From adecdb8b534c536354f4f47789467ffb82dd1496 Mon Sep 17 00:00:00 2001 From: Wei-Chiu Chuang Date: Tue, 5 May 2020 16:04:54 -0700 Subject: [PATCH] HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not getting called in for authorization. (#1998) Reviewed-by: Arpit Agarwal --- .../hadoop/hdfs/server/namenode/FSDirectory.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java index 15389d614d..7eae564e2d 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java @@ -73,6 +73,7 @@ import java.io.Closeable; import java.io.FileNotFoundException; import java.io.IOException; +import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -225,8 +226,18 @@ public void setINodeAttributeProvider( Class[] cArg = new Class[1]; cArg[0] = INodeAttributeProvider.AuthorizationContext.class; + INodeAttributeProvider.AccessControlEnforcer enforcer = + attributeProvider.getExternalAccessControlEnforcer(null); + + // If external enforcer is null, we use the default enforcer, which + // supports the new API. + if (enforcer == null) { + useAuthorizationWithContextAPI = true; + return; + } + try { - Class clazz = attributeProvider.getClass(); + Class clazz = enforcer.getClass(); clazz.getDeclaredMethod("checkPermissionWithContext", cArg); useAuthorizationWithContextAPI = true; LOG.info("Use the new authorization provider API");