Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1497

Allow server-side SASL login with JAAS configuration to be programmatically set (rather than only by reading JAAS configuration file)

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.4.3, 3.5.0
    • 3.4.4, 3.5.0
    • server
    • Reviewed

    Description

      Currently the CnxnFactory checks for "java.security.auth.login.config" to decide whether or not enable SASL.

      • zookeeper/server/NIOServerCnxnFactory.java
      • zookeeper/server/NettyServerCnxnFactory.java
        • configure() checks for "java.security.auth.login.config"
          • If present start the new Login("Server", SaslServerCallbackHandler(conf))

      But since the SaslServerCallbackHandler does the right thing just checking if getAppConfigurationEntry() is empty, we can allow SASL with JAAS configuration to be programmatically just checking weather or not a configuration entry is present instead of "java.security.auth.login.config".
      (Something quite similar was done for the SaslClient in ZOOKEEPER-1373)

      Attachments

        1. ZOOKEEPER-1497-v5.patch
          21 kB
          Matteo Bertozzi
        2. ZOOKEEPER-1497-v4.patch
          20 kB
          Matteo Bertozzi
        3. ZOOKEEPER-1497-v3.patch
          15 kB
          Matteo Bertozzi
        4. ZOOKEEPER-1497-v2.patch
          14 kB
          Matteo Bertozzi
        5. ZOOKEEPER-1497-v1.patch
          8 kB
          Matteo Bertozzi

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-1455 there is no way to determine if a session is sasl authenticated or not

          • Critical - Crashes, loss of data, severe memory leak.
          • Open
          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-1373 Hardcoded SASL login context name clashes with Hadoop security configuration override

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. ZOOKEEPER-1503 remove redundant JAAS configuration code in SaslAuthTest and SaslAuthFailTest

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              mbertozzi Matteo Bertozzi
              mbertozzi Matteo Bertozzi
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: