hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "fang fang chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9679) KerberosName.rules are not initialized during adding kerberos support to a web servlet using hadoop authentications
Date Mon, 01 Jul 2013 07:56:19 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13696639#comment-13696639
] 

fang fang chen commented on HADOOP-9679:
----------------------------------------

Generate a draft fix based on branch-2.0.4-alpha KerberosAuthenticationHandler.authenticate(HttpServletRequest
request, final HttpServletResponse response).

                 String clientPrincipal = gssContext.getSrcName().toString();
                 KerberosName kerberosName = new KerberosName(clientPrincipal);
+                if( !KerberosName.hasRulesBeenSet()){
+                       LOG.warn("No rules applied to " + kerberosName.toString() + ". Using
DEFAULT rules.");
+                       KerberosName.setRules("DEFAULT");
+                }
                 String userName = kerberosName.getShortName();
                 token = new AuthenticationToken(userName, clientPrincipal, getType());
                 response.setStatus(HttpServletResponse.SC_OK);

                
> KerberosName.rules are not initialized during adding kerberos support to a web servlet
using hadoop authentications
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9679
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9679
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.1.2, 2.0.4-alpha
>            Reporter: fang fang chen
>
> I am using hadoop-1.1.1 to add kerberos authentication to a web service. But found rules
are not initialized, that makes following error happened:
> java.lang.NullPointerException
>         at org.apache.hadoop.security.KerberosName.getShortName(KerberosName.java:384)
>         at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:328)
>         at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:302)
>         at java.security.AccessController.doPrivileged(AccessController.java:310)
>         at javax.security.auth.Subject.doAs(Subject.java:573)
>         at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:302)
>         at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:340)
> Seems in hadoop-2.0.3, this issue still is not fixed. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message