Package org.apache.hadoop.security

Class SecurityUtil.QualifiedHostResolver

java.lang.Object

org.apache.hadoop.security.SecurityUtil.QualifiedHostResolver

Enclosing class:

SecurityUtil

protected static class SecurityUtil.QualifiedHostResolver
extends Object

This an alternate resolver with important properties that the standard java resolver lacks: 1) The hostname is fully qualified. This avoids security issues if not all hosts in the cluster do not share the same search domains. It also prevents other hosts from performing unnecessary dns searches. In contrast, InetAddress simply returns the host as given. 2) The InetAddress is instantiated with an exact host and IP to prevent further unnecessary lookups. InetAddress may perform an unnecessary reverse lookup for an IP. 3) A call to getHostName() will always return the qualified hostname, or more importantly, the IP if instantiated with an IP. This avoids unnecessary dns timeouts if the host is not resolvable. 4) Point 3 also ensures that if the host is re-resolved, ex. during a connection re-attempt, that a reverse lookup to host and forward lookup to IP is not performed since the reverse/forward mappings may not always return the same IP. If the client initiated a connection with an IP, then that IP is all that should ever be contacted. NOTE: this resolver is only used if: hadoop.security.token.service.use_ip=false

Method Summary

Modifier and Type	Method	Description
InetAddress	getByName(String host)
org.apache.hadoop.thirdparty.com.google.common.cache.LoadingCache<String,InetAddress>	getCache()
InetAddress	resolve(String host)	Create an InetAddress with a fully qualified hostname of the given hostname.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

resolve

public InetAddress resolve(String host)
                    throws UnknownHostException

Create an InetAddress with a fully qualified hostname of the given hostname. InetAddress does not qualify an incomplete hostname that is resolved via the domain search list. InetAddress.getCanonicalHostName() will fully qualify the hostname, but it always return the A record whereas the given hostname may be a CNAME.

Parameters:

host - a hostname or ip address

Returns:

InetAddress with the fully qualified hostname or ip

Throws:

UnknownHostException - if host does not exist

getByName

public InetAddress getByName(String host)
                      throws UnknownHostException

Throws:

UnknownHostException

getCache

@VisibleForTesting
public org.apache.hadoop.thirdparty.com.google.common.cache.LoadingCache<String,InetAddress> getCache()