apache
diff --git a/‎hbase-asyncfs/src/test/java/org/apache/hadoop/hbase/security/HBaseKerberosUtils.java‎
Lines changed: 9 additions & 0 deletions b/‎hbase-asyncfs/src/test/java/org/apache/hadoop/hbase/security/HBaseKerberosUtils.java‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/NettyRpcConnection.java‎
Lines changed: 2 additions & 1 deletion b/‎hbase-client/src/main/java/org/apache/hadoop/hbase/ipc/NettyRpcConnection.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎hbase-client/src/main/java/org/apache/hadoop/hbase/security/NettyHBaseSaslRpcClient.java‎
Lines changed: 4 additions & 4 deletions b/‎hbase-client/src/main/java/org/apache/hadoop/hbase/security/NettyHBaseSaslRpcClient.java‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎hbase-client/src/main/java/org/apache/hadoop/hbase/security/NettyHBaseSaslRpcClientHandler.java‎
Lines changed: 3 additions & 1 deletion b/‎hbase-client/src/main/java/org/apache/hadoop/hbase/security/NettyHBaseSaslRpcClientHandler.java‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyHBaseSaslRpcServerHandler.java‎
Lines changed: 3 additions & 3 deletions b/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyHBaseSaslRpcServerHandler.java‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyRpcServer.java‎
Lines changed: 2 additions & 3 deletions b/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyRpcServer.java‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyRpcServerPreambleHandler.java‎
Lines changed: 1 addition & 1 deletion b/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyRpcServerPreambleHandler.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyServerRpcConnection.java‎
Lines changed: 5 additions & 5 deletions b/‎hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/NettyServerRpcConnection.java‎
Lines changed: 5 additions & 5 deletions
@@ -188,4 +188,13 @@ public static UserGroupInformation loginAndReturnUGI(Configuration conf, String
       UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFileLocation);
     return ugi;
   }
+
+  public static UserGroupInformation loginKerberosPrincipal(String krbKeytab, String krbPrincipal)
+    throws Exception {
+    Configuration conf = new Configuration();
+    conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
+    UserGroupInformation.setConfiguration(conf);
+    UserGroupInformation.loginUserFromKeytab(krbPrincipal, krbKeytab);
+    return UserGroupInformation.getLoginUser();
+  }
 }
@@ -222,7 +222,8 @@ private void saslNegotiate(final Channel ch) {
       return;
     }
     ch.pipeline().addBefore(BufferCallBeforeInitHandler.NAME, null, new SaslChallengeDecoder())
-      .addBefore(BufferCallBeforeInitHandler.NAME, null, saslHandler);
+      .addBefore(BufferCallBeforeInitHandler.NAME, NettyHBaseSaslRpcClientHandler.HANDLER_NAME,
+        saslHandler);
     NettyFutureUtils.addListener(saslPromise, new FutureListener<Boolean>() {
 
       @Override
 
@@ -45,16 +45,16 @@ public NettyHBaseSaslRpcClient(Configuration conf, SaslClientAuthenticationProvi
     super(conf, provider, token, serverAddr, securityInfo, fallbackAllowed, rpcProtection);
   }
 
-  public void setupSaslHandler(ChannelPipeline p) {
+  public void setupSaslHandler(ChannelPipeline p, String addAfter) {
     String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);
     LOG.trace("SASL client context established. Negotiated QoP {}", qop);
     if (qop == null || "auth".equalsIgnoreCase(qop)) {
       return;
     }
     // add wrap and unwrap handlers to pipeline.
-    p.addFirst(new SaslWrapHandler(saslClient::wrap),
-      new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4),
-      new SaslUnwrapHandler(saslClient::unwrap));
+    p.addAfter(addAfter, null, new SaslUnwrapHandler(saslClient::unwrap))
+      .addAfter(addAfter, null, new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4))
+      .addAfter(addAfter, null, new SaslWrapHandler(saslClient::wrap));
   }
 
   public String getSaslQOP() {
 
@@ -47,6 +47,8 @@ public class NettyHBaseSaslRpcClientHandler extends SimpleChannelInboundHandler<
 
   private static final Logger LOG = LoggerFactory.getLogger(NettyHBaseSaslRpcClientHandler.class);
 
