Check system properties before building krb option map

amichair · Nov 20, 2012 · 4546461 · 4546461
1 parent 4287af4
commit 4546461
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 24 deletions.
diff --git a/core/src/main/java/me/prettyprint/cassandra/connection/client/HSaslThriftClient.java b/core/src/main/java/me/prettyprint/cassandra/connection/client/HSaslThriftClient.java
@@ -54,18 +54,16 @@ public class HSaslThriftClient extends HThriftClient implements HClient {
     private static Logger log = LoggerFactory.getLogger(HSaslThriftClient.class);
 
     private String servicePrincipalName;
-    private String clientPrincipalName;
     private TSSLTransportParameters params;
 
     /**
      * Constructor
      * @param cassandraHost
      * @param servicePrincipalName, name/_HOST@DOMAIN,  e.g. mapred/bdplab0.datastax.com@EXAMPLE.COM
      */
-    public HSaslThriftClient(CassandraHost cassandraHost, String servicePrincipalName, String clientPrincipalName) {
+    public HSaslThriftClient(CassandraHost cassandraHost, String servicePrincipalName) {
       super(cassandraHost);
       this.servicePrincipalName = servicePrincipalName;
-      this.clientPrincipalName = clientPrincipalName;
     }
 
     /**
@@ -74,10 +72,9 @@ public HSaslThriftClient(CassandraHost cassandraHost, String servicePrincipalNam
      * @param servicePrincipalName, name/_HOST@DOMAIN,  e.g. mapred/bdplab0.datastax.com@EXAMPLE.COM
      * @param params
      */
-    public HSaslThriftClient(CassandraHost cassandraHost, String servicePrincipalName, String clientPrincipalName, TSSLTransportParameters params) {
+    public HSaslThriftClient(CassandraHost cassandraHost, String servicePrincipalName, TSSLTransportParameters params) {
       super(cassandraHost);
       this.servicePrincipalName = servicePrincipalName;
-      this.clientPrincipalName = clientPrincipalName;
       this.params = params;
     }
 
@@ -94,9 +91,10 @@ public HSaslThriftClient open() {
 
       TSocket socket;
       try {
-        socket = params == null ?
-                                  new TSocket(cassandraHost.getHost(), cassandraHost.getPort(), timeout)
-                                  : TSSLTransportFactory.getClientSocket(cassandraHost.getHost(), cassandraHost.getPort(), timeout, params);
+        if (params == null)
+          socket = new TSocket(cassandraHost.getHost(), cassandraHost.getPort(), timeout);
+        else
+          socket = TSSLTransportFactory.getClientSocket(cassandraHost.getHost(), cassandraHost.getPort(), timeout, params);
       } catch (TTransportException e) {
         throw new HectorTransportException("Could not get client socket: ", e);
       }
@@ -110,7 +108,7 @@ public HSaslThriftClient open() {
       }
 
       try {
-        transport = openKerberosTransport(socket, servicePrincipalName, clientPrincipalName);
+        transport = openKerberosTransport(socket, servicePrincipalName);
       } catch (LoginException e) {
         log.error("Kerberos login failed: ", e);
         close();
@@ -128,11 +126,11 @@ public HSaslThriftClient open() {
       return this;
     }
 
-    public static TTransport openKerberosTransport(TTransport socket, String kerberosServicePrincipal, String kerberosClientPrincipal) throws LoginException, TTransportException {
+    public static TTransport openKerberosTransport(TTransport socket, String kerberosServicePrincipal) throws LoginException, TTransportException {
       try {
         log.debug("Opening kerberos transport...");
         Subject kerberosTicket = new Subject();
-        KerberosUserConfiguration kerberosConfig = new KerberosUserConfiguration(kerberosClientPrincipal);
+        KerberosUserConfiguration kerberosConfig = new KerberosUserConfiguration();
         LoginContext login = new LoginContext("Client", kerberosTicket, null, kerberosConfig);
         login.login();
 
@@ -182,17 +180,28 @@ public static class KerberosUserConfiguration extends javax.security.auth.login.
         DEFAULT_KERBEROS_OPTIONS.put("doNotPrompt", "true");
         DEFAULT_KERBEROS_OPTIONS.put("useTicketCache", "true");
         DEFAULT_KERBEROS_OPTIONS.put("renewTGT", "true");
-        String ticketCache = System.getenv("KRB5CCNAME");
-        if (ticketCache != null)
-          DEFAULT_KERBEROS_OPTIONS.put("ticketCache", ticketCache);
+        DEFAULT_KERBEROS_OPTIONS.put("useKeyTab", "true");
       }
 
+      private static final String[] recognizedOptions = {
+          "debug", "useTicketCache", "ticketCache", "renewTGT", "useKeyTab",
+          "keyTab", "principal"
+      };
+
       private HashMap<String, String> options;
 
-      public KerberosUserConfiguration(String clientPrincipalName) {
+      public KerberosUserConfiguration() {
         this.options = new HashMap<String, String>(DEFAULT_KERBEROS_OPTIONS);
-        if (clientPrincipalName != null)
-          this.options.put("principal", clientPrincipalName);
+
+        log.debug("Setting Kerberos options:");
+        for (int i = 0; i < recognizedOptions.length; i++) {
+          String option = recognizedOptions[i];
+          String value = System.getProperty("kerberos." + option);
+          if (value != null) {
+            log.debug("  " + option + ": " + value);
+            this.options.put(option, value);
+          }
+        }
       }
 
       @Override

diff --git a/...ava/me/prettyprint/cassandra/connection/factory/HKerberosSaslThriftClientFactoryImpl.java b/...ava/me/prettyprint/cassandra/connection/factory/HKerberosSaslThriftClientFactoryImpl.java
@@ -39,7 +39,6 @@ public class HKerberosSaslThriftClientFactoryImpl implements HClientFactory {
     public static final String KRB5_CONFIG = "krb5.conf";
 
     private String krbServicePrincipalName;
-    private String krbClientPrincipalName;
     private TSSLTransportParameters params;
 
     public HKerberosSaslThriftClientFactoryImpl() {
@@ -54,11 +53,8 @@ public HKerberosSaslThriftClientFactoryImpl() {
       }
 
       krbServicePrincipalName = System.getProperty("kerberos.service.principal.name");
-      krbClientPrincipalName = System.getProperty("kerberos.client.principal.name");
       if (krbServicePrincipalName != null) {
-        log.debug("Kerberos properties:");
-        log.debug("  kerberos.service.principal.name = {}", krbServicePrincipalName);
-        log.debug("  kerberos.client.principal.name = {}", krbClientPrincipalName);
+        log.debug("Kerberos service principal name = {}", krbServicePrincipalName);
       }
     }
 
@@ -71,8 +67,8 @@ public HClient createClient(CassandraHost ch) {
       }
 
       if (params == null)
-        return new HSaslThriftClient(ch, krbServicePrincipalName, krbClientPrincipalName);
+        return new HSaslThriftClient(ch, krbServicePrincipalName);
       else
-        return new HSaslThriftClient(ch, krbServicePrincipalName, krbClientPrincipalName, params);
+        return new HSaslThriftClient(ch, krbServicePrincipalName, params);
     }
 }