diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 85a86d1780..27094b5964 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -2425,6 +2425,9 @@ Release 0.23.7 - UNRELEASED HDFS-3344. Unreliable corrupt blocks counting in TestProcessCorruptBlocks (kihwal) + HDFS-3367. WebHDFS doesn't use the logged in user when opening + connections (daryn) + Release 0.23.6 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java index 2c4457d77b..d7369204a6 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java @@ -29,6 +29,7 @@ import java.net.MalformedURLException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -376,17 +377,6 @@ public class WebHdfsFileSystem extends FileSystem return url; } - private HttpURLConnection getHttpUrlConnection(URL url) - throws IOException, AuthenticationException { - final HttpURLConnection conn; - if (ugi.hasKerberosCredentials()) { - conn = new AuthenticatedURL(AUTH).openConnection(url, authToken); - } else { - conn = (HttpURLConnection)url.openConnection(); - } - return conn; - } - /** * Run a http operation. * Connect to the http server, validate response, and obtain the JSON output. @@ -431,6 +421,48 @@ public class WebHdfsFileSystem extends FileSystem this.conn = conn; } + private HttpURLConnection getHttpUrlConnection(final URL url) + throws IOException, AuthenticationException { + UserGroupInformation connectUgi = ugi.getRealUser(); + if (connectUgi == null) { + connectUgi = ugi; + } + try { + return connectUgi.doAs( + new PrivilegedExceptionAction() { + @Override + public HttpURLConnection run() throws IOException { + return openHttpUrlConnection(url); + } + }); + } catch (IOException ioe) { + Throwable cause = ioe.getCause(); + if (cause != null && cause instanceof AuthenticationException) { + throw (AuthenticationException)cause; + } + throw ioe; + } catch (InterruptedException e) { + throw new IOException(e); + } + } + + private HttpURLConnection openHttpUrlConnection(final URL url) + throws IOException { + final HttpURLConnection conn; + try { + if (op.getRequireAuth()) { + LOG.debug("open AuthenticatedURL connection"); + conn = new AuthenticatedURL(AUTH).openConnection(url, authToken); + } else { + LOG.debug("open URL connection"); + conn = (HttpURLConnection)url.openConnection(); + } + } catch (AuthenticationException e) { + throw new IOException(e); + } + return conn; + } + private void init() throws IOException { checkRetry = !redirected; try {