtlasBaseClient.java @@ -261,7 +261,9 @@ public abstract class AtlasBaseClient { final URLConnectionClientHandler handler; - if ((AuthenticationUtil.isKerberosAuthenticationEnabled())) { + boolean isKerberosEnabled = AuthenticationUtil.isKerberosAuthenticationEnabled(ugi); + + if (isKerberosEnabled) { handler = SecureClientUtils.getClientConnectionHandler(config, configuration, doAsUser, ugi); } else { if (configuration.getBoolean(TLS_ENABLED, false)) { http://git-wip-us.apache.org/repos/asf/atlas/blob/3d2bda3a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java ---------------------------------------------------------------------- diff --git a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java index af32afc..a871fa6 100644 --- a/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java +++ b/intg/src/main/java/org/apache/atlas/utils/AuthenticationUtil.java @@ -20,6 +20,7 @@ package org.apache.atlas.utils; import org.apache.atlas.ApplicationProperties; import org.apache.atlas.AtlasException; import org.apache.commons.configuration.Configuration; +import org.apache.hadoop.security.UserGroupInformation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.Console; @@ -34,17 +35,27 @@ public final class AuthenticationUtil { } public static boolean isKerberosAuthenticationEnabled() { - boolean isKerberosAuthenticationEnabled = false; + return isKerberosAuthenticationEnabled((UserGroupInformation) null); + } + + public static boolean isKerberosAuthenticationEnabled(UserGroupInformation ugi) { + boolean defaultValue = ugi != null && ugi.hasKerberosCredentials(); + try { - isKerberosAuthenticationEnabled = isKerberosAuthenticationEnabled(ApplicationProperties.get()); + return isKerberosAuthenticationEnabled(ApplicationProperties.get(), defaultValue); } catch (AtlasException e) { LOG.error("Error while isKerberosAuthenticationEnabled ", e); } - return isKerberosAuthenticationEnabled; + + return defaultValue; } public static boolean isKerberosAuthenticationEnabled(Configuration atlasConf) { - return atlasConf.getBoolean("atlas.authentication.method.kerberos", false); + return isKerberosAuthenticationEnabled(atlasConf, false); + } + + public static boolean isKerberosAuthenticationEnabled(Configuration atlasConf, boolean defaultValue) { + return atlasConf.getBoolean("atlas.authentication.method.kerberos", defaultValue); } public static boolean includeHadoopGroups(){