From 8a4f03cb7028c86578663b8d1f1a4171c59c1e52 Mon Sep 17 00:00:00 2001 From: Daryn Sharp Date: Thu, 7 Mar 2013 19:58:04 +0000 Subject: [PATCH] HDFS-4566. Webdhfs token cancelation should use authentication (daryn) git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1454059 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 2 ++ .../java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java | 3 ++- .../test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java | 5 +++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 5a2d45821c..88c99429b5 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -2374,6 +2374,8 @@ Release 0.23.7 - UNRELEASED HDFS-4560. Webhdfs cannot use tokens obtained by another user (daryn) + HDFS-4566. Webdhfs token cancelation should use authentication (daryn) + Release 0.23.6 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java index 9af3b1d124..32c37b19dd 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java @@ -341,7 +341,8 @@ Param[] getAuthParameters(final HttpOpParam.Op op) throws IOException { boolean hasToken = false; if (UserGroupInformation.isSecurityEnabled() && op != GetOpParam.Op.GETDELEGATIONTOKEN && - op != PutOpParam.Op.RENEWDELEGATIONTOKEN) { + op != PutOpParam.Op.RENEWDELEGATIONTOKEN && + op != PutOpParam.Op.CANCELDELEGATIONTOKEN) { synchronized (this) { hasToken = (delegationToken != null); if (hasToken) { diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java index 79e9ead1b8..234f851956 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java @@ -140,8 +140,8 @@ public void testSecureAuthParamsInUrl() throws IOException { checkQueryParams( new String[]{ PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(), + new UserParam(ugi.getShortUserName()).toString(), new TokenArgumentParam(tokenString).toString(), - new DelegationParam(tokenString).toString() }, cancelTokenUrl); @@ -223,8 +223,9 @@ public void testSecureProxyAuthParamsInUrl() throws IOException { checkQueryParams( new String[]{ PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(), + new UserParam(ugi.getRealUser().getShortUserName()).toString(), + new DoAsParam(ugi.getShortUserName()).toString(), new TokenArgumentParam(tokenString).toString(), - new DelegationParam(tokenString).toString() }, cancelTokenUrl);