HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to determine if in proxyuser mode or not. (tucu)
This commit is contained in:
parent
71c8d735f5
commit
0f3c19c1bb
@ -765,6 +765,9 @@ Release 2.6.0 - UNRELEASED
|
||||
HADOOP-11067. warning message 'ssl.client.truststore.location has not
|
||||
been set' gets printed for hftp command. (Xiaoyu Yao via Arpit Agarwal)
|
||||
|
||||
HADOOP-11069. KMSClientProvider should use getAuthenticationMethod() to
|
||||
determine if in proxyuser mode or not. (tucu)
|
||||
|
||||
Release 2.5.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
@ -385,9 +385,9 @@ private HttpURLConnection createConnection(final URL url, String method)
|
||||
// if current UGI is different from UGI at constructor time, behave as
|
||||
// proxyuser
|
||||
UserGroupInformation currentUgi = UserGroupInformation.getCurrentUser();
|
||||
final String doAsUser =
|
||||
(loginUgi.getShortUserName().equals(currentUgi.getShortUserName()))
|
||||
? null : currentUgi.getShortUserName();
|
||||
final String doAsUser = (currentUgi.getAuthenticationMethod() ==
|
||||
UserGroupInformation.AuthenticationMethod.PROXY)
|
||||
? currentUgi.getShortUserName() : null;
|
||||
|
||||
// creating the HTTP connection using the current UGI at constructor time
|
||||
conn = loginUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
|
||||
|
@ -1157,7 +1157,7 @@ public Void call() throws Exception {
|
||||
final URI uri = createKMSUri(getKMSUrl());
|
||||
|
||||
// proxyuser client using kerberos credentials
|
||||
UserGroupInformation clientUgi = UserGroupInformation.
|
||||
final UserGroupInformation clientUgi = UserGroupInformation.
|
||||
loginUserFromKeytabAndReturnUGI("client", keytab.getAbsolutePath());
|
||||
clientUgi.doAs(new PrivilegedExceptionAction<Void>() {
|
||||
@Override
|
||||
@ -1167,7 +1167,7 @@ public Void run() throws Exception {
|
||||
|
||||
// authorized proxyuser
|
||||
UserGroupInformation fooUgi =
|
||||
UserGroupInformation.createRemoteUser("foo");
|
||||
UserGroupInformation.createProxyUser("foo", clientUgi);
|
||||
fooUgi.doAs(new PrivilegedExceptionAction<Void>() {
|
||||
@Override
|
||||
public Void run() throws Exception {
|
||||
@ -1179,7 +1179,7 @@ public Void run() throws Exception {
|
||||
|
||||
// unauthorized proxyuser
|
||||
UserGroupInformation foo1Ugi =
|
||||
UserGroupInformation.createRemoteUser("foo1");
|
||||
UserGroupInformation.createProxyUser("foo1", clientUgi);
|
||||
foo1Ugi.doAs(new PrivilegedExceptionAction<Void>() {
|
||||
@Override
|
||||
public Void run() throws Exception {
|
||||
|
Loading…
Reference in New Issue
Block a user