Merge -r 1342333:1342334 from trunk to branch. FIXES: HDFS-3460
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1342336 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
02a703fac2
commit
671bd40e9b
|
@ -49,6 +49,7 @@ import org.apache.hadoop.lib.service.ProxyUser;
|
||||||
import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter;
|
import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter;
|
||||||
import org.apache.hadoop.lib.servlet.HostnameFilter;
|
import org.apache.hadoop.lib.servlet.HostnameFilter;
|
||||||
import org.apache.hadoop.lib.wsrs.InputStreamEntity;
|
import org.apache.hadoop.lib.wsrs.InputStreamEntity;
|
||||||
|
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
|
||||||
import org.json.simple.JSONObject;
|
import org.json.simple.JSONObject;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -145,9 +146,15 @@ public class HttpFSServer {
|
||||||
String effectiveUser = user.getName();
|
String effectiveUser = user.getName();
|
||||||
if (doAs != null && !doAs.equals(user.getName())) {
|
if (doAs != null && !doAs.equals(user.getName())) {
|
||||||
ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class);
|
ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class);
|
||||||
proxyUser.validate(user.getName(), HostnameFilter.get(), doAs);
|
String proxyUserName;
|
||||||
|
if (user instanceof AuthenticationToken) {
|
||||||
|
proxyUserName = ((AuthenticationToken)user).getUserName();
|
||||||
|
} else {
|
||||||
|
proxyUserName = user.getName();
|
||||||
|
}
|
||||||
|
proxyUser.validate(proxyUserName, HostnameFilter.get(), doAs);
|
||||||
effectiveUser = doAs;
|
effectiveUser = doAs;
|
||||||
AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", user.getName(), doAs);
|
AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", proxyUserName, doAs);
|
||||||
}
|
}
|
||||||
return effectiveUser;
|
return effectiveUser;
|
||||||
}
|
}
|
||||||
|
|
|
@ -110,6 +110,9 @@ Release 2.0.1-alpha - UNRELEASED
|
||||||
use the stored generation stamp to check if the block is valid. (Vinay
|
use the stored generation stamp to check if the block is valid. (Vinay
|
||||||
via szetszwo)
|
via szetszwo)
|
||||||
|
|
||||||
|
HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full
|
||||||
|
principal name. (tucu)
|
||||||
|
|
||||||
Release 2.0.0-alpha - UNRELEASED
|
Release 2.0.0-alpha - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
Loading…
Reference in New Issue