HADOOP-9336. Allow UGI of current connection to be queried. Contributed by Daryn Sharp.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1451376 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
2e02b92664
commit
c5368561f9
@ -1377,6 +1377,9 @@ Release 0.23.7 - UNRELEASED
|
|||||||
HADOOP-9067. provide test for LocalFileSystem.reportChecksumFailure
|
HADOOP-9067. provide test for LocalFileSystem.reportChecksumFailure
|
||||||
(Ivan A. Veselovsky via bobby)
|
(Ivan A. Veselovsky via bobby)
|
||||||
|
|
||||||
|
HADOOP-9336. Allow UGI of current connection to be queried. (Daryn Sharp
|
||||||
|
via kihwal)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
@ -313,6 +313,14 @@ public static String getRemoteAddress() {
|
|||||||
return (addr == null) ? null : addr.getHostAddress();
|
return (addr == null) ? null : addr.getHostAddress();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Returns the RPC remote user when invoked inside an RPC. Note this
|
||||||
|
* may be different than the current user if called within another doAs
|
||||||
|
* @return connection's UGI or null if not an RPC
|
||||||
|
*/
|
||||||
|
public static UserGroupInformation getRemoteUser() {
|
||||||
|
Call call = CurCall.get();
|
||||||
|
return (call != null) ? call.connection.user : null;
|
||||||
|
}
|
||||||
|
|
||||||
/** Return true if the invocation was through an RPC.
|
/** Return true if the invocation was through an RPC.
|
||||||
*/
|
*/
|
||||||
|
@ -127,6 +127,7 @@ public interface TestProtocol extends VersionedProtocol {
|
|||||||
public static final long versionID = 1L;
|
public static final long versionID = 1L;
|
||||||
|
|
||||||
String aMethod() throws IOException;
|
String aMethod() throws IOException;
|
||||||
|
String getServerRemoteUser() throws IOException;
|
||||||
}
|
}
|
||||||
|
|
||||||
public class TestImpl implements TestProtocol {
|
public class TestImpl implements TestProtocol {
|
||||||
@ -136,6 +137,11 @@ public String aMethod() throws IOException {
|
|||||||
return UserGroupInformation.getCurrentUser().toString();
|
return UserGroupInformation.getCurrentUser().toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getServerRemoteUser() throws IOException {
|
||||||
|
return Server.getRemoteUser().toString();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public long getProtocolVersion(String protocol, long clientVersion)
|
public long getProtocolVersion(String protocol, long clientVersion)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
@ -149,7 +155,23 @@ public ProtocolSignature getProtocolSignature(String protocol,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
private void checkRemoteUgi(final Server server,
|
||||||
|
final UserGroupInformation ugi, final Configuration conf)
|
||||||
|
throws Exception {
|
||||||
|
ugi.doAs(new PrivilegedExceptionAction<Void>() {
|
||||||
|
@Override
|
||||||
|
public Void run() throws IOException {
|
||||||
|
proxy = RPC.getProxy(
|
||||||
|
TestProtocol.class, TestProtocol.versionID,
|
||||||
|
NetUtils.getConnectAddress(server), conf);
|
||||||
|
Assert.assertEquals(ugi.toString(), proxy.aMethod());
|
||||||
|
Assert.assertEquals(ugi.toString(), proxy.getServerRemoteUser());
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test(timeout=4000)
|
||||||
public void testRealUserSetup() throws IOException {
|
public void testRealUserSetup() throws IOException {
|
||||||
final Configuration conf = new Configuration();
|
final Configuration conf = new Configuration();
|
||||||
conf.setStrings(ProxyUsers
|
conf.setStrings(ProxyUsers
|
||||||
@ -163,24 +185,13 @@ public void testRealUserSetup() throws IOException {
|
|||||||
try {
|
try {
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
final InetSocketAddress addr = NetUtils.getConnectAddress(server);
|
|
||||||
|
|
||||||
UserGroupInformation realUserUgi = UserGroupInformation
|
UserGroupInformation realUserUgi = UserGroupInformation
|
||||||
.createRemoteUser(REAL_USER_NAME);
|
.createRemoteUser(REAL_USER_NAME);
|
||||||
|
checkRemoteUgi(server, realUserUgi, conf);
|
||||||
|
|
||||||
UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
|
UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
|
||||||
PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
||||||
String retVal = proxyUserUgi
|
checkRemoteUgi(server, proxyUserUgi, conf);
|
||||||
.doAs(new PrivilegedExceptionAction<String>() {
|
|
||||||
@Override
|
|
||||||
public String run() throws IOException {
|
|
||||||
proxy = RPC.getProxy(TestProtocol.class,
|
|
||||||
TestProtocol.versionID, addr, conf);
|
|
||||||
String ret = proxy.aMethod();
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
Assert.assertEquals(PROXY_USER_NAME + " (auth:PROXY) via " + REAL_USER_NAME + " (auth:SIMPLE)", retVal);
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
Assert.fail();
|
Assert.fail();
|
||||||
@ -192,7 +203,7 @@ public String run() throws IOException {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test(timeout=4000)
|
||||||
public void testRealUserAuthorizationSuccess() throws IOException {
|
public void testRealUserAuthorizationSuccess() throws IOException {
|
||||||
final Configuration conf = new Configuration();
|
final Configuration conf = new Configuration();
|
||||||
configureSuperUserIPAddresses(conf, REAL_USER_SHORT_NAME);
|
configureSuperUserIPAddresses(conf, REAL_USER_SHORT_NAME);
|
||||||
@ -206,25 +217,13 @@ public void testRealUserAuthorizationSuccess() throws IOException {
|
|||||||
try {
|
try {
|
||||||
server.start();
|
server.start();
|
||||||
|
|
||||||
final InetSocketAddress addr = NetUtils.getConnectAddress(server);
|
|
||||||
|
|
||||||
UserGroupInformation realUserUgi = UserGroupInformation
|
UserGroupInformation realUserUgi = UserGroupInformation
|
||||||
.createRemoteUser(REAL_USER_NAME);
|
.createRemoteUser(REAL_USER_NAME);
|
||||||
|
checkRemoteUgi(server, realUserUgi, conf);
|
||||||
|
|
||||||
UserGroupInformation proxyUserUgi = UserGroupInformation
|
UserGroupInformation proxyUserUgi = UserGroupInformation
|
||||||
.createProxyUserForTesting(PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
.createProxyUserForTesting(PROXY_USER_NAME, realUserUgi, GROUP_NAMES);
|
||||||
String retVal = proxyUserUgi
|
checkRemoteUgi(server, proxyUserUgi, conf);
|
||||||
.doAs(new PrivilegedExceptionAction<String>() {
|
|
||||||
@Override
|
|
||||||
public String run() throws IOException {
|
|
||||||
proxy = RPC.getProxy(TestProtocol.class,
|
|
||||||
TestProtocol.versionID, addr, conf);
|
|
||||||
String ret = proxy.aMethod();
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
Assert.assertEquals(PROXY_USER_NAME + " (auth:PROXY) via " + REAL_USER_NAME + " (auth:SIMPLE)", retVal);
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
Assert.fail();
|
Assert.fail();
|
||||||
|
Loading…
Reference in New Issue
Block a user