HDFS-3639. JspHelper#getUGI should always verify the token if security is enabled. Contributed by Eli Collins
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1360485 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
4c13b6f34e
commit
8ced7381a4
@ -454,6 +454,9 @@ Branch-2 ( Unreleased changes )
|
|||||||
|
|
||||||
HDFS-3615. Two BlockTokenSecretManager findbugs warnings. (atm)
|
HDFS-3615. Two BlockTokenSecretManager findbugs warnings. (atm)
|
||||||
|
|
||||||
|
HDFS-3639. JspHelper#getUGI should always verify the token if
|
||||||
|
security is enabled. (eli)
|
||||||
|
|
||||||
BREAKDOWN OF HDFS-3042 SUBTASKS
|
BREAKDOWN OF HDFS-3042 SUBTASKS
|
||||||
|
|
||||||
HDFS-2185. HDFS portion of ZK-based FailoverController (todd)
|
HDFS-2185. HDFS portion of ZK-based FailoverController (todd)
|
||||||
|
@ -44,7 +44,6 @@
|
|||||||
import org.apache.hadoop.fs.Path;
|
import org.apache.hadoop.fs.Path;
|
||||||
import org.apache.hadoop.hdfs.BlockReader;
|
import org.apache.hadoop.hdfs.BlockReader;
|
||||||
import org.apache.hadoop.hdfs.BlockReaderFactory;
|
import org.apache.hadoop.hdfs.BlockReaderFactory;
|
||||||
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
|
||||||
import org.apache.hadoop.hdfs.DFSUtil;
|
import org.apache.hadoop.hdfs.DFSUtil;
|
||||||
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
|
import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
|
||||||
import org.apache.hadoop.hdfs.protocol.ExtendedBlock;
|
import org.apache.hadoop.hdfs.protocol.ExtendedBlock;
|
||||||
@ -59,7 +58,6 @@
|
|||||||
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
|
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
|
||||||
import org.apache.hadoop.hdfs.web.resources.UserParam;
|
import org.apache.hadoop.hdfs.web.resources.UserParam;
|
||||||
import org.apache.hadoop.http.HtmlQuoting;
|
import org.apache.hadoop.http.HtmlQuoting;
|
||||||
import org.apache.hadoop.io.Text;
|
|
||||||
import org.apache.hadoop.net.NetUtils;
|
import org.apache.hadoop.net.NetUtils;
|
||||||
import org.apache.hadoop.security.AccessControlException;
|
import org.apache.hadoop.security.AccessControlException;
|
||||||
import org.apache.hadoop.security.SecurityUtil;
|
import org.apache.hadoop.security.SecurityUtil;
|
||||||
@ -557,13 +555,8 @@ public static UserGroupInformation getUGI(ServletContext context,
|
|||||||
DataInputStream in = new DataInputStream(buf);
|
DataInputStream in = new DataInputStream(buf);
|
||||||
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
|
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
|
||||||
id.readFields(in);
|
id.readFields(in);
|
||||||
if (context != null) {
|
|
||||||
final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context);
|
final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context);
|
||||||
if (nn != null) {
|
|
||||||
// Verify the token.
|
|
||||||
nn.getNamesystem().verifyToken(id, token.getPassword());
|
nn.getNamesystem().verifyToken(id, token.getPassword());
|
||||||
}
|
|
||||||
}
|
|
||||||
ugi = id.getUser();
|
ugi = id.getUser();
|
||||||
if (ugi.getRealUser() == null) {
|
if (ugi.getRealUser() == null) {
|
||||||
//non-proxy case
|
//non-proxy case
|
||||||
|
Loading…
Reference in New Issue
Block a user