From 7a5d27dde4abab8db35895b77d0ce93bfe99c8a1 Mon Sep 17 00:00:00 2001 From: Vrushali C Date: Wed, 10 Oct 2018 15:25:58 -0700 Subject: [PATCH] YARN-6989 Ensure timeline service v2 codebase gets UGI from HttpServletRequest in a consistent way. Contributed by Abhishek Modi --- .../TimelineReaderWebServicesUtils.java | 21 ++----------------- ...ineReaderWhitelistAuthorizationFilter.java | 2 +- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServicesUtils.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServicesUtils.java index ae19b213040..02f510ae6ac 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServicesUtils.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServicesUtils.java @@ -269,25 +269,8 @@ static String parseStr(String str) { * @return UGI. */ public static UserGroupInformation getUser(HttpServletRequest req) { - return getCallerUserGroupInformation(req, false); - } - - /** - * Get UGI from the HTTP request. - * - * @param hsr HTTP request. - * @param usePrincipal if true, use principal name else use remote user name - * @return UGI. - */ - public static UserGroupInformation getCallerUserGroupInformation( - HttpServletRequest hsr, boolean usePrincipal) { - - String remoteUser = hsr.getRemoteUser(); - if (usePrincipal) { - Principal princ = hsr.getUserPrincipal(); - remoteUser = princ == null ? null : princ.getName(); - } - + Principal princ = req.getUserPrincipal(); + String remoteUser = princ == null ? null : princ.getName(); UserGroupInformation callerUGI = null; if (remoteUser != null) { callerUGI = UserGroupInformation.createRemoteUser(remoteUser); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/security/TimelineReaderWhitelistAuthorizationFilter.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/security/TimelineReaderWhitelistAuthorizationFilter.java index d3f63e518df..4ed3f23e4df 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/security/TimelineReaderWhitelistAuthorizationFilter.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/security/TimelineReaderWhitelistAuthorizationFilter.java @@ -67,7 +67,7 @@ public void doFilter(ServletRequest request, ServletResponse response, if (isWhitelistReadAuthEnabled) { UserGroupInformation callerUGI = TimelineReaderWebServicesUtils - .getCallerUserGroupInformation(httpRequest, true); + .getUser(httpRequest); if (callerUGI == null) { String msg = "Unable to obtain user name, user not authenticated"; throw new AuthorizationException(msg);