HDDS-1259. OzoneFS classpath separation is broken by the token validation. Contributed by Elek Marton.

Closes #604
This commit is contained in:
Elek, Márton 2019-03-15 17:43:01 +01:00 committed by Xiaoyu Yao
parent a7f5e742a6
commit dc21655f2a
2 changed files with 25 additions and 22 deletions

View File

@ -30,6 +30,7 @@
import org.apache.hadoop.hdds.client.ReplicationFactor;
import org.apache.hadoop.hdds.client.ReplicationType;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.hadoop.ozone.client.ObjectStore;
@ -60,7 +61,7 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
private ReplicationType replicationType;
private ReplicationFactor replicationFactor;
private OzoneFSStorageStatistics storageStatistics;
private boolean securityEnabled;
/**
* Create new OzoneClientAdapter implementation.
*
@ -104,12 +105,24 @@ public OzoneClientAdapterImpl(OzoneConfiguration conf, String volumeStr,
}
public OzoneClientAdapterImpl(String omHost, int omPort,
OzoneConfiguration conf, String volumeStr, String bucketStr,
Configuration hadoopConf, String volumeStr, String bucketStr,
OzoneFSStorageStatistics storageStatistics) throws IOException {
ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(null);
OzoneConfiguration conf;
if (hadoopConf instanceof OzoneConfiguration) {
conf = (OzoneConfiguration) hadoopConf;
} else {
conf = new OzoneConfiguration(hadoopConf);
}
SecurityConfig secConfig = new SecurityConfig(conf);
if (secConfig.isSecurityEnabled()) {
this.securityEnabled = true;
}
try {
String replicationTypeConf =
@ -276,10 +289,14 @@ public Iterator<BasicKeyInfo> listKeys(String pathKey) {
@Override
public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
throws IOException {
Token<OzoneTokenIdentifier> token =
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
token.setKind(OzoneTokenIdentifier.KIND_NAME);
return token;
if (!securityEnabled) {
return null;
} else {
Token<OzoneTokenIdentifier> token =
ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
token.setKind(OzoneTokenIdentifier.KIND_NAME);
return token;
}
}
/**

View File

@ -48,8 +48,6 @@
import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException;
import org.apache.hadoop.fs.GlobalStorageStatistics;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Progressable;
@ -87,7 +85,6 @@ public class OzoneFileSystem extends FileSystem {
private Path workingDir;
private OzoneClientAdapter adapter;
private boolean securityEnabled;
private OzoneFSStorageStatistics storageStatistics;
@ -174,19 +171,9 @@ public void initialize(URI name, Configuration conf) throws IOException {
OzoneClientAdapterFactory.createAdapter(volumeStr, bucketStr);
}
} else {
OzoneConfiguration ozoneConfiguration;
if (conf instanceof OzoneConfiguration) {
ozoneConfiguration = (OzoneConfiguration) conf;
} else {
ozoneConfiguration = new OzoneConfiguration(conf);
}
SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
if (secConfig.isSecurityEnabled()) {
this.securityEnabled = true;
}
this.adapter = new OzoneClientAdapterImpl(omHost,
Integer.parseInt(omPort), ozoneConfiguration,
Integer.parseInt(omPort), conf,
volumeStr, bucketStr, storageStatistics);
}
@ -701,8 +688,7 @@ public Path getWorkingDirectory() {
@Override
public Token<?> getDelegationToken(String renewer) throws IOException {
return securityEnabled? adapter.getDelegationToken(renewer) :
super.getDelegationToken(renewer);
return adapter.getDelegationToken(renewer);
}
/**