HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if kerberos TGT is available in the subject. Contributed by Dian Fu.
This commit is contained in:
parent
73fbb3c66b
commit
9d1a8f5897
|
@ -23,6 +23,8 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.kerberos.KerberosKey;
|
||||
import javax.security.auth.kerberos.KerberosTicket;
|
||||
import javax.security.auth.login.AppConfigurationEntry;
|
||||
import javax.security.auth.login.Configuration;
|
||||
import javax.security.auth.login.LoginContext;
|
||||
|
@ -247,7 +249,9 @@ public class KerberosAuthenticator implements Authenticator {
|
|||
try {
|
||||
AccessControlContext context = AccessController.getContext();
|
||||
Subject subject = Subject.getSubject(context);
|
||||
if (subject == null) {
|
||||
if (subject == null
|
||||
|| (subject.getPrivateCredentials(KerberosKey.class).isEmpty()
|
||||
&& subject.getPrivateCredentials(KerberosTicket.class).isEmpty())) {
|
||||
LOG.debug("No subject in context, logging in");
|
||||
subject = new Subject();
|
||||
LoginContext login = new LoginContext("", subject,
|
||||
|
|
|
@ -496,6 +496,9 @@ Release 2.7.0 - UNRELEASED
|
|||
HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL
|
||||
and whitelist key ACL. (Dian Fu via wang)
|
||||
|
||||
HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if
|
||||
kerberos TGT is available in the subject. (Dian Fu via atm)
|
||||
|
||||
Release 2.6.0 - 2014-11-18
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
Loading…
Reference in New Issue