SLIDER-192: use hadoop.security.authentication type as indicate whether to use security or not.
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/8fe71f06 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/8fe71f06 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/8fe71f06 Branch: refs/heads/feature/SLIDER-151_Implement_full_slider_API_in_REST_and_switch_client_to_it Commit: 8fe71f06738321525501b7c13a50046bf85e43fb Parents: 31d22b8 Author: Steve Loughran <ste...@apache.org> Authored: Tue Jul 1 15:24:58 2014 +0100 Committer: Steve Loughran <ste...@apache.org> Committed: Tue Jul 1 15:24:58 2014 +0100 ---------------------------------------------------------------------- .../java/org/apache/slider/client/SliderClient.java | 4 +++- .../org/apache/slider/common/SliderXmlConfKeys.java | 4 ++-- .../org/apache/slider/common/tools/SliderUtils.java | 15 ++++++++------- 3 files changed, 13 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/8fe71f06/slider-core/src/main/java/org/apache/slider/client/SliderClient.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/client/SliderClient.java b/slider-core/src/main/java/org/apache/slider/client/SliderClient.java index 95c120c..a337533 100644 --- a/slider-core/src/main/java/org/apache/slider/client/SliderClient.java +++ b/slider-core/src/main/java/org/apache/slider/client/SliderClient.java @@ -894,7 +894,9 @@ public class SliderClient extends AbstractSliderLaunchedService implements RunSe if (clusterSecure) { // if the cluster is secure, make sure that // the relevant security settings go over - addConfOptionToCLI(commandLine, config, KEY_SECURITY_ENABLED); +/* + addConfOptionToCLI(commandLine, config, KEY_SECURITY); +*/ addConfOptionToCLI(commandLine, config, DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY); http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/8fe71f06/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java b/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java index 272ae6a..c7b8ea5 100644 --- a/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java +++ b/slider-core/src/main/java/org/apache/slider/common/SliderXmlConfKeys.java @@ -93,8 +93,8 @@ public interface SliderXmlConfKeys { * Flag which is set to indicate that security should be enabled * when talking to this cluster. */ - String KEY_SECURITY_ENABLED = - CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION; + String KEY_SECURITY = + CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION; /** * queue name http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/8fe71f06/slider-core/src/main/java/org/apache/slider/common/tools/SliderUtils.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/common/tools/SliderUtils.java b/slider-core/src/main/java/org/apache/slider/common/tools/SliderUtils.java index b97ff63..5479b54 100644 --- a/slider-core/src/main/java/org/apache/slider/common/tools/SliderUtils.java +++ b/slider-core/src/main/java/org/apache/slider/common/tools/SliderUtils.java @@ -904,7 +904,8 @@ public final class SliderUtils { * @return true if the slider client/service should be in secure mode */ public static boolean isHadoopClusterSecure(Configuration conf) { - return conf.getBoolean(SliderXmlConfKeys.KEY_SECURITY_ENABLED, false); + return SecurityUtil.getAuthenticationMethod(conf) != + UserGroupInformation.AuthenticationMethod.SIMPLE; } /** @@ -953,22 +954,22 @@ public final class SliderUtils { conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION)); log.debug("hadoop.security.authorization={}", conf.get(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION)); - SecurityUtil.setAuthenticationMethod( - UserGroupInformation.AuthenticationMethod.KERBEROS, conf); +/* SecurityUtil.setAuthenticationMethod( + UserGroupInformation.AuthenticationMethod.KERBEROS, conf);*/ UserGroupInformation.setConfiguration(conf); UserGroupInformation authUser = UserGroupInformation.getCurrentUser(); log.debug("Authenticating as " + authUser.toString()); log.debug("Login user is {}", UserGroupInformation.getLoginUser()); if (!UserGroupInformation.isSecurityEnabled()) { throw new BadConfigException("Although secure mode is enabled," + - "the application has already set up its user as an insecure entity %s", - authUser); + "the application has already set up its user as an insecure entity %s", + authUser); } if (authUser.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.SIMPLE) { throw new BadConfigException("Auth User is not Kerberized %s" + - " -security has already been set up with the wrong authentication method", - authUser); + " -security has already been set up with the wrong authentication method", + authUser); }