From 0ee41612bb237331fc7130a6fb8b5e3366fcc221 Mon Sep 17 00:00:00 2001 From: Haohui Mai Date: Mon, 8 Dec 2014 21:10:32 -0800 Subject: [PATCH] HADOOP-11287. Simplify UGI#reloginFromKeytab for Java 7+. Contributed by Li Lu. --- .../hadoop-common/CHANGES.txt | 3 +++ .../hadoop/security/UserGroupInformation.java | 18 ++---------------- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index d9219cc9ed3..4b998d0dd79 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -418,6 +418,9 @@ Release 2.7.0 - UNRELEASED HADOOP-11313. Adding a document about NativeLibraryChecker. (Tsuyoshi OZAWA via cnauroth) + HADOOP-11287. Simplify UGI#reloginFromKeytab for Java 7+. + (Li Lu via wheat9) + OPTIMIZATIONS HADOOP-11323. WritableComparator#compare keeps reference to byte array. diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java index 0541f9d9cd0..4b0b5f305fe 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java @@ -44,9 +44,9 @@ import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.kerberos.KerberosKey; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosTicket; +import javax.security.auth.kerberos.KeyTab; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag; import javax.security.auth.login.LoginContext; @@ -610,20 +610,6 @@ private void setLogin(LoginContext login) { user.setLogin(login); } - private static Class KEY_TAB_CLASS = KerberosKey.class; - static { - try { - // We use KEY_TAB_CLASS to determine if the UGI is logged in from - // keytab. In JDK6 and JDK7, if useKeyTab and storeKey are specified - // in the Krb5LoginModule, then some number of KerberosKey objects - // are added to the Subject's private credentials. However, in JDK8, - // a KeyTab object is added instead. More details in HADOOP-10786. - KEY_TAB_CLASS = Class.forName("javax.security.auth.kerberos.KeyTab"); - } catch (ClassNotFoundException cnfe) { - // Ignore. javax.security.auth.kerberos.KeyTab does not exist in JDK6. - } - } - /** * Create a UserGroupInformation for the given subject. * This does not change the subject or acquire new credentials. @@ -632,7 +618,7 @@ private void setLogin(LoginContext login) { UserGroupInformation(Subject subject) { this.subject = subject; this.user = subject.getPrincipals(User.class).iterator().next(); - this.isKeytab = !subject.getPrivateCredentials(KEY_TAB_CLASS).isEmpty(); + this.isKeytab = !subject.getPrivateCredentials(KeyTab.class).isEmpty(); this.isKrbTkt = !subject.getPrivateCredentials(KerberosTicket.class).isEmpty(); }