Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-11287. Simplify UGI#reloginFromKeytab for Java 7+. Contributed by Li Lu.

This commit is contained in:
Haohui Mai 2014-12-08 21:10:32 -08:00
parent ddffcd8fac
commit 0ee41612bb
2 changed files with 5 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -418,6 +418,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-11313. Adding a document about NativeLibraryChecker. HADOOP-11313. Adding a document about NativeLibraryChecker.
(Tsuyoshi OZAWA via cnauroth) (Tsuyoshi OZAWA via cnauroth)
HADOOP-11287. Simplify UGI#reloginFromKeytab for Java 7+.
(Li Lu via wheat9)
OPTIMIZATIONS OPTIMIZATIONS
HADOOP-11323. WritableComparator#compare keeps reference to byte array. HADOOP-11323. WritableComparator#compare keeps reference to byte array.

18
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
View File

@ -44,9 +44,9 @@
import javax.security.auth.Subject; import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag; import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
@ -610,20 +610,6 @@ private void setLogin(LoginContext login) {
user.setLogin(login); user.setLogin(login);
} }
private static Class<?> KEY_TAB_CLASS = KerberosKey.class;
static {
try {
// We use KEY_TAB_CLASS to determine if the UGI is logged in from
// keytab. In JDK6 and JDK7, if useKeyTab and storeKey are specified
// in the Krb5LoginModule, then some number of KerberosKey objects
// are added to the Subject's private credentials. However, in JDK8,
// a KeyTab object is added instead. More details in HADOOP-10786.
KEY_TAB_CLASS = Class.forName("javax.security.auth.kerberos.KeyTab");
} catch (ClassNotFoundException cnfe) {
// Ignore. javax.security.auth.kerberos.KeyTab does not exist in JDK6.
}
}
/** /**
* Create a UserGroupInformation for the given subject. * Create a UserGroupInformation for the given subject.
* This does not change the subject or acquire new credentials. * This does not change the subject or acquire new credentials.
@ -632,7 +618,7 @@ private void setLogin(LoginContext login) {
UserGroupInformation(Subject subject) { UserGroupInformation(Subject subject) {
this.subject = subject; this.subject = subject;
this.user = subject.getPrincipals(User.class).iterator().next(); this.user = subject.getPrincipals(User.class).iterator().next();
this.isKeytab = !subject.getPrivateCredentials(KEY_TAB_CLASS).isEmpty(); this.isKeytab = !subject.getPrivateCredentials(KeyTab.class).isEmpty();
this.isKrbTkt = !subject.getPrivateCredentials(KerberosTicket.class).isEmpty(); this.isKrbTkt = !subject.getPrivateCredentials(KerberosTicket.class).isEmpty();
} }