HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not getting called in for authorization. (#1998)

Reviewed-by: Arpit Agarwal <arp@apache.org>
(cherry picked from commit adecdb8b53)
(cherry picked from commit f4c05f1d93718c5cd574abf40c14510886289353)
This commit is contained in:
Wei-Chiu Chuang 2020-05-05 16:04:54 -07:00
parent adfb68cb22
commit 3d8e392eb4
1 changed files with 12 additions and 1 deletions

View File

@ -73,6 +73,7 @@ import javax.annotation.Nullable;
import java.io.Closeable; import java.io.Closeable;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.Method;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
@ -225,8 +226,18 @@ public class FSDirectory implements Closeable {
Class[] cArg = new Class[1]; Class[] cArg = new Class[1];
cArg[0] = INodeAttributeProvider.AuthorizationContext.class; cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
INodeAttributeProvider.AccessControlEnforcer enforcer =
attributeProvider.getExternalAccessControlEnforcer(null);
// If external enforcer is null, we use the default enforcer, which
// supports the new API.
if (enforcer == null) {
useAuthorizationWithContextAPI = true;
return;
}
try { try {
Class<?> clazz = attributeProvider.getClass(); Class<?> clazz = enforcer.getClass();
clazz.getDeclaredMethod("checkPermissionWithContext", cArg); clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
useAuthorizationWithContextAPI = true; useAuthorizationWithContextAPI = true;
LOG.info("Use the new authorization provider API"); LOG.info("Use the new authorization provider API");