ZooKeeper
  1. ZooKeeper
  2. ZOOKEEPER-1497

Allow server-side SASL login with JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.4.3, 3.5.0
    • Fix Version/s: 3.4.4, 3.5.0
    • Component/s: server
    • Labels:
    • Hadoop Flags:
      Reviewed

      Description

      Currently the CnxnFactory checks for "java.security.auth.login.config" to decide whether or not enable SASL.

      • zookeeper/server/NIOServerCnxnFactory.java
      • zookeeper/server/NettyServerCnxnFactory.java
        • configure() checks for "java.security.auth.login.config"
          • If present start the new Login("Server", SaslServerCallbackHandler(conf))

      But since the SaslServerCallbackHandler does the right thing just checking if getAppConfigurationEntry() is empty, we can allow SASL with JAAS configuration to be programmatically just checking weather or not a configuration entry is present instead of "java.security.auth.login.config".
      (Something quite similar was done for the SaslClient in ZOOKEEPER-1373)

      1. ZOOKEEPER-1497-v1.patch
        8 kB
        Matteo Bertozzi
      2. ZOOKEEPER-1497-v2.patch
        14 kB
        Matteo Bertozzi
      3. ZOOKEEPER-1497-v3.patch
        15 kB
        Matteo Bertozzi
      4. ZOOKEEPER-1497-v4.patch
        20 kB
        Matteo Bertozzi
      5. ZOOKEEPER-1497-v5.patch
        21 kB
        Matteo Bertozzi

        Issue Links

          Activity

            People

            • Assignee:
              Matteo Bertozzi
              Reporter:
              Matteo Bertozzi
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development