Author: todd Date: Wed Jun 27 22:41:41 2012 New Revision: 1354767 URL: http://svn.apache.org/viewvc?rev=1354767&view=rev Log: HDFS-3572. Cleanup code which inits SPNEGO in HttpServer. Contributed by Todd Lipcon.
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java?rev=1354767&r1=1354766&r2=1354767&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java Wed Jun 27 22:41:41 2012 @@ -52,7 +52,9 @@ import org.apache.hadoop.fs.CommonConfig import org.apache.hadoop.jmx.JMXJsonServlet; import org.apache.hadoop.log.LogLevel; import org.apache.hadoop.metrics.MetricsServlet; +import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.authentication.server.AuthenticationFilter; import org.apache.hadoop.security.authorize.AccessControlList; import org.apache.hadoop.util.ReflectionUtils; import org.mortbay.io.Buffer; @@ -606,6 +608,24 @@ public class HttpServer implements Filte sslListener.setNeedClientAuth(needCertsAuth); webServer.addConnector(sslListener); } + + protected void initSpnego(Configuration conf, + String usernameConfKey, String keytabConfKey) throws IOException { + Map<String, String> params = new HashMap<String, String>(); + String principalInConf = conf.get(usernameConfKey); + if (principalInConf != null && !principalInConf.isEmpty()) { + params.put("kerberos.principal", + SecurityUtil.getServerPrincipal(principalInConf, listener.getHost())); + } + String httpKeytab = conf.get(keytabConfKey); + if (httpKeytab != null && !httpKeytab.isEmpty()) { + params.put("kerberos.keytab", httpKeytab); + } + params.put(AuthenticationFilter.AUTH_TYPE, "kerberos"); + + defineFilter(webAppContext, SPNEGO_FILTER, + AuthenticationFilter.class.getName(), params, null); + } /** * Start the server. Does not wait for the server to start.