HADOOP-12682. Fix TestKMS#testKMSRestart* failure. Contributed by Wei-Chiu Chuang.
(cherry picked from commit ab725cff66
)
Conflicts:
hadoop-common-project/hadoop-common/CHANGES.txt
This commit is contained in:
parent
c6f68a7f98
commit
54dd9a14ab
|
@ -966,6 +966,42 @@ public class UserGroupInformation {
|
|||
+ " using keytab file " + keytabFile);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log the current user out who previously logged in using keytab.
|
||||
* This method assumes that the user logged in by calling
|
||||
* {@link #loginUserFromKeytab(String, String)}.
|
||||
*
|
||||
* @throws IOException if a failure occurred in logout, or if the user did
|
||||
* not log in by invoking loginUserFromKeyTab() before.
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public void logoutUserFromKeytab() throws IOException {
|
||||
if (!isSecurityEnabled() ||
|
||||
user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS) {
|
||||
return;
|
||||
}
|
||||
LoginContext login = getLogin();
|
||||
if (login == null || keytabFile == null) {
|
||||
throw new IOException("loginUserFromKeytab must be done first");
|
||||
}
|
||||
|
||||
try {
|
||||
if (LOG.isDebugEnabled()) {
|
||||
LOG.debug("Initiating logout for " + getUserName());
|
||||
}
|
||||
synchronized (UserGroupInformation.class) {
|
||||
login.logout();
|
||||
}
|
||||
} catch (LoginException le) {
|
||||
throw new IOException("Logout failure for " + user + " from keytab " +
|
||||
keytabFile, le);
|
||||
}
|
||||
|
||||
LOG.info("Logout successful for user " + keytabPrincipal
|
||||
+ " using keytab file " + keytabFile);
|
||||
}
|
||||
|
||||
/**
|
||||
* Re-login a user from keytab if TGT is expired or is close to expiry.
|
||||
*
|
||||
|
|
|
@ -44,10 +44,8 @@ import org.junit.Before;
|
|||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.kerberos.KerberosPrincipal;
|
||||
import javax.security.auth.login.AppConfigurationEntry;
|
||||
import javax.security.auth.login.LoginContext;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileWriter;
|
||||
|
@ -59,16 +57,13 @@ import java.net.ServerSocket;
|
|||
import java.net.SocketTimeoutException;
|
||||
import java.net.URI;
|
||||
import java.net.URL;
|
||||
import java.security.Principal;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
import java.util.concurrent.Callable;
|
||||
|
||||
|
@ -250,22 +245,12 @@ public class TestKMS {
|
|||
|
||||
private <T> T doAs(String user, final PrivilegedExceptionAction<T> action)
|
||||
throws Exception {
|
||||
Set<Principal> principals = new HashSet<Principal>();
|
||||
principals.add(new KerberosPrincipal(user));
|
||||
|
||||
//client login
|
||||
Subject subject = new Subject(false, principals,
|
||||
new HashSet<Object>(), new HashSet<Object>());
|
||||
LoginContext loginContext = new LoginContext("", subject, null,
|
||||
KerberosConfiguration.createClientConfig(user, keytab));
|
||||
UserGroupInformation.loginUserFromKeytab(user, keytab.getAbsolutePath());
|
||||
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
|
||||
try {
|
||||
loginContext.login();
|
||||
subject = loginContext.getSubject();
|
||||
UserGroupInformation ugi =
|
||||
UserGroupInformation.getUGIFromSubject(subject);
|
||||
return ugi.doAs(action);
|
||||
} finally {
|
||||
loginContext.logout();
|
||||
ugi.logoutUserFromKeytab();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue