YARN-6989 Ensure timeline service v2 codebase gets UGI from HttpServletRequest in a consistent way. Contributed by Abhishek Modi
This commit is contained in:
parent
bf3d591f0c
commit
045069efec
|
@ -269,25 +269,8 @@ public final class TimelineReaderWebServicesUtils {
|
|||
* @return UGI.
|
||||
*/
|
||||
public static UserGroupInformation getUser(HttpServletRequest req) {
|
||||
return getCallerUserGroupInformation(req, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get UGI from the HTTP request.
|
||||
*
|
||||
* @param hsr HTTP request.
|
||||
* @param usePrincipal if true, use principal name else use remote user name
|
||||
* @return UGI.
|
||||
*/
|
||||
public static UserGroupInformation getCallerUserGroupInformation(
|
||||
HttpServletRequest hsr, boolean usePrincipal) {
|
||||
|
||||
String remoteUser = hsr.getRemoteUser();
|
||||
if (usePrincipal) {
|
||||
Principal princ = hsr.getUserPrincipal();
|
||||
remoteUser = princ == null ? null : princ.getName();
|
||||
}
|
||||
|
||||
Principal princ = req.getUserPrincipal();
|
||||
String remoteUser = princ == null ? null : princ.getName();
|
||||
UserGroupInformation callerUGI = null;
|
||||
if (remoteUser != null) {
|
||||
callerUGI = UserGroupInformation.createRemoteUser(remoteUser);
|
||||
|
|
|
@ -67,7 +67,7 @@ public class TimelineReaderWhitelistAuthorizationFilter implements Filter {
|
|||
|
||||
if (isWhitelistReadAuthEnabled) {
|
||||
UserGroupInformation callerUGI = TimelineReaderWebServicesUtils
|
||||
.getCallerUserGroupInformation(httpRequest, true);
|
||||
.getUser(httpRequest);
|
||||
if (callerUGI == null) {
|
||||
String msg = "Unable to obtain user name, user not authenticated";
|
||||
throw new AuthorizationException(msg);
|
||||
|
|
Loading…
Reference in New Issue