Skip to content
Browse files

use storm.yaml (instead of system property) for login configuration s…

…pecification
  • Loading branch information...
1 parent 50ebab0 commit 830886313bd89c262547daabc9d3d371a23b3be0 afeng committed
View
22 src/jvm/backtype/storm/security/auth/AuthUtils.java
@@ -20,7 +20,7 @@
private static final Logger LOG = LoggerFactory.getLogger(AuthUtils.class);
/**
- * Construct a JAAS configuration object per the given file
+ * Construct a JAAS configuration object per storm configuration file
* @param storm_conf Storm configuration
* @return
*/
@@ -28,17 +28,21 @@ public static synchronized Configuration GetConfiguration(Map storm_conf) {
Configuration.setConfiguration(null);
//exam system property first
- String loginConfigurationFile = System.getProperty("java.security.auth.login.config");
+ String orig_loginConfigurationFile = System.getProperty("java.security.auth.login.config");
- //if not defined, examine Storm configuration
+ //try to find login file from Storm configuration
+ String loginConfigurationFile = (String)storm_conf.get("java.security.auth.login.config");
if (loginConfigurationFile==null)
- loginConfigurationFile = (String)storm_conf.get("java.security.auth.login.config");
- else if (loginConfigurationFile.length()==0)
- loginConfigurationFile = (String)storm_conf.get("java.security.auth.login.config");
+ loginConfigurationFile = orig_loginConfigurationFile;
- if (loginConfigurationFile == null) return null;
- System.setProperty("java.security.auth.login.config", loginConfigurationFile);
- return Configuration.getConfiguration();
+ Configuration login_conf = null;
+ if ((loginConfigurationFile != null) && (loginConfigurationFile.length()>0)) {
+ System.setProperty("java.security.auth.login.config", loginConfigurationFile);
+ login_conf = Configuration.getConfiguration();
+ if (orig_loginConfigurationFile!=null)
+ System.setProperty("java.security.auth.login.config", orig_loginConfigurationFile);
+ }
+ return login_conf;
}
/**
View
21 src/jvm/backtype/storm/security/auth/ThriftServer.java
@@ -9,25 +9,21 @@
import backtype.storm.utils.Utils;
public class ThriftServer {
+ private static final Logger LOG = LoggerFactory.getLogger(ThriftServer.class);
private Map _storm_conf; //storm configuration
private TProcessor _processor = null;
private int _port = 0;
private TServer _server;
- private static final Logger LOG = LoggerFactory.getLogger(ThriftServer.class);
- private String _loginConfigurationFile;
-
+ private Configuration _login_conf;
+
public ThriftServer(Map storm_conf, TProcessor processor, int port) {
try {
_storm_conf = storm_conf;
_processor = processor;
_port = port;
-
- _loginConfigurationFile = System.getProperty("java.security.auth.login.config");
- if ((_loginConfigurationFile==null) || (_loginConfigurationFile.length()==0)) {
- //apply Storm configuration for JAAS login
- Map conf = Utils.readStormConfig();
- _loginConfigurationFile = (String)conf.get("java.security.auth.login.config");
- }
+
+ //retrieve authentication configuration
+ _login_conf = AuthUtils.GetConfiguration(_storm_conf);
} catch (Exception x) {
x.printStackTrace();
}
@@ -40,11 +36,8 @@ public void stop() {
public void serve() {
try {
- //retrieve authentication configuration
- Configuration login_conf = AuthUtils.GetConfiguration(_storm_conf);
-
//locate our thrift transport plugin
- ITransportPlugin transportPlugin = AuthUtils.GetTransportPlugin(_storm_conf, login_conf);
+ ITransportPlugin transportPlugin = AuthUtils.GetTransportPlugin(_storm_conf, _login_conf);
//server
_server = transportPlugin.getServer(_port, _processor);
View
28 test/clj/backtype/storm/security/auth/auth_test.clj
@@ -105,12 +105,12 @@
(^TopologyInfo getTopologyInfo [this ^String storm-id]))))
(defn launch-test-server [server-port login-cfg aznClass transportPluginClass]
- (System/setProperty "java.security.auth.login.config" login-cfg)
- (let [conf (merge (read-storm-config)
+ (let [conf1 (merge (read-storm-config)
{NIMBUS-AUTHORIZER aznClass
NIMBUS-HOST "localhost"
NIMBUS-THRIFT-PORT server-port
STORM-THRIFT-TRANSPORT-PLUGIN transportPluginClass})
+ conf (if login-cfg (merge conf1 {"java.security.auth.login.config" login-cfg}) conf1)
nimbus (nimbus/standalone-nimbus)
