From 790e970931ceca6551f71216cec0f7d3faa87fdc Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Thu, 12 Jul 2012 19:23:39 +0000 Subject: [PATCH] HDFS-3639. JspHelper#getUGI should always verify the token if security is enabled. Contributed by Eli Collins git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1360867 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 +++ .../apache/hadoop/hdfs/server/common/JspHelper.java | 11 ++--------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index 93764f6f220..02aa727faf7 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -303,6 +303,9 @@ Release 2.0.1-alpha - UNRELEASED HDFS-3615. Two BlockTokenSecretManager findbugs warnings. (atm) + HDFS-3639. JspHelper#getUGI should always verify the token if + security is enabled. (eli) + BREAKDOWN OF HDFS-3042 SUBTASKS HDFS-2185. HDFS portion of ZK-based FailoverController (todd) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java index d75a267c6c7..2c60cc899c3 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java @@ -44,7 +44,6 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hdfs.BlockReader; import org.apache.hadoop.hdfs.BlockReaderFactory; -import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.DFSUtil; import org.apache.hadoop.hdfs.protocol.DatanodeInfo; import org.apache.hadoop.hdfs.protocol.ExtendedBlock; @@ -59,7 +58,6 @@ import org.apache.hadoop.hdfs.web.resources.DelegationParam; import org.apache.hadoop.hdfs.web.resources.DoAsParam; import org.apache.hadoop.hdfs.web.resources.UserParam; import org.apache.hadoop.http.HtmlQuoting; -import org.apache.hadoop.io.Text; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.SecurityUtil; @@ -557,13 +555,8 @@ public class JspHelper { DataInputStream in = new DataInputStream(buf); DelegationTokenIdentifier id = new DelegationTokenIdentifier(); id.readFields(in); - if (context != null) { - final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context); - if (nn != null) { - // Verify the token. - nn.getNamesystem().verifyToken(id, token.getPassword()); - } - } + final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context); + nn.getNamesystem().verifyToken(id, token.getPassword()); ugi = id.getUser(); if (ugi.getRealUser() == null) { //non-proxy case