Skip to content
Browse files

apply Configuration::getInstance(JavaLoginConfig, Configuration.Param…

…eters) to always use login configuration file per storm.yaml
  • Loading branch information...
1 parent 9def404 commit 6a6dab8c46eb0d018e9b87020cde3d32d2f3d55b afeng committed Mar 10, 2013
View
55 src/jvm/backtype/storm/security/auth/AuthUtils.java
@@ -1,58 +1,47 @@
package backtype.storm.security.auth;
+import backtype.storm.Config;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.AppConfigurationEntry;
+import java.security.NoSuchAlgorithmException;
+import java.security.URIParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import backtype.storm.Config;
+import java.io.File;
+import java.io.FileNotFoundException;
import java.io.IOException;
+import java.net.URI;
import java.util.Map;
public class AuthUtils {
+ private static final Logger LOG = LoggerFactory.getLogger(AuthUtils.class);
public static final String LOGIN_CONTEXT_SERVER = "StormServer";
public static final String LOGIN_CONTEXT_CLIENT = "StormClient";
public static final String SERVICE = "storm_thrift_server";
/**
- * Construct a JAAS configuration object per storm configuration file
+ * Construct a JAAS configuration object per storm configuration file
* @param storm_conf Storm configuration
- * @return
+ * @return JAAS configuration object
*/
- public static synchronized Configuration GetConfiguration(Map storm_conf) {
- //retrieve system property
- String orig_loginConfigurationFile = System.getProperty("java.security.auth.login.config");
+ public static Configuration GetConfiguration(Map storm_conf) {
+ Configuration login_conf = null;
- //try to find login file from Storm configuration
+ //find login file configuration from Storm configuration
String loginConfigurationFile = (String)storm_conf.get("java.security.auth.login.config");
- if ((loginConfigurationFile==null) || (loginConfigurationFile.length()==0))
- loginConfigurationFile = orig_loginConfigurationFile;
-
- Configuration login_conf = null;
if ((loginConfigurationFile != null) && (loginConfigurationFile.length()>0)) {
- //We don't allow system property and storm conf have conflicts
- if (orig_loginConfigurationFile!=null &&
- orig_loginConfigurationFile.length()>0 &&
- !loginConfigurationFile.equals(orig_loginConfigurationFile)) {
- throw new RuntimeException("System property java.security.auth.login.config ("
- + orig_loginConfigurationFile
- +") != storm configuration java.security.auth.login.config ("
- + loginConfigurationFile + ")");
+ try {
+ URI config_uri = new File(loginConfigurationFile).toURI();
+ login_conf = Configuration.getInstance("JavaLoginConfig", new URIParameter(config_uri));
+ } catch (NoSuchAlgorithmException ex1) {
+ if (ex1.getCause() instanceof FileNotFoundException)
+ throw new RuntimeException("configuration file "+loginConfigurationFile+" could not be found");
+ else throw new RuntimeException(ex1);
+ } catch (Exception ex2) {
+ throw new RuntimeException(ex2);
}
-
- //reset login configuration so that javax.security.auth.login will not use cache
- Configuration.setConfiguration(null);
-
- //use javax.security.auth.login.Configuration to obtain login configuration object
- //login.Configuration depends on system property "java.security.auth.login.config"
- //(see http://docs.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/login/ConfigFile.html)
- System.setProperty("java.security.auth.login.config", loginConfigurationFile);
- login_conf = Configuration.getConfiguration();
- //we reset system property to previous value if any
- if (orig_loginConfigurationFile!=null)
- System.setProperty("java.security.auth.login.config", orig_loginConfigurationFile);
- else
- System.setProperty("java.security.auth.login.config", "");
}
+
return login_conf;
}
View
16 test/clj/backtype/storm/security/auth/auth_test.clj
@@ -201,15 +201,23 @@
(is (= "Peer indicated failure: DIGEST-MD5: cannot acquire password for unknown_user in realm : localhost"
(try (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout)
nil
- (catch TTransportException ex (.getMessage ex))))))))
+ (catch TTransportException ex (.getMessage ex)))))))
(let [storm-conf (merge (read-storm-config)
+ {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"
+ "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/nonexistent.conf"})]
+ (testing "(Negative authentication) nonexistent configuration file"
+ (is (thrown? RuntimeException
+ (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout)))))
+
+ (let [storm-conf (merge (read-storm-config)
{STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"
"java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest_missing_client.conf"})]
- (testing "(Negative authentication) IOException"
+ (testing "(Negative authentication) Missing client"
(is (thrown? RuntimeException
- (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout)))))
-
+ (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout))))))
+
+
(deftest test-GetTransportPlugin-throws-RuntimeException
(let [conf (merge (read-storm-config)
{Config/STORM_THRIFT_TRANSPORT_PLUGIN "null.invalid"})]

0 comments on commit 6a6dab8

Please sign in to comment.
Something went wrong with that request. Please try again.