Author: ddas Date: Thu May 3 17:16:44 2012 New Revision: 1333557 URL: http://svn.apache.org/viewvc?rev=1333557&view=rev Log: HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due to fixes introduced by the IBM JDK compatibility patch. Contributed by Devaraj Das.
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Modified: hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java?rev=1333557&r1=1333556&r2=1333557&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/client/KerberosAuthenticator.java Thu May 3 17:16:44 2012 @@ -26,7 +26,6 @@ import javax.security.auth.login.Configu import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import java.io.IOException; -import java.lang.reflect.Field; import java.net.HttpURLConnection; import java.net.URL; import java.security.AccessControlContext; @@ -196,11 +195,10 @@ public class KerberosAuthenticator imple try { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost(); - + Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, - GSSName.NT_HOSTBASED_SERVICE); - Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, - gssManager); + oid); + oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); Modified: hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java?rev=1333557&r1=1333556&r2=1333557&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosUtil.java Thu May 3 17:16:44 2012 @@ -22,7 +22,6 @@ import java.lang.reflect.InvocationTarge import java.lang.reflect.Method; import org.ietf.jgss.GSSException; -import org.ietf.jgss.GSSManager; import org.ietf.jgss.Oid; public class KerberosUtil { @@ -34,8 +33,7 @@ public class KerberosUtil { : "com.sun.security.auth.module.Krb5LoginModule"; } - public static Oid getOidClassInstance(String servicePrincipal, - GSSManager gssManager) + public static Oid getOidInstance(String oidName) throws ClassNotFoundException, GSSException, NoSuchFieldException, IllegalAccessException { Class<?> oidClass; @@ -44,7 +42,7 @@ public class KerberosUtil { } else { oidClass = Class.forName("sun.security.jgss.GSSUtil"); } - Field oidField = oidClass.getDeclaredField("GSS_KRB5_MECH_OID"); + Field oidField = oidClass.getDeclaredField(oidName); return (Oid)oidField.get(oidClass); } Modified: hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1333557&r1=1333556&r2=1333557&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java Thu May 3 17:16:44 2012 @@ -145,10 +145,10 @@ public class TestKerberosAuthenticationH GSSContext gssContext = null; try { String servicePrincipal = KerberosTestUtils.getServerPrincipal(); + Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, - GSSName.NT_HOSTBASED_SERVICE); - Oid oid = KerberosUtil.getOidClassInstance(servicePrincipal, - gssManager); + oid); + oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); gssContext = gssManager.createContext(serviceName, oid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestCredDeleg(true); Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1333557&r1=1333556&r2=1333557&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Thu May 3 17:16:44 2012 @@ -409,6 +409,9 @@ Release 2.0.0 - UNRELEASED HADOOP-8342. HDFS command fails with exception following merge of HADOOP-8325 (tucu) + HADOOP-8346. Makes oid changes to make SPNEGO work. Was broken due + to fixes introduced by the IBM JDK compatibility patch. (ddas) + BREAKDOWN OF HADOOP-7454 SUBTASKS HADOOP-7455. HA: Introduce HA Service Protocol Interface. (suresh)