HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if kerberos TGT is available in the subject. Contributed by Dian Fu.

This commit is contained in:
Aaron T. Myers 2014-12-03 18:53:45 -08:00
parent 73fbb3c66b
commit 9d1a8f5897
2 changed files with 8 additions and 1 deletions

View File

@ -23,6 +23,8 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
@ -247,7 +249,9 @@ public class KerberosAuthenticator implements Authenticator {
try {
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
if (subject == null) {
if (subject == null
|| (subject.getPrivateCredentials(KerberosKey.class).isEmpty()
&& subject.getPrivateCredentials(KerberosTicket.class).isEmpty())) {
LOG.debug("No subject in context, logging in");
subject = new Subject();
LoginContext login = new LoginContext("", subject,

View File

@ -496,6 +496,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL
and whitelist key ACL. (Dian Fu via wang)
HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if
kerberos TGT is available in the subject. (Dian Fu via atm)
Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES