HADOOP-17164. UGI loginUserFromKeytab doesn't set the last login time (#2178)
Contributed by Sandeep Guggilam. Signed-off-by: Mingliang Liu <liuml07@apache.org> Signed-off-by: Steve Loughran <stevel@apache.org>
This commit is contained in:
parent
8fd4f5490f
commit
2986058e7f
@ -529,6 +529,14 @@ private void setLogin(LoginContext login) {
|
|||||||
user.setLogin(login);
|
user.setLogin(login);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the last login time for logged in user
|
||||||
|
* @param loginTime the number of milliseconds since the beginning of time
|
||||||
|
*/
|
||||||
|
private void setLastLogin(long loginTime) {
|
||||||
|
user.setLastLogin(loginTime);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a UserGroupInformation for the given subject.
|
* Create a UserGroupInformation for the given subject.
|
||||||
* This does not change the subject or acquire new credentials.
|
* This does not change the subject or acquire new credentials.
|
||||||
@ -1968,6 +1976,7 @@ private static UserGroupInformation doSubjectLogin(
|
|||||||
if (subject == null) {
|
if (subject == null) {
|
||||||
params.put(LoginParam.PRINCIPAL, ugi.getUserName());
|
params.put(LoginParam.PRINCIPAL, ugi.getUserName());
|
||||||
ugi.setLogin(login);
|
ugi.setLogin(login);
|
||||||
|
ugi.setLastLogin(Time.now());
|
||||||
}
|
}
|
||||||
return ugi;
|
return ugi;
|
||||||
} catch (LoginException le) {
|
} catch (LoginException le) {
|
||||||
|
@ -23,6 +23,7 @@
|
|||||||
import org.apache.hadoop.minikdc.MiniKdc;
|
import org.apache.hadoop.minikdc.MiniKdc;
|
||||||
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
||||||
import org.apache.hadoop.test.GenericTestUtils;
|
import org.apache.hadoop.test.GenericTestUtils;
|
||||||
|
import org.apache.hadoop.util.Time;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
@ -101,12 +102,35 @@ public void stopMiniKdc() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Login from keytab using the MiniKDC.
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testUGILoginFromKeytab() throws Exception {
|
||||||
|
long beforeLogin = Time.now();
|
||||||
|
String principal = "foo";
|
||||||
|
File keytab = new File(workDir, "foo.keytab");
|
||||||
|
kdc.createPrincipal(keytab, principal);
|
||||||
|
|
||||||
|
UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath());
|
||||||
|
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
|
||||||
|
Assert.assertTrue("UGI should be configured to login from keytab",
|
||||||
|
ugi.isFromKeytab());
|
||||||
|
|
||||||
|
User user = getUser(ugi.getSubject());
|
||||||
|
Assert.assertNotNull(user.getLogin());
|
||||||
|
|
||||||
|
Assert.assertTrue("User login time is less than before login time, "
|
||||||
|
+ "beforeLoginTime:" + beforeLogin + " userLoginTime:" + user.getLastLogin(),
|
||||||
|
user.getLastLogin() > beforeLogin);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Login from keytab using the MiniKDC and verify the UGI can successfully
|
* Login from keytab using the MiniKDC and verify the UGI can successfully
|
||||||
* relogin from keytab as well. This will catch regressions like HADOOP-10786.
|
* relogin from keytab as well. This will catch regressions like HADOOP-10786.
|
||||||
*/
|
*/
|
||||||
@Test
|
@Test
|
||||||
public void testUGILoginFromKeytab() throws Exception {
|
public void testUGIReLoginFromKeytab() throws Exception {
|
||||||
String principal = "foo";
|
String principal = "foo";
|
||||||
File keytab = new File(workDir, "foo.keytab");
|
File keytab = new File(workDir, "foo.keytab");
|
||||||
kdc.createPrincipal(keytab, principal);
|
kdc.createPrincipal(keytab, principal);
|
||||||
@ -122,6 +146,9 @@ public void testUGILoginFromKeytab() throws Exception {
|
|||||||
final LoginContext login1 = user.getLogin();
|
final LoginContext login1 = user.getLogin();
|
||||||
Assert.assertNotNull(login1);
|
Assert.assertNotNull(login1);
|
||||||
|
|
||||||
|
// Sleep for 2 secs to have a difference between first and second login
|
||||||
|
Thread.sleep(2000);
|
||||||
|
|
||||||
ugi.reloginFromKeytab();
|
ugi.reloginFromKeytab();
|
||||||
final long secondLogin = user.getLastLogin();
|
final long secondLogin = user.getLastLogin();
|
||||||
final LoginContext login2 = user.getLogin();
|
final LoginContext login2 = user.getLogin();
|
||||||
|
Loading…
Reference in New Issue
Block a user