+  public static final String HANDLER_NAME = "SaslRpcClientHandler";
+
   private final Promise<Boolean> saslPromise;
 
   private final UserGroupInformation ugi;
@@ -86,7 +88,7 @@ private void tryComplete(ChannelHandlerContext ctx) {
     }
 
     ChannelPipeline p = ctx.pipeline();
-    saslRpcClient.setupSaslHandler(p);
+    saslRpcClient.setupSaslHandler(p, HANDLER_NAME);
     p.remove(SaslChallengeDecoder.class);
     p.remove(this);
 
 
@@ -89,11 +89,11 @@ protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Excep
       boolean useWrap = qop != null && !"auth".equalsIgnoreCase(qop);
       ChannelPipeline p = ctx.pipeline();
       if (useWrap) {
-        p.addFirst(new SaslWrapHandler(saslServer::wrap));
-        p.addLast(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4),
+        p.addBefore(DECODER_NAME, null, new SaslWrapHandler(saslServer::wrap)).addLast(
+          new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4),
           new SaslUnwrapHandler(saslServer::unwrap));
       }
-      conn.setupDecoder();
+      conn.setupHandler();
       p.remove(this);
       p.remove(DECODER_NAME);
     }
 
@@ -124,9 +124,8 @@ protected void initChannel(Channel ch) throws Exception {
           if (conf.getBoolean(HBASE_SERVER_NETTY_TLS_ENABLED, false)) {
             initSSL(pipeline, conf.getBoolean(HBASE_SERVER_NETTY_TLS_SUPPORTPLAINTEXT, true));
           }
-          pipeline.addLast(NettyRpcServerPreambleHandler.DECODER_NAME, preambleDecoder);
-          pipeline.addLast(createNettyRpcServerPreambleHandler(),
-            new NettyRpcServerResponseEncoder(metrics));
+          pipeline.addLast(NettyRpcServerPreambleHandler.DECODER_NAME, preambleDecoder)
+            .addLast(createNettyRpcServerPreambleHandler());
         }
       });
     try {
 
@@ -61,7 +61,7 @@ protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Excep
       p.addLast(NettyHBaseSaslRpcServerHandler.DECODER_NAME, decoder);
       p.addLast(new NettyHBaseSaslRpcServerHandler(rpcServer, conn));
     } else {
-      conn.setupDecoder();
+      conn.setupHandler();
     }
     // add first and then remove, so the single decode decoder will pass the remaining bytes to the
     // handler above.
 
@@ -33,7 +33,6 @@
 import org.apache.hbase.thirdparty.com.google.protobuf.Message;
 import org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf;
 import org.apache.hbase.thirdparty.io.netty.channel.Channel;
-import org.apache.hbase.thirdparty.io.netty.channel.ChannelPipeline;
 
 import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.RequestHeader;
 
@@ -70,10 +69,11 @@ class NettyServerRpcConnection extends ServerRpcConnection {
     this.remotePort = inetSocketAddress.getPort();
   }
 
-  void setupDecoder() {
-    ChannelPipeline p = channel.pipeline();
-    p.addLast("frameDecoder", new NettyRpcFrameDecoder(rpcServer.maxRequestSize, this));
-    p.addLast("decoder", new NettyRpcServerRequestDecoder(rpcServer.metrics, this));
+  void setupHandler() {
+    channel.pipeline()
+      .addLast("frameDecoder", new NettyRpcFrameDecoder(rpcServer.maxRequestSize, this))
+      .addLast("decoder", new NettyRpcServerRequestDecoder(rpcServer.metrics, this))
+      .addLast("encoder", new NettyRpcServerResponseEncoder(rpcServer.metrics));
   }
 
