Author: tgraves Date: Wed Oct 3 19:18:12 2012 New Revision: 1393699 URL: http://svn.apache.org/viewvc?rev=1393699&view=rev Log: HDFS-3905. Secure cluster cannot use hftp to an insecure cluster (Daryn Sharp via tgraves)
Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1393699&r1=1393698&r2=1393699&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Wed Oct 3 19:18:12 2012 @@ -15,6 +15,9 @@ Release 0.23.5 - UNRELEASED HDFS-3919. MiniDFSCluster:waitClusterUp can hang forever. (Andy Isaacson via eli) + HDFS-3905. Secure cluster cannot use hftp to an insecure cluster + (Daryn Sharp via tgraves) + Release 0.23.4 - UNRELEASED INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java?rev=1393699&r1=1393698&r2=1393699&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DelegationTokenFetcher.java Wed Oct 3 19:18:12 2012 @@ -24,6 +24,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.PrintStream; +import java.net.ConnectException; import java.net.HttpURLConnection; import java.net.InetSocketAddress; import java.net.URL; @@ -385,10 +386,24 @@ public class DelegationTokenFetcher { return ugi.doAs( new PrivilegedExceptionAction<URLConnection>() { public URLConnection run() throws IOException { - SecurityUtil.fetchServiceTicket(url); - URLConnection connection = URLUtils.openConnection(url); - connection.connect(); - return connection; + // might not be fatal if secure port doesn't connect because + // security may be disabled on remote cluster + IOException ioeForTGS = null; + try { + SecurityUtil.fetchServiceTicket(url); + } catch (IOException ioe) { + ioeForTGS = ioe; + } + try { + URLConnection connection = URLUtils.openConnection(url); + connection.connect(); + return connection; + } catch (ConnectException e) { + throw e; + } catch (IOException ioe) { + // throw TGS exception instead if negotiation fails + throw (ioeForTGS != null) ? ioeForTGS : ioe; + } } }); } catch (InterruptedException ie) {