Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-6815. refreshSuperUserGroupsConfiguration should use server side configuration for the refresh 

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@957074 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Boris Shkolnik 2010-06-22 23:04:33 +00:00
parent 35a4624771
commit 8970e93b01
5 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES.txt
View File

@ -91,6 +91,9 @@ Trunk (unreleased changes)
HADOOP-6652. Removes the unnecessary cache from ShellBasedUnixGroupsMapping. HADOOP-6652. Removes the unnecessary cache from ShellBasedUnixGroupsMapping.
(ddas) (ddas)
HADOOP-6815. refreshSuperUserGroupsConfiguration should use server side
configuration for the refresh (boryas)
Release 0.21.0 - Unreleased Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

9
src/java/org/apache/hadoop/security/Groups.java
View File

@ -121,6 +121,15 @@ public class Groups {
* Get the groups being used to map user-to-groups. * Get the groups being used to map user-to-groups.
* @return the groups being used to map user-to-groups. * @return the groups being used to map user-to-groups.
*/ */
public static Groups getUserToGroupsMappingService() {
return getUserToGroupsMappingService(new Configuration());
}
/**
* Get the groups being used to map user-to-groups.
* @param Configuration
* @return the groups being used to map user-to-groups.
*/
public static Groups getUserToGroupsMappingService(Configuration conf) { public static Groups getUserToGroupsMappingService(Configuration conf) {
if(GROUPS == null) { if(GROUPS == null) {
LOG.debug(" Creating new Groups object"); LOG.debug(" Creating new Groups object");

5
src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
View File

@ -46,13 +46,12 @@ public interface RefreshUserMappingsProtocol extends VersionedProtocol {
* @param conf * @param conf
* @throws IOException * @throws IOException
*/ */
public void refreshUserToGroupsMappings(Configuration conf) throws IOException; public void refreshUserToGroupsMappings() throws IOException;
/** /**
* Refresh superuser proxy group list * Refresh superuser proxy group list
* @param conf
* @throws IOException * @throws IOException
*/ */
public void refreshSuperUserGroupsConfiguration(Configuration conf) public void refreshSuperUserGroupsConfiguration()
throws IOException; throws IOException;
} }

24
src/java/org/apache/hadoop/security/authorize/ProxyUsers.java
View File

@ -37,7 +37,7 @@ public class ProxyUsers {
public static final String CONF_GROUPS = ".groups"; public static final String CONF_GROUPS = ".groups";
public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser."; public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\."; public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\.";
private static Configuration conf=null; private static boolean init = false;
// list of groups and hosts per proxyuser // list of groups and hosts per proxyuser
private static Map<String, Collection<String>> proxyGroups = private static Map<String, Collection<String>> proxyGroups =
new HashMap<String, Collection<String>>(); new HashMap<String, Collection<String>>();
@ -47,9 +47,17 @@ public class ProxyUsers {
/** /**
* reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts" * reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts"
*/ */
public static synchronized void refreshSuperUserGroupsConfiguration(Configuration cn) { public static void refreshSuperUserGroupsConfiguration() {
conf = cn; //load server side configuration;
refreshSuperUserGroupsConfiguration(new Configuration());
}
/**
* refresh configuration
* @param conf
*/
public static synchronized void refreshSuperUserGroupsConfiguration(Configuration conf) {
// remove alle existing stuff // remove alle existing stuff
proxyGroups.clear(); proxyGroups.clear();
proxyHosts.clear(); proxyHosts.clear();
@ -69,6 +77,8 @@ public class ProxyUsers {
proxyHosts.put(entry.getKey(), proxyHosts.put(entry.getKey(),
StringUtils.getStringCollection(entry.getValue())); StringUtils.getStringCollection(entry.getValue()));
} }
init = true;
} }
/** /**
@ -102,8 +112,8 @@ public class ProxyUsers {
public static synchronized void authorize(UserGroupInformation user, public static synchronized void authorize(UserGroupInformation user,
String remoteAddress, Configuration newConf) throws AuthorizationException { String remoteAddress, Configuration newConf) throws AuthorizationException {
if(conf == null) { if(!init) {
refreshSuperUserGroupsConfiguration(newConf); refreshSuperUserGroupsConfiguration();
} }
if (user.getRealUser() == null) { if (user.getRealUser() == null) {
@ -116,7 +126,7 @@ public class ProxyUsers {
Collection<String> allowedUserGroups = proxyGroups.get( Collection<String> allowedUserGroups = proxyGroups.get(
getProxySuperuserGroupConfKey(superUser.getShortUserName())); getProxySuperuserGroupConfKey(superUser.getShortUserName()));
if (!allowedUserGroups.isEmpty()) { if (allowedUserGroups != null && !allowedUserGroups.isEmpty()) {
for (String group : user.getGroupNames()) { for (String group : user.getGroupNames()) {
if (allowedUserGroups.contains(group)) { if (allowedUserGroups.contains(group)) {
groupAuthorized = true; groupAuthorized = true;
@ -133,7 +143,7 @@ public class ProxyUsers {
Collection<String> ipList = proxyHosts.get( Collection<String> ipList = proxyHosts.get(
getProxySuperuserIpConfKey(superUser.getShortUserName())); getProxySuperuserIpConfKey(superUser.getShortUserName()));
if (!ipList.isEmpty()) { if (ipList != null && !ipList.isEmpty()) {
for (String allowedHost : ipList) { for (String allowedHost : ipList) {
InetAddress hostAddr; InetAddress hostAddr;
try { try {

2
src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java
View File

@ -148,6 +148,7 @@ public class TestDoAsEffectiveUser {
Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS, Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
0, 5, true, conf, null); 0, 5, true, conf, null);
refreshConf(conf);
try { try {
server.start(); server.start();
@ -188,6 +189,7 @@ public class TestDoAsEffectiveUser {
Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS, Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
0, 2, false, conf, null); 0, 2, false, conf, null);
refreshConf(conf);
try { try {
server.start(); server.start();