Client
private Connection getConnection(ConnectionId remoteId,
Call call, int serviceClass, AtomicBoolean fallbackToSimpleAuth)
-->
connection.setupIOstreams(fallbackToSimpleAuth);
--> 切换realUser的UGI建立Sasl连接
UserGroupInformation ticket = remoteId.getTicket();
if (ticket != null) {
final UserGroupInformation realUser = ticket.getRealUser();
if (realUser != null) {
ticket = realUser;
}
}
--> 创建socket
setupConnection()
ipcStreams = new IpcStreams(socket, maxResponseLength);
先发送connection header
/**
* Write the connection header - this is sent when connection is established
* +----------------------------------+
* | "hrpc" 4 bytes |
* +----------------------------------+
* | Version (1 byte) |
* +----------------------------------+
* | Service Class (1 byte) |
* +----------------------------------+
* | AuthProtocol (1 byte) |
* +----------------------------------+
*/
writeConnectionHeader(ipcStreams);
如果kerbos enabled, 使用Sasl
//boolean trySasl = UserGroupInformation.isSecurityEnabled() ||
// (ticket != null && !ticket.getTokens().isEmpty());
//this.authProtocol = trySasl ? AuthProtocol.SASL : AuthProtocol.NONE;
if (authProtocol == AuthProtocol.SASL) {
try {
authMethod = ticket
.doAs(new PrivilegedExceptionAction<AuthMethod>() {
@Override
public AuthMethod run()
throws IOException, InterruptedException {
创建SaslConnection
return setupSaslConnection(ipcStreams);
}
});
private synchronized AuthMethod setupSaslConnection(IpcStreams streams)
throws IOException {
// Do not use Client.conf here! We must use ConnectionId.conf, since the
// Client object is cached and shared between all RPC clients, even those
// for separate services.
saslRpcClient &#