Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1497

Allow server-side SASL login with JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.3, 3.5.0
    • Fix Version/s: 3.4.4, 3.5.0
    • Component/s: server
    • Labels:
    • Hadoop Flags:
      Reviewed

      Description

      Currently the CnxnFactory checks for "java.security.auth.login.config" to decide whether or not enable SASL.

      • zookeeper/server/NIOServerCnxnFactory.java
      • zookeeper/server/NettyServerCnxnFactory.java
        • configure() checks for "java.security.auth.login.config"
          • If present start the new Login("Server", SaslServerCallbackHandler(conf))

      But since the SaslServerCallbackHandler does the right thing just checking if getAppConfigurationEntry() is empty, we can allow SASL with JAAS configuration to be programmatically just checking weather or not a configuration entry is present instead of "java.security.auth.login.config".
      (Something quite similar was done for the SaslClient in ZOOKEEPER-1373)

        Attachments

        1. ZOOKEEPER-1497-v5.patch
          21 kB
          Matteo Bertozzi
        2. ZOOKEEPER-1497-v4.patch
          20 kB
          Matteo Bertozzi
        3. ZOOKEEPER-1497-v3.patch
          15 kB
          Matteo Bertozzi
        4. ZOOKEEPER-1497-v2.patch
          14 kB
          Matteo Bertozzi
        5. ZOOKEEPER-1497-v1.patch
          8 kB
          Matteo Bertozzi

          Issue Links

            Activity

              People

              • Assignee:
                mbertozzi Matteo Bertozzi
                Reporter:
                mbertozzi Matteo Bertozzi
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: