HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if kerberos TGT is available in the subject. Contributed by Dian Fu.
This commit is contained in:
parent
73fbb3c66b
commit
9d1a8f5897
|
@ -23,6 +23,8 @@ import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import javax.security.auth.Subject;
|
import javax.security.auth.Subject;
|
||||||
|
import javax.security.auth.kerberos.KerberosKey;
|
||||||
|
import javax.security.auth.kerberos.KerberosTicket;
|
||||||
import javax.security.auth.login.AppConfigurationEntry;
|
import javax.security.auth.login.AppConfigurationEntry;
|
||||||
import javax.security.auth.login.Configuration;
|
import javax.security.auth.login.Configuration;
|
||||||
import javax.security.auth.login.LoginContext;
|
import javax.security.auth.login.LoginContext;
|
||||||
|
@ -247,7 +249,9 @@ public class KerberosAuthenticator implements Authenticator {
|
||||||
try {
|
try {
|
||||||
AccessControlContext context = AccessController.getContext();
|
AccessControlContext context = AccessController.getContext();
|
||||||
Subject subject = Subject.getSubject(context);
|
Subject subject = Subject.getSubject(context);
|
||||||
if (subject == null) {
|
if (subject == null
|
||||||
|
|| (subject.getPrivateCredentials(KerberosKey.class).isEmpty()
|
||||||
|
&& subject.getPrivateCredentials(KerberosTicket.class).isEmpty())) {
|
||||||
LOG.debug("No subject in context, logging in");
|
LOG.debug("No subject in context, logging in");
|
||||||
subject = new Subject();
|
subject = new Subject();
|
||||||
LoginContext login = new LoginContext("", subject,
|
LoginContext login = new LoginContext("", subject,
|
||||||
|
|
|
@ -496,6 +496,9 @@ Release 2.7.0 - UNRELEASED
|
||||||
HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL
|
HADOOP-11342. KMS key ACL should ignore ALL operation for default key ACL
|
||||||
and whitelist key ACL. (Dian Fu via wang)
|
and whitelist key ACL. (Dian Fu via wang)
|
||||||
|
|
||||||
|
HADOOP-11332. KerberosAuthenticator#doSpnegoSequence should check if
|
||||||
|
kerberos TGT is available in the subject. (Dian Fu via atm)
|
||||||
|
|
||||||
Release 2.6.0 - 2014-11-18
|
Release 2.6.0 - 2014-11-18
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
Loading…
Reference in New Issue