HDFS-4566. Webdhfs token cancelation should use authentication (daryn)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1454059 13f79535-47bb-0310-9956-ffa450edef68

hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

@@ -2374,6 +2374,8 @@ Release 0.23.7 - UNRELEASED
 
     HDFS-4560. Webhdfs cannot use tokens obtained by another user (daryn)
 
+    HDFS-4566. Webdhfs token cancelation should use authentication (daryn)
+
 Release 0.23.6 - UNRELEASED
 
   INCOMPATIBLE CHANGES

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java

@@ -341,7 +341,8 @@ public class WebHdfsFileSystem extends FileSystem
     boolean hasToken = false;
     if (UserGroupInformation.isSecurityEnabled() &&
         op != GetOpParam.Op.GETDELEGATIONTOKEN &&
-        op != PutOpParam.Op.RENEWDELEGATIONTOKEN) {
+        op != PutOpParam.Op.RENEWDELEGATIONTOKEN &&
+        op != PutOpParam.Op.CANCELDELEGATIONTOKEN) {
       synchronized (this) {
         hasToken = (delegationToken != null);
         if (hasToken) {

hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java

@@ -140,8 +140,8 @@ public class TestWebHdfsUrl {
     checkQueryParams(
         new String[]{
             PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(),
+            new UserParam(ugi.getShortUserName()).toString(),
             new TokenArgumentParam(tokenString).toString(),
-            new DelegationParam(tokenString).toString()
         },
         cancelTokenUrl);
     
@@ -223,8 +223,9 @@ public class TestWebHdfsUrl {
     checkQueryParams(
         new String[]{
             PutOpParam.Op.CANCELDELEGATIONTOKEN.toQueryString(),
+            new UserParam(ugi.getRealUser().getShortUserName()).toString(),
+            new DoAsParam(ugi.getShortUserName()).toString(),
             new TokenArgumentParam(tokenString).toString(),
-            new DelegationParam(tokenString).toString()
         },
         cancelTokenUrl);