From 69be6e7352151cece9520ccff50985fb0657527c Mon Sep 17 00:00:00 2001
From: Eric Yang <eyang@apache.org>
Date: Fri, 30 Nov 2018 12:49:46 -0500
Subject: [PATCH] HADOOP-15922.  Revert patch 004.

(cherry picked from commit 38ea3814bd0641d895e5d3b7415c6308e7f8491e)
---
 .../DelegationTokenAuthenticationFilter.java  |  8 +--
 .../hadoop/crypto/key/kms/server/TestKMS.java | 64 -------------------
 2 files changed, 1 insertion(+), 71 deletions(-)

diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java
index 391097f5755..f5e798e2556 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java
@@ -51,7 +51,6 @@ import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 
 import java.io.IOException;
-import java.net.URLDecoder;
 import java.nio.charset.Charset;
 import java.security.Principal;
 import java.util.Enumeration;
@@ -231,12 +230,7 @@ public class DelegationTokenAuthenticationFilter
       for (NameValuePair nv : list) {
         if (DelegationTokenAuthenticatedURL.DO_AS.
             equalsIgnoreCase(nv.getName())) {
-          String doAsUser = nv.getValue();
-          try {
-            doAsUser = URLDecoder.decode(nv.getValue(), UTF8_CHARSET.name());
-          } finally {
-            return doAsUser;
-          }
+          return nv.getValue();
         }
       }
     }
diff --git a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
index 064ae83ac23..af59877a316 100644
--- a/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
+++ b/hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
@@ -2115,70 +2115,6 @@ public class TestKMS {
     });
   }
 
-  @Test
-  public void testGetDelegationTokenByProxyUser() throws Exception {
-    Configuration conf = new Configuration();
-    conf.set("hadoop.security.authentication", "kerberos");
-    UserGroupInformation.setConfiguration(conf);
-    final File testDir = getTestDir();
-
-    conf = createBaseKMSConf(testDir, conf);
-    conf.set("hadoop.kms.authentication.type", "kerberos");
-    conf.set("hadoop.kms.authentication.kerberos.keytab",
-        keytab.getAbsolutePath());
-    conf.set("hadoop.kms.authentication.kerberos.principal", "HTTP/localhost");
-    conf.set("hadoop.kms.authentication.kerberos.name.rules", "DEFAULT");
-    conf.set("hadoop.kms.proxyuser.client.users", "foo/localhost");
-    conf.set("hadoop.kms.proxyuser.client.hosts", "localhost");
-    conf.set(KeyAuthorizationKeyProvider.KEY_ACL + "kcc.ALL",
-        "foo/localhost");
-
-    writeConf(testDir, conf);
-
-    runServer(null, null, testDir, new KMSCallable<Void>() {
-      @Override
-      public Void call() throws Exception {
-        final Configuration conf = new Configuration();
-        final URI uri = createKMSUri(getKMSUrl());
-
-        // proxyuser client using kerberos credentials
-        UserGroupInformation proxyUgi = UserGroupInformation.
-            loginUserFromKeytabAndReturnUGI("client/host", keytab.getAbsolutePath());
-        UserGroupInformation foo = UserGroupInformation.createProxyUser(
-            "foo/localhost", proxyUgi);
-        final Credentials credentials = new Credentials();
-        foo.doAs(new PrivilegedExceptionAction<Void>() {
-          @Override
-          public Void run() throws Exception {
-            final KeyProvider kp = createProvider(uri, conf);
-            KeyProviderDelegationTokenExtension keyProviderDelegationTokenExtension
-                = KeyProviderDelegationTokenExtension
-                    .createKeyProviderDelegationTokenExtension(kp);
-            keyProviderDelegationTokenExtension.addDelegationTokens("client",
-                credentials);
-            Assert.assertNotNull(kp.createKey("kcc",
-                new KeyProvider.Options(conf)));
-            return null;
-          }
-        });
-
-        // current user client using token credentials for proxy user
-        UserGroupInformation nonKerberosUgi
-            = UserGroupInformation.getCurrentUser();
-        nonKerberosUgi.addCredentials(credentials);
-        nonKerberosUgi.doAs(new PrivilegedExceptionAction<Void>() {
-          @Override
-          public Void run() throws Exception {
-            final KeyProvider kp = createProvider(uri, conf);
-            Assert.assertNotNull(kp.getMetadata("kcc"));
-            return null;
-          }
-        });
-        return null;
-      }
-    });
-  }
-
   private Configuration setupConfForKerberos(File confDir) throws Exception {
     final Configuration conf =  createBaseKMSConf(confDir, null);
     conf.set("hadoop.security.authentication", "kerberos");