service-handler (dummy-service-handler conf nimbus)
server (ThriftServer. conf (Nimbus$Processor. service-handler) (int (conf NIMBUS-THRIFT-PORT)))]
@@ -122,7 +122,7 @@
(Thread/sleep ms))
(deftest Simple-authentication-test
- (launch-server-w-wait 6627 1000 "" nil "backtype.storm.security.auth.SimpleTransportPlugin")
+ (launch-server-w-wait 6627 1000 nil nil "backtype.storm.security.auth.SimpleTransportPlugin")
(log-message "(Positive authentication) Server and Client with simple transport, no authentication")
(let [storm-conf (merge (read-storm-config)
@@ -133,17 +133,16 @@
(.close client))
(log-message "(Negative authentication) Server: Simple vs. Client: Digest")
- (System/setProperty "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest.conf")
- (log-message "java.security.auth.login.config: " (System/getProperty "java.security.auth.login.config"))
(let [storm-conf (merge (read-storm-config)
- {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"})]
+ {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"
+ "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest.conf"})]
(is (= "java.net.SocketTimeoutException: Read timed out"
(try (NimbusClient. storm-conf "localhost" 6627 nimbus-timeout)
nil
(catch TTransportException ex (.getMessage ex)))))))
(deftest positive-authorization-test
- (launch-server-w-wait 6628 1000 ""
+ (launch-server-w-wait 6628 1000 nil
"backtype.storm.security.auth.authorizer.NoopAuthorizer"
"backtype.storm.security.auth.SimpleTransportPlugin")
(let [storm-conf (merge (read-storm-config)
@@ -155,7 +154,7 @@
(.close client)))
(deftest deny-authorization-test
- (launch-server-w-wait 6629 1000 ""
+ (launch-server-w-wait 6629 1000 nil
"backtype.storm.security.auth.authorizer.DenyAuthorizer"
"backtype.storm.security.auth.SimpleTransportPlugin")
(let [storm-conf (merge (read-storm-config)
@@ -173,16 +172,15 @@
nil
"backtype.storm.security.auth.digest.DigestSaslTransportPlugin")
(log-message "(Positive authentication) valid digest authentication")
- (System/setProperty "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest.conf")
(let [storm-conf (merge (read-storm-config)
- {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"})
+ {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"
+ "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest.conf"})
client (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout)
nimbus_client (.getClient client)]
(.activate nimbus_client "security_auth_test_topology")
(.close client))
(log-message "(Negative authentication) Server: Digest vs. Client: Simple")
- (System/setProperty "java.security.auth.login.config" "")
(let [storm-conf (merge (read-storm-config)
{STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.SimpleTransportPlugin"})
client (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout)
@@ -192,18 +190,18 @@
(.close client))
(log-message "(Negative authentication) Invalid password")
- (System/setProperty "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest_bad_password.conf")
(let [storm-conf (merge (read-storm-config)
- {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"})]
+ {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"
+ "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest_bad_password.conf"})]
(is (= "Peer indicated failure: DIGEST-MD5: digest response format violation. Mismatched response."
(try (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout)
nil
(catch TTransportException ex (.getMessage ex))))))
(log-message "(Negative authentication) Unknown user")
- (System/setProperty "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest_unknown_user.conf")
(let [storm-conf (merge (read-storm-config)
- {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"})]
+ {STORM-THRIFT-TRANSPORT-PLUGIN "backtype.storm.security.auth.digest.DigestSaslTransportPlugin"
+ "java.security.auth.login.config" "test/clj/backtype/storm/security/auth/jaas_digest_unknown_user.conf"})]
(is (= "Peer indicated failure: DIGEST-MD5: cannot acquire password for unknown_user in realm : localhost"
(try (NimbusClient. storm-conf "localhost" 6630 nimbus-timeout)
nil

0 comments on commit 8308863

Please sign in to comment.
Something went wrong with that request. Please try again.