diff --git hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java index 211efbd20ba..b429c1d2942 100644 --- hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java +++ hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/KerberosName.java @@ -83,17 +83,8 @@ private static String defaultRealm; - static { - try { - defaultRealm = KerberosUtil.getDefaultRealm(); - } catch (Exception ke) { - LOG.debug("Kerberos krb5 configuration not found, setting default realm to empty"); - defaultRealm=""; - } - } - @VisibleForTesting - public static void resetDefaultRealm() { + public static synchronized void resetDefaultRealm() { try { defaultRealm = KerberosUtil.getDefaultRealm(); } catch (Exception ke) { @@ -133,7 +124,17 @@ protected KerberosName(String serviceName, String hostname, String realm) { * Get the configured default realm. * @return the default realm from the krb5.conf */ - public String getDefaultRealm() { + public static synchronized String getDefaultRealm() { + if (defaultRealm == null) { + try { + defaultRealm = KerberosUtil.getDefaultRealm(); + } catch (Exception ke) { + LOG.debug( + "Kerberos krb5 configuration not found, setting default realm to" + + "empty"); + defaultRealm = ""; + } + } return defaultRealm; } @@ -269,7 +270,7 @@ static String replaceParameters(String format, if (paramNum != null) { try { int num = Integer.parseInt(paramNum); - if (num < 0 || num > params.length) { + if (num < 0 || num >= params.length) { throw new BadFormatString("index " + num + " from " + format + " is outside of the valid range 0 to " + (params.length - 1)); @@ -316,7 +317,7 @@ static String replaceSubstitution(String base, Pattern from, String to, String apply(String[] params) throws IOException { String result = null; if (isDefault) { - if (defaultRealm.equals(params[0])) { + if (getDefaultRealm().equals(params[0])) { result = params[1]; } } else if (params.length - 1 == numOfComponents) { diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/timelineservice/security/TestTimelineAuthFilterForV2.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/timelineservice/security/TestTimelineAuthFilterForV2.java index e7bbd2b9441..1918e4ca621 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/timelineservice/security/TestTimelineAuthFilterForV2.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-tests/src/test/java/org/apache/hadoop/yarn/server/timelineservice/security/TestTimelineAuthFilterForV2.java @@ -103,8 +103,12 @@ // indicates whether it is kerberos access or token based access. @Parameterized.Parameters public static Collection params() { - return Arrays.asList(new Object[][] {{false, true}, {false, false}, - {true, false}, {true, true}}); + return Arrays.asList(new Object[][] { + {false, true}, + {false, false}, + {true, false}, + {true, true} + }); } private static MiniKdc testMiniKDC;