HADOOP-10164. Allow UGI to login with a known Subject (bobby)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1552104 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
9184c4d179
commit
c9d74139bc
@ -399,6 +399,8 @@ Release 2.4.0 - UNRELEASED
|
||||
|
||||
HADOOP-10168. fix javadoc of ReflectionUtils#copy. (Thejas Nair via suresh)
|
||||
|
||||
HADOOP-10164. Allow UGI to login with a known Subject (bobby)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
HADOOP-9748. Reduce blocking on UGI.ensureInitialized (daryn)
|
||||
|
@ -477,7 +477,7 @@ private static class HadoopConfiguration
|
||||
|
||||
private static final AppConfigurationEntry[] SIMPLE_CONF =
|
||||
new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, HADOOP_LOGIN};
|
||||
|
||||
|
||||
private static final AppConfigurationEntry[] USER_KERBEROS_CONF =
|
||||
new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, USER_KERBEROS_LOGIN,
|
||||
HADOOP_LOGIN};
|
||||
@ -682,45 +682,60 @@ public static UserGroupInformation getUGIFromTicketCache(
|
||||
public synchronized
|
||||
static UserGroupInformation getLoginUser() throws IOException {
|
||||
if (loginUser == null) {
|
||||
ensureInitialized();
|
||||
try {
|
||||
Subject subject = new Subject();
|
||||
LoginContext login =
|
||||
newLoginContext(authenticationMethod.getLoginAppName(),
|
||||
subject, new HadoopConfiguration());
|
||||
login.login();
|
||||
UserGroupInformation realUser = new UserGroupInformation(subject);
|
||||
realUser.setLogin(login);
|
||||
realUser.setAuthenticationMethod(authenticationMethod);
|
||||
realUser = new UserGroupInformation(login.getSubject());
|
||||
// If the HADOOP_PROXY_USER environment variable or property
|
||||
// is specified, create a proxy user as the logged in user.
|
||||
String proxyUser = System.getenv(HADOOP_PROXY_USER);
|
||||
if (proxyUser == null) {
|
||||
proxyUser = System.getProperty(HADOOP_PROXY_USER);
|
||||
}
|
||||
loginUser = proxyUser == null ? realUser : createProxyUser(proxyUser, realUser);
|
||||
|
||||
String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
|
||||
if (fileLocation != null) {
|
||||
// Load the token storage file and put all of the tokens into the
|
||||
// user. Don't use the FileSystem API for reading since it has a lock
|
||||
// cycle (HADOOP-9212).
|
||||
Credentials cred = Credentials.readTokenStorageFile(
|
||||
new File(fileLocation), conf);
|
||||
loginUser.addCredentials(cred);
|
||||
}
|
||||
loginUser.spawnAutoRenewalThreadForUserCreds();
|
||||
} catch (LoginException le) {
|
||||
LOG.debug("failure to login", le);
|
||||
throw new IOException("failure to login", le);
|
||||
}
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("UGI loginUser:"+loginUser);
|
||||
}
|
||||
loginUserFromSubject(null);
|
||||
}
|
||||
return loginUser;
|
||||
}
|
||||
|
||||
/**
|
||||
* Log in a user using the given subject
|
||||
* @parma subject the subject to use when logging in a user, or null to
|
||||
* create a new subject.
|
||||
* @throws IOException if login fails
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public synchronized
|
||||
static void loginUserFromSubject(Subject subject) throws IOException {
|
||||
ensureInitialized();
|
||||
try {
|
||||
if (subject == null) {
|
||||
subject = new Subject();
|
||||
}
|
||||
LoginContext login =
|
||||
newLoginContext(authenticationMethod.getLoginAppName(),
|
||||
subject, new HadoopConfiguration());
|
||||
login.login();
|
||||
UserGroupInformation realUser = new UserGroupInformation(subject);
|
||||
realUser.setLogin(login);
|
||||
realUser.setAuthenticationMethod(authenticationMethod);
|
||||
realUser = new UserGroupInformation(login.getSubject());
|
||||
// If the HADOOP_PROXY_USER environment variable or property
|
||||
// is specified, create a proxy user as the logged in user.
|
||||
String proxyUser = System.getenv(HADOOP_PROXY_USER);
|
||||
if (proxyUser == null) {
|
||||
proxyUser = System.getProperty(HADOOP_PROXY_USER);
|
||||
}
|
||||
loginUser = proxyUser == null ? realUser : createProxyUser(proxyUser, realUser);
|
||||
|
||||
String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
|
||||
if (fileLocation != null) {
|
||||
// Load the token storage file and put all of the tokens into the
|
||||
// user. Don't use the FileSystem API for reading since it has a lock
|
||||
// cycle (HADOOP-9212).
|
||||
Credentials cred = Credentials.readTokenStorageFile(
|
||||
new File(fileLocation), conf);
|
||||
loginUser.addCredentials(cred);
|
||||
}
|
||||
loginUser.spawnAutoRenewalThreadForUserCreds();
|
||||
} catch (LoginException le) {
|
||||
LOG.debug("failure to login", le);
|
||||
throw new IOException("failure to login", le);
|
||||
}
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("UGI loginUser:"+loginUser);
|
||||
}
|
||||
}
|
||||
|
||||
@InterfaceAudience.Private
|
||||
@InterfaceStability.Unstable
|
||||
|
Loading…
Reference in New Issue
Block a user