   void process(ByteBuf buf) throws IOException, InterruptedException {
Original file line number	Diff line number	Diff line change
`@@ -188,4 +188,13 @@ public static UserGroupInformation loginAndReturnUGI(Configuration conf, String`
`188`	`188`	`UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFileLocation);`
`189`	`189`	`return ugi;`
`190`	`190`	`}`
	`191`	`+`
	`192`	`+ public static UserGroupInformation loginKerberosPrincipal(String krbKeytab, String krbPrincipal)`
	`193`	`+ throws Exception {`
	`194`	`+ Configuration conf = new Configuration();`
	`195`	`+ conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");`
	`196`	`+ UserGroupInformation.setConfiguration(conf);`
	`197`	`+ UserGroupInformation.loginUserFromKeytab(krbPrincipal, krbKeytab);`
	`198`	`+ return UserGroupInformation.getLoginUser();`
	`199`	`+ }`
`191`	`200`	`}`
Original file line number	Diff line number	Diff line change
`@@ -222,7 +222,8 @@ private void saslNegotiate(final Channel ch) {`
`222`	`222`	`return;`
`223`	`223`	`}`
`224`	`224`	`ch.pipeline().addBefore(BufferCallBeforeInitHandler.NAME, null, new SaslChallengeDecoder())`
`225`		`- .addBefore(BufferCallBeforeInitHandler.NAME, null, saslHandler);`
	`225`	`+ .addBefore(BufferCallBeforeInitHandler.NAME, NettyHBaseSaslRpcClientHandler.HANDLER_NAME,`
	`226`	`+ saslHandler);`
`226`	`227`	`NettyFutureUtils.addListener(saslPromise, new FutureListener<Boolean>() {`
`227`	`228`
`228`	`229`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -45,16 +45,16 @@ public NettyHBaseSaslRpcClient(Configuration conf, SaslClientAuthenticationProvi`
`45`	`45`	`super(conf, provider, token, serverAddr, securityInfo, fallbackAllowed, rpcProtection);`
`46`	`46`	`}`
`47`	`47`
`48`		`- public void setupSaslHandler(ChannelPipeline p) {`
	`48`	`+ public void setupSaslHandler(ChannelPipeline p, String addAfter) {`
`49`	`49`	`String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);`
`50`	`50`	`LOG.trace("SASL client context established. Negotiated QoP {}", qop);`
`51`	`51`	`if (qop == null \|\| "auth".equalsIgnoreCase(qop)) {`
`52`	`52`	`return;`
`53`	`53`	`}`
`54`	`54`	`// add wrap and unwrap handlers to pipeline.`
`55`		`- p.addFirst(new SaslWrapHandler(saslClient::wrap),`
`56`		`- new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4),`
`57`		`- new SaslUnwrapHandler(saslClient::unwrap));`
	`55`	`+ p.addAfter(addAfter, null, new SaslUnwrapHandler(saslClient::unwrap))`
	`56`	`+ .addAfter(addAfter, null, new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4))`
	`57`	`+ .addAfter(addAfter, null, new SaslWrapHandler(saslClient::wrap));`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`public String getSaslQOP() {`
Original file line number	Diff line number	Diff line change
`@@ -124,9 +124,8 @@ protected void initChannel(Channel ch) throws Exception {`
`124`	`124`	`if (conf.getBoolean(HBASE_SERVER_NETTY_TLS_ENABLED, false)) {`
`125`	`125`	`initSSL(pipeline, conf.getBoolean(HBASE_SERVER_NETTY_TLS_SUPPORTPLAINTEXT, true));`
`126`	`126`	`}`
`127`		`- pipeline.addLast(NettyRpcServerPreambleHandler.DECODER_NAME, preambleDecoder);`
`128`		`- pipeline.addLast(createNettyRpcServerPreambleHandler(),`
`129`		`- new NettyRpcServerResponseEncoder(metrics));`
	`127`	`+ pipeline.addLast(NettyRpcServerPreambleHandler.DECODER_NAME, preambleDecoder)`
	`128`	`+ .addLast(createNettyRpcServerPreambleHandler());`
`130`	`129`	`}`
`131`	`130`	`});`
`132`	`131`	`try {`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Excep`
`61`	`61`	`p.addLast(NettyHBaseSaslRpcServerHandler.DECODER_NAME, decoder);`
`62`	`62`	`p.addLast(new NettyHBaseSaslRpcServerHandler(rpcServer, conn));`
`63`	`63`	`} else {`
`64`		`- conn.setupDecoder();`
	`64`	`+ conn.setupHandler();`
`65`	`65`	`}`
`66`	`66`	`// add first and then remove, so the single decode decoder will pass the remaining bytes to the`
`67`	`67`	`// handler above.`