Google Git
Sign in
apache / hadoop / refs/heads/branch-3.2^! / .
commit2a8a893aa338fc6e02b91f382019e6ee3a7911d9[log] [tgz]
authorZilong Zhu <zhuzilong2013@gmail.com>Sat Mar 29 05:34:08 2025 +0800
committerWei-Chiu Chuang <weichiu@apache.org>Fri Mar 28 14:36:15 2025 -0700
tree8d5040f63bac867765bb3c0a6da16e5bc4a580a7
parentfeef3319fbfa622b5585d6dd76e2759ae68ebd0e [diff]
HDFS-16644. java.io.IOException Invalid token in javax.security.sasl.qop (#5962)

(cherry picked from commit 9d93d08a388badb3a7b4211f9ff4ae3b783869d7)
(cherry picked from commit cc0580c6ac42573977074476f52009e2debe6ab9)
(cherry picked from commit 273648587259eb842e25e85a256e4cf167f5a378)

diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
index e65bcd7..cb78d4e 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocol/datatransfer/sasl/SaslDataTransferServer.java

@@ -30,6 +30,7 @@
 import java.io.OutputStream;
 import java.util.List;
 import java.util.Map;
+import java.util.TreeMap;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -378,14 +379,16 @@ private IOStreamPair doSaslHandshake(Peer peer, OutputStream underlyingOut,
       SaslMessageWithHandshake message = readSaslMessageWithHandshakeSecret(in);
       byte[] secret = message.getSecret();
       String bpid = message.getBpid();
+      Map<String, String> dynamicSaslProps = new TreeMap<>(saslProps);
       if (secret != null || bpid != null) {
         // sanity check, if one is null, the other must also not be null
         assert(secret != null && bpid != null);
         String qop = new String(secret, Charsets.UTF_8);
         saslProps.put(Sasl.QOP, qop);
+        dynamicSaslProps.put(Sasl.QOP, qop);
       }
       SaslParticipant sasl = SaslParticipant.createServerSaslParticipant(
-          saslProps, callbackHandler);
+          dynamicSaslProps, callbackHandler);
 
       byte[] remoteResponse = message.getPayload();
       byte[] localResponse = sasl.evaluateChallengeOrResponse(remoteResponse);
@@ -398,7 +401,7 @@ private IOStreamPair doSaslHandshake(Peer peer, OutputStream underlyingOut,
       localResponse = sasl.evaluateChallengeOrResponse(remoteResponse);
 
       // SASL handshake is complete
-      checkSaslComplete(sasl, saslProps);
+      checkSaslComplete(sasl, dynamicSaslProps);
 
       CipherOption cipherOption = null;
       negotiatedQOP = sasl.getNegotiatedQop();