HADOOP-6517. Fix UserGroupInformation so that tokens are saved/retrieved to/from the embedded Subject. Contributed by Owen O'Malley & Kan Zhang.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@904339 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
0c5734e4ac
commit
611340714b
|
@ -152,6 +152,9 @@ Trunk (unreleased changes)
|
|||
|
||||
HADOOP-6489. Fix 3 findbugs warnings. (Erik Steffl via suresh)
|
||||
|
||||
HADOOP-6517. Fix UserGroupInformation so that tokens are saved/retrieved
|
||||
to/from the embedded Subject (Owen O'Malley & Kan Zhang via ddas)
|
||||
|
||||
Release 0.21.0 - Unreleased
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
|
@ -198,8 +198,6 @@ public class UserGroupInformation {
|
|||
private static String keytabFile = null;
|
||||
|
||||
private final Subject subject;
|
||||
private final Set<Token<? extends TokenIdentifier>> tokens =
|
||||
new LinkedHashSet<Token<? extends TokenIdentifier>>();
|
||||
|
||||
private static final String OS_LOGIN_MODULE_NAME;
|
||||
private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
|
||||
|
@ -443,7 +441,7 @@ public class UserGroupInformation {
|
|||
* @return true on successful add of new token
|
||||
*/
|
||||
public synchronized boolean addToken(Token<? extends TokenIdentifier> token) {
|
||||
return tokens.add(token);
|
||||
return subject.getPrivateCredentials().add(token);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -451,8 +449,16 @@ public class UserGroupInformation {
|
|||
*
|
||||
* @return an unmodifiable collection of tokens associated with user
|
||||
*/
|
||||
public synchronized Collection<Token<? extends TokenIdentifier>> getTokens() {
|
||||
return Collections.unmodifiableSet(tokens);
|
||||
public synchronized
|
||||
Collection<Token<? extends TokenIdentifier>> getTokens() {
|
||||
Set<Object> creds = subject.getPrivateCredentials();
|
||||
List<Token<?>> result = new ArrayList<Token<?>>(creds.size());
|
||||
for(Object o: creds) {
|
||||
if (o instanceof Token<?>) {
|
||||
result.add((Token<?>) o);
|
||||
}
|
||||
}
|
||||
return Collections.unmodifiableList(result);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -27,6 +27,7 @@ import static org.mockito.Mockito.mock;
|
|||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
@ -164,12 +165,12 @@ public class TestUserGroupInformation {
|
|||
|
||||
@SuppressWarnings("unchecked") // from Mockito mocks
|
||||
@Test
|
||||
public void testUGITokens() {
|
||||
public <T extends TokenIdentifier> void testUGITokens() throws Exception {
|
||||
UserGroupInformation ugi =
|
||||
UserGroupInformation.createUserForTesting("TheDoctor",
|
||||
new String [] { "TheTARDIS"});
|
||||
Token t1 = mock(Token.class);
|
||||
Token t2 = mock(Token.class);
|
||||
Token<T> t1 = mock(Token.class);
|
||||
Token<T> t2 = mock(Token.class);
|
||||
|
||||
ugi.addToken(t1);
|
||||
ugi.addToken(t2);
|
||||
|
@ -185,5 +186,15 @@ public class TestUserGroupInformation {
|
|||
} catch(UnsupportedOperationException uoe) {
|
||||
// Can't modify tokens
|
||||
}
|
||||
|
||||
// ensure that the tokens are passed through doAs
|
||||
Collection<Token<? extends TokenIdentifier>> otherSet =
|
||||
ugi.doAs(new PrivilegedExceptionAction<Collection<Token<?>>>(){
|
||||
public Collection<Token<?>> run() throws IOException {
|
||||
return UserGroupInformation.getCurrentUser().getTokens();
|
||||
}
|
||||
});
|
||||
assertTrue(otherSet.contains(t1));
|
||||
assertTrue(otherSet.contains(t2));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue