Merge branch 'master' of https://github.com/hortonworks/metadata into BUG_37105

01953121 · Suma Shivaprasad · 30ba5a0a · 01eaf500 · 01953121 · 01953121
Commit 01953121 authored May 22, 2015 by Suma Shivaprasad
3 changed files
--- a/client/src/main/java/org/apache/hadoop/metadata/security/SecurityProperties.java
+++ b/client/src/main/java/org/apache/hadoop/metadata/security/SecurityProperties.java
@@ -31,5 +31,6 @@ public interface SecurityProperties {
    public static final String SERVER_CERT_PASSWORD_KEY = "password";
    public static final String CLIENT_AUTH_KEY = "client.auth.enabled";
    public static final String CERT_STORES_CREDENTIAL_PROVIDER_PATH = "cert.stores.credential.provider.path";
-    String SSL_CLIENT_PROPERTIES = "ssl-client.xml";
+    public static final String SSL_CLIENT_PROPERTIES = "ssl-client.xml";
+    public static final String BIND_ADDRESS = "metadata.server.bind.address";
 }
--- a/webapp/src/main/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationFilter.java
+++ b/webapp/src/main/java/org/apache/hadoop/metadata/web/filters/MetadataAuthenticationFilter.java
@@ -21,6 +21,7 @@ package org.apache.hadoop.metadata.web.filters;
 import com.google.inject.Singleton;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.hadoop.metadata.security.SecurityProperties;
 import org.apache.hadoop.metadata.PropertiesUtil;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
@@ -44,7 +45,6 @@ import java.util.Properties;
 public class MetadataAuthenticationFilter extends AuthenticationFilter {
    private static final Logger LOG = LoggerFactory.getLogger(MetadataAuthenticationFilter.class);
    static final String PREFIX = "metadata.http.authentication.";
-    static final String BIND_ADDRESS = "metadata.server.bind.address";
    @Override
    protected Properties getConfiguration(String configPrefix, FilterConfig filterConfig) throws ServletException {
@@ -77,7 +77,7 @@ public class MetadataAuthenticationFilter extends AuthenticationFilter {
        }
        //Resolve _HOST into bind address
-        String bindAddress = config.getProperty(BIND_ADDRESS);
+        String bindAddress = config.getProperty(SecurityProperties.BIND_ADDRESS);
        if (bindAddress == null) {
            LOG.info("No host name configured.  Defaulting to local host name.");
            try {

--- a/webapp/src/main/java/org/apache/hadoop/metadata/web/listeners/LoginProcessor.java
+++ b/webapp/src/main/java/org/apache/hadoop/metadata/web/listeners/LoginProcessor.java
@@ -21,14 +21,17 @@ import org.apache.commons.configuration.PropertiesConfiguration;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.metadata.MetadataException;
 import org.apache.hadoop.metadata.PropertiesUtil;
+import org.apache.hadoop.metadata.security.SecurityProperties;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.Shell;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import javax.servlet.ServletException;
 import java.io.IOException;
 import java.net.InetAddress;
+import java.net.UnknownHostException;
 /**
 * A class capable of performing a simple or kerberos login.
@@ -73,17 +76,30 @@ public class LoginProcessor  {
            if (authenticationMethod == UserGroupInformation.AuthenticationMethod.SIMPLE) {
                UserGroupInformation.loginUserFromSubject(null);
            } else if (authenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS) {
+                String bindAddress = getHostname(configuration);
                UserGroupInformation.loginUserFromKeytab(
-                        getServerPrincipal(configuration.getString(AUTHENTICATION_PRINCIPAL)),
+                        getServerPrincipal(configuration.getString(AUTHENTICATION_PRINCIPAL), bindAddress),
                        configuration.getString(AUTHENTICATION_KEYTAB));
            }
            LOG.info("Logged in user {}", UserGroupInformation.getLoginUser());
        } catch (IOException e) {
            throw new IllegalStateException(String.format("Unable to perform %s login.", authenticationMethod), e);
        }
    }
+    private String getHostname(PropertiesConfiguration configuration) {
+        String bindAddress = configuration.getString(SecurityProperties.BIND_ADDRESS);
+        if (bindAddress == null) {
+            LOG.info("No host name configured.  Defaulting to local host name.");
+            try {
+                bindAddress = InetAddress.getLocalHost().getHostName();
+            } catch (UnknownHostException e) {
+                throw new IllegalStateException(e);
+            }
+        }
+        return bindAddress;
+    }
    protected void setupHadoopConfiguration(Configuration hadoopConfig, PropertiesConfiguration configuration) {
        String authMethod;
        authMethod = configuration != null ? configuration.getString(AUTHENTICATION_METHOD) : null;
@@ -104,8 +120,8 @@ public class LoginProcessor  {
     * @return the service principal.
     * @throws IOException
     */
-    private String getServerPrincipal(String principal) throws IOException {
+    private String getServerPrincipal(String principal, String host) throws IOException {
-        return SecurityUtil.getServerPrincipal(principal, InetAddress.getLocalHost().getHostName());
+        return SecurityUtil.getServerPrincipal(principal, host);
    }
    /**