Repository: accumulo Updated Branches: refs/heads/master a52b23827 -> 548796163
ACCUMULO-3636 Ensure KerberosToken is created when SASL is enabled. Typically, no token properties are needed for kerberos, so we need to ensure that we don't try to use a password in that case. Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/54879616 Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/54879616 Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/54879616 Branch: refs/heads/master Commit: 548796163149a917e4d8d7beb69f9d5e41360ee9 Parents: a52b238 Author: Josh Elser <els...@apache.org> Authored: Tue Mar 3 09:56:00 2015 -0800 Committer: Josh Elser <els...@apache.org> Committed: Tue Mar 3 09:56:00 2015 -0800 ---------------------------------------------------------------------- .../accumulo/monitor/servlets/trace/Basic.java | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/54879616/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/trace/Basic.java ---------------------------------------------------------------------- diff --git a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/trace/Basic.java b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/trace/Basic.java index 1a098c2..19cd2c6 100644 --- a/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/trace/Basic.java +++ b/server/monitor/src/main/java/org/apache/accumulo/monitor/servlets/trace/Basic.java @@ -18,6 +18,7 @@ package org.apache.accumulo.monitor.servlets.trace; import static java.nio.charset.StandardCharsets.UTF_8; +import java.io.IOException; import java.util.Date; import java.util.Map; import java.util.Map.Entry; @@ -31,6 +32,7 @@ import org.apache.accumulo.core.client.Scanner; import org.apache.accumulo.core.client.TableNotFoundException; import org.apache.accumulo.core.client.security.tokens.AuthenticationToken; import org.apache.accumulo.core.client.security.tokens.AuthenticationToken.Properties; +import org.apache.accumulo.core.client.security.tokens.KerberosToken; import org.apache.accumulo.core.client.security.tokens.PasswordToken; import org.apache.accumulo.core.conf.AccumuloConfiguration; import org.apache.accumulo.core.conf.Property; @@ -71,12 +73,22 @@ abstract class Basic extends BasicServlet { protected Scanner getScanner(StringBuilder sb) throws AccumuloException, AccumuloSecurityException { AccumuloConfiguration conf = Monitor.getContext().getConfiguration(); + final boolean saslEnabled = conf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED); String principal = conf.get(Property.TRACE_USER); AuthenticationToken at; Map<String,String> loginMap = conf.getAllPropertiesWithPrefix(Property.TRACE_TOKEN_PROPERTY_PREFIX); if (loginMap.isEmpty()) { - Property p = Property.TRACE_PASSWORD; - at = new PasswordToken(conf.get(p).getBytes(UTF_8)); + if (saslEnabled) { + try { + at = new KerberosToken(); + } catch (IOException e) { + throw new AccumuloException("Failed to create KerberosToken", e); + } + principal = SecurityUtil.getServerPrincipal(principal); + } else { + Property p = Property.TRACE_PASSWORD; + at = new PasswordToken(conf.get(p).getBytes(UTF_8)); + } } else { Properties props = new Properties(); int prefixLength = Property.TRACE_TOKEN_PROPERTY_PREFIX.getKey().length(); @@ -89,10 +101,6 @@ abstract class Basic extends BasicServlet { at = token; } - if (conf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { - principal = SecurityUtil.getServerPrincipal(principal); - } - String table = conf.get(Property.TRACE_TABLE); try { Connector conn = HdfsZooInstance.getInstance().getConnector(principal, at);
