HDFS-14647. NPE during secure namenode startup. Contributed by Fengnan Li.
(cherry picked from commit62deab17a3
) (cherry picked from commit6cd9290401
)
This commit is contained in:
parent
b837431a08
commit
6a4c3fad66
|
@ -675,6 +675,10 @@ public class NameNode extends ReconfigurableBase implements
|
|||
@Override
|
||||
public void verifyToken(DelegationTokenIdentifier id, byte[] password)
|
||||
throws IOException {
|
||||
// during startup namesystem is null, let client retry
|
||||
if (namesystem == null) {
|
||||
throw new RetriableException("Namenode is in startup mode");
|
||||
}
|
||||
namesystem.verifyToken(id, password);
|
||||
}
|
||||
|
||||
|
|
|
@ -21,12 +21,14 @@ import org.apache.hadoop.conf.Configuration;
|
|||
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
||||
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
||||
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNode;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer;
|
||||
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
|
||||
import org.apache.hadoop.hdfs.web.resources.UserParam;
|
||||
import org.apache.hadoop.io.DataInputBuffer;
|
||||
import org.apache.hadoop.io.DataOutputBuffer;
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.ipc.RetriableException;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
|
||||
import org.apache.hadoop.security.authorize.AuthorizationException;
|
||||
|
@ -36,9 +38,11 @@ import org.apache.hadoop.security.authorize.ProxyUsers;
|
|||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.security.token.TokenIdentifier;
|
||||
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
|
||||
import org.apache.hadoop.test.LambdaTestUtils;
|
||||
import org.junit.Assert;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
@ -371,8 +375,38 @@ public class TestJspHelper {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetUgiDuringStartup() throws Exception {
|
||||
conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
|
||||
ServletContext context = mock(ServletContext.class);
|
||||
String realUser = "TheDoctor";
|
||||
String user = "TheNurse";
|
||||
conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
|
||||
UserGroupInformation.setConfiguration(conf);
|
||||
HttpServletRequest request;
|
||||
|
||||
Text ownerText = new Text(user);
|
||||
DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(
|
||||
ownerText, ownerText, new Text(realUser));
|
||||
Token<DelegationTokenIdentifier> token =
|
||||
new Token<DelegationTokenIdentifier>(dtId,
|
||||
new DummySecretManager(0, 0, 0, 0));
|
||||
String tokenString = token.encodeToUrlString();
|
||||
|
||||
// token with auth-ed user
|
||||
request = getMockRequest(realUser, null, null);
|
||||
when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
|
||||
tokenString);
|
||||
|
||||
NameNode mockNN = mock(NameNode.class);
|
||||
Mockito.doCallRealMethod().when(mockNN)
|
||||
.verifyToken(Mockito.any(), Mockito.any());
|
||||
when(context.getAttribute("name.node")).thenReturn(mockNN);
|
||||
|
||||
LambdaTestUtils.intercept(RetriableException.class,
|
||||
"Namenode is in startup mode",
|
||||
() -> JspHelper.getUGI(context, request, conf));
|
||||
}
|
||||
|
||||
private HttpServletRequest getMockRequest(String remoteUser, String user, String doAs) {
|
||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
||||
|
|
Loading…
Reference in New Issue