HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not getting called in for authorization. (#1998)
Reviewed-by: Arpit Agarwal <arp@apache.org>
(cherry picked from commit adecdb8b53
)
This commit is contained in:
parent
8809b43fb9
commit
78c97907cb
@ -73,6 +73,7 @@
|
|||||||
import java.io.Closeable;
|
import java.io.Closeable;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
@ -225,8 +226,18 @@ public void setINodeAttributeProvider(
|
|||||||
Class[] cArg = new Class[1];
|
Class[] cArg = new Class[1];
|
||||||
cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
|
cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
|
||||||
|
|
||||||
|
INodeAttributeProvider.AccessControlEnforcer enforcer =
|
||||||
|
attributeProvider.getExternalAccessControlEnforcer(null);
|
||||||
|
|
||||||
|
// If external enforcer is null, we use the default enforcer, which
|
||||||
|
// supports the new API.
|
||||||
|
if (enforcer == null) {
|
||||||
|
useAuthorizationWithContextAPI = true;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Class<?> clazz = attributeProvider.getClass();
|
Class<?> clazz = enforcer.getClass();
|
||||||
clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
|
clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
|
||||||
useAuthorizationWithContextAPI = true;
|
useAuthorizationWithContextAPI = true;
|
||||||
LOG.info("Use the new authorization provider API");
|
LOG.info("Use the new authorization provider API");
|
||||||
|
Loading…
Reference in New Issue
Block a user