From ab129035bf9e834481fb01d56a30593ad5d7e588 Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Wed, 18 Jul 2012 05:16:50 +0000 Subject: [PATCH] Revert HDFS-3639. JspHelper#getUGI should always verify the token if security is enabled. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1362765 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 --- .../apache/hadoop/hdfs/server/common/JspHelper.java | 11 +++++++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index b8e7e3223b4..a427328aba0 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -339,9 +339,6 @@ Release 2.0.1-alpha - UNRELEASED HDFS-3615. Two BlockTokenSecretManager findbugs warnings. (atm) - HDFS-3639. JspHelper#getUGI should always verify the token if - security is enabled. (eli) - HDFS-470. libhdfs should handle 0-length reads from FSInputStream correctly. (Colin Patrick McCabe via eli) diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java index c0da8779fd3..f8bfee73a7e 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java @@ -44,6 +44,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hdfs.BlockReader; import org.apache.hadoop.hdfs.BlockReaderFactory; +import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.DFSUtil; import org.apache.hadoop.hdfs.protocol.DatanodeInfo; import org.apache.hadoop.hdfs.protocol.ExtendedBlock; @@ -58,6 +59,7 @@ import org.apache.hadoop.hdfs.web.resources.DelegationParam; import org.apache.hadoop.hdfs.web.resources.DoAsParam; import org.apache.hadoop.hdfs.web.resources.UserParam; import org.apache.hadoop.http.HtmlQuoting; +import org.apache.hadoop.io.Text; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.SecurityUtil; @@ -557,8 +559,13 @@ public class JspHelper { DataInputStream in = new DataInputStream(buf); DelegationTokenIdentifier id = new DelegationTokenIdentifier(); id.readFields(in); - final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context); - nn.getNamesystem().verifyToken(id, token.getPassword()); + if (context != null) { + final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context); + if (nn != null) { + // Verify the token. + nn.getNamesystem().verifyToken(id, token.getPassword()); + } + } ugi = id.getUser(); if (ugi.getRealUser() == null) { //non-proxy case