HADOOP-10683. Users authenticated with KERBEROS are recorded as being authenticated with SIMPLE. Contributed by Benoy Antony.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1602991 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Chris Nauroth 2014-06-16 20:30:04 +00:00
parent b2ffbd8796
commit 05b8e8f7c1
4 changed files with 31 additions and 2 deletions

View File

@ -553,6 +553,9 @@ Release 2.5.0 - UNRELEASED
HADOOP-10678. SecurityUtil has unnecessary synchronization on collection HADOOP-10678. SecurityUtil has unnecessary synchronization on collection
used for only tests. (Benoy Antony via cnauroth) used for only tests. (Benoy Antony via cnauroth)
HADOOP-10683. Users authenticated with KERBEROS are recorded as being
authenticated with SIMPLE. (Benoy Antony via cnauroth)
BREAKDOWN OF HADOOP-10514 SUBTASKS AND RELATED JIRAS BREAKDOWN OF HADOOP-10514 SUBTASKS AND RELATED JIRAS
HADOOP-10520. Extended attributes definition and FileSystem APIs for HADOOP-10520. Extended attributes definition and FileSystem APIs for

View File

@ -1221,7 +1221,7 @@ public abstract class Server {
ugi.addTokenIdentifier(tokenId); ugi.addTokenIdentifier(tokenId);
return ugi; return ugi;
} else { } else {
return UserGroupInformation.createRemoteUser(authorizedId); return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
} }
} }

View File

@ -1157,13 +1157,25 @@ public class UserGroupInformation {
@InterfaceAudience.Public @InterfaceAudience.Public
@InterfaceStability.Evolving @InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user) { public static UserGroupInformation createRemoteUser(String user) {
return createRemoteUser(user, AuthMethod.SIMPLE);
}
/**
* Create a user from a login name. It is intended to be used for remote
* users in RPC, since it won't have any credentials.
* @param user the full user principal name, must not be empty or null
* @return the UserGroupInformation for the remote user.
*/
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user, AuthMethod authMethod) {
if (user == null || user.isEmpty()) { if (user == null || user.isEmpty()) {
throw new IllegalArgumentException("Null user"); throw new IllegalArgumentException("Null user");
} }
Subject subject = new Subject(); Subject subject = new Subject();
subject.getPrincipals().add(new User(user)); subject.getPrincipals().add(new User(user));
UserGroupInformation result = new UserGroupInformation(subject); UserGroupInformation result = new UserGroupInformation(subject);
result.setAuthenticationMethod(AuthenticationMethod.SIMPLE); result.setAuthenticationMethod(authMethod);
return result; return result;
} }

View File

@ -20,6 +20,7 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.metrics2.MetricsRecordBuilder; import org.apache.hadoop.metrics2.MetricsRecordBuilder;
import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.authentication.util.KerberosName; import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
@ -31,6 +32,7 @@ import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.IOException; import java.io.IOException;
import java.io.InputStreamReader; import java.io.InputStreamReader;
@ -151,6 +153,18 @@ public class TestUserGroupInformation {
assertEquals(AuthenticationMethod.PROXY, ugi.getAuthenticationMethod()); assertEquals(AuthenticationMethod.PROXY, ugi.getAuthenticationMethod());
assertEquals(AuthenticationMethod.SIMPLE, ugi.getRealAuthenticationMethod()); assertEquals(AuthenticationMethod.SIMPLE, ugi.getRealAuthenticationMethod());
} }
@Test (timeout = 30000)
public void testCreateRemoteUser() {
UserGroupInformation ugi = UserGroupInformation.createRemoteUser("user1");
assertEquals(AuthenticationMethod.SIMPLE, ugi.getAuthenticationMethod());
assertTrue (ugi.toString().contains("(auth:SIMPLE)"));
ugi = UserGroupInformation.createRemoteUser("user1",
AuthMethod.KERBEROS);
assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
assertTrue (ugi.toString().contains("(auth:KERBEROS)"));
}
/** Test login method */ /** Test login method */
@Test (timeout = 30000) @Test (timeout = 30000)
public void testLogin() throws Exception { public void testLogin() throws Exception {