Merge -r 1342333:1342334 from trunk to branch. FIXES: HDFS-3460

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1342336 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2012-05-24 16:51:46 +00:00
parent 02a703fac2
commit 671bd40e9b
2 changed files with 12 additions and 2 deletions

View File

@ -49,6 +49,7 @@ import org.apache.hadoop.lib.service.ProxyUser;
import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter; import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter;
import org.apache.hadoop.lib.servlet.HostnameFilter; import org.apache.hadoop.lib.servlet.HostnameFilter;
import org.apache.hadoop.lib.wsrs.InputStreamEntity; import org.apache.hadoop.lib.wsrs.InputStreamEntity;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.json.simple.JSONObject; import org.json.simple.JSONObject;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -145,9 +146,15 @@ public class HttpFSServer {
String effectiveUser = user.getName(); String effectiveUser = user.getName();
if (doAs != null && !doAs.equals(user.getName())) { if (doAs != null && !doAs.equals(user.getName())) {
ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class); ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class);
proxyUser.validate(user.getName(), HostnameFilter.get(), doAs); String proxyUserName;
if (user instanceof AuthenticationToken) {
proxyUserName = ((AuthenticationToken)user).getUserName();
} else {
proxyUserName = user.getName();
}
proxyUser.validate(proxyUserName, HostnameFilter.get(), doAs);
effectiveUser = doAs; effectiveUser = doAs;
AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", user.getName(), doAs); AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", proxyUserName, doAs);
} }
return effectiveUser; return effectiveUser;
} }

View File

@ -110,6 +110,9 @@ Release 2.0.1-alpha - UNRELEASED
use the stored generation stamp to check if the block is valid. (Vinay use the stored generation stamp to check if the block is valid. (Vinay
via szetszwo) via szetszwo)
HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full
principal name. (tucu)
Release 2.0.0-alpha - UNRELEASED Release 2.0.0-alpha - UNRELEASED
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES