HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token auth type. (daryn)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1366440 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
9c5bd764fc
commit
b3b72482e4
@ -854,6 +854,9 @@ Release 0.23.3 - UNRELEASED
|
|||||||
HADOOP-8551. fs -mkdir creates parent directories without the -p option
|
HADOOP-8551. fs -mkdir creates parent directories without the -p option
|
||||||
(John George via bobby)
|
(John George via bobby)
|
||||||
|
|
||||||
|
HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token
|
||||||
|
auth type. (daryn)
|
||||||
|
|
||||||
Release 0.23.2 - UNRELEASED
|
Release 0.23.2 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -29,6 +29,7 @@
|
|||||||
import org.apache.hadoop.io.WritableUtils;
|
import org.apache.hadoop.io.WritableUtils;
|
||||||
import org.apache.hadoop.security.HadoopKerberosName;
|
import org.apache.hadoop.security.HadoopKerberosName;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
||||||
import org.apache.hadoop.security.token.TokenIdentifier;
|
import org.apache.hadoop.security.token.TokenIdentifier;
|
||||||
|
|
||||||
import com.google.common.annotations.VisibleForTesting;
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
@ -88,14 +89,17 @@ public UserGroupInformation getUser() {
|
|||||||
if ( (owner == null) || ("".equals(owner.toString()))) {
|
if ( (owner == null) || ("".equals(owner.toString()))) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
final UserGroupInformation realUgi;
|
||||||
|
final UserGroupInformation ugi;
|
||||||
if ((realUser == null) || ("".equals(realUser.toString()))
|
if ((realUser == null) || ("".equals(realUser.toString()))
|
||||||
|| realUser.equals(owner)) {
|
|| realUser.equals(owner)) {
|
||||||
return UserGroupInformation.createRemoteUser(owner.toString());
|
ugi = realUgi = UserGroupInformation.createRemoteUser(owner.toString());
|
||||||
} else {
|
} else {
|
||||||
UserGroupInformation realUgi = UserGroupInformation
|
realUgi = UserGroupInformation.createRemoteUser(realUser.toString());
|
||||||
.createRemoteUser(realUser.toString());
|
ugi = UserGroupInformation.createProxyUser(owner.toString(), realUgi);
|
||||||
return UserGroupInformation.createProxyUser(owner.toString(), realUgi);
|
|
||||||
}
|
}
|
||||||
|
realUgi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
|
||||||
|
return ugi;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Text getOwner() {
|
public Text getOwner() {
|
||||||
|
@ -40,6 +40,8 @@
|
|||||||
import org.apache.hadoop.io.Text;
|
import org.apache.hadoop.io.Text;
|
||||||
import org.apache.hadoop.io.Writable;
|
import org.apache.hadoop.io.Writable;
|
||||||
import org.apache.hadoop.security.AccessControlException;
|
import org.apache.hadoop.security.AccessControlException;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
||||||
import org.apache.hadoop.security.token.SecretManager;
|
import org.apache.hadoop.security.token.SecretManager;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
|
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
|
||||||
@ -171,6 +173,52 @@ private void shouldThrow(PrivilegedExceptionAction<Object> action,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetUserNullOwner() {
|
||||||
|
TestDelegationTokenIdentifier ident =
|
||||||
|
new TestDelegationTokenIdentifier(null, null, null);
|
||||||
|
UserGroupInformation ugi = ident.getUser();
|
||||||
|
assertNull(ugi);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetUserWithOwner() {
|
||||||
|
TestDelegationTokenIdentifier ident =
|
||||||
|
new TestDelegationTokenIdentifier(new Text("owner"), null, null);
|
||||||
|
UserGroupInformation ugi = ident.getUser();
|
||||||
|
assertNull(ugi.getRealUser());
|
||||||
|
assertEquals("owner", ugi.getUserName());
|
||||||
|
assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetUserWithOwnerEqualsReal() {
|
||||||
|
Text owner = new Text("owner");
|
||||||
|
TestDelegationTokenIdentifier ident =
|
||||||
|
new TestDelegationTokenIdentifier(owner, null, owner);
|
||||||
|
UserGroupInformation ugi = ident.getUser();
|
||||||
|
assertNull(ugi.getRealUser());
|
||||||
|
assertEquals("owner", ugi.getUserName());
|
||||||
|
assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetUserWithOwnerAndReal() {
|
||||||
|
Text owner = new Text("owner");
|
||||||
|
Text realUser = new Text("realUser");
|
||||||
|
TestDelegationTokenIdentifier ident =
|
||||||
|
new TestDelegationTokenIdentifier(owner, null, realUser);
|
||||||
|
UserGroupInformation ugi = ident.getUser();
|
||||||
|
assertNotNull(ugi.getRealUser());
|
||||||
|
assertNull(ugi.getRealUser().getRealUser());
|
||||||
|
assertEquals("owner", ugi.getUserName());
|
||||||
|
assertEquals("realUser", ugi.getRealUser().getUserName());
|
||||||
|
assertEquals(AuthenticationMethod.PROXY,
|
||||||
|
ugi.getAuthenticationMethod());
|
||||||
|
assertEquals(AuthenticationMethod.TOKEN,
|
||||||
|
ugi.getRealUser().getAuthenticationMethod());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDelegationTokenSecretManager() throws Exception {
|
public void testDelegationTokenSecretManager() throws Exception {
|
||||||
final TestDelegationTokenSecretManager dtSecretManager =
|
final TestDelegationTokenSecretManager dtSecretManager =
|
||||||
|
@ -578,7 +578,6 @@ public static UserGroupInformation getUGI(ServletContext context,
|
|||||||
ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
|
ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
|
||||||
}
|
}
|
||||||
ugi.addToken(token);
|
ugi.addToken(token);
|
||||||
ugi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
|
|
||||||
} else {
|
} else {
|
||||||
if(remoteUser == null) {
|
if(remoteUser == null) {
|
||||||
throw new IOException("Security enabled but user not " +
|
throw new IOException("Security enabled but user not " +
|
||||||
|
Loading…
Reference in New Issue
Block a user