HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not getting called in for authorization. (#1998)
Reviewed-by: Arpit Agarwal <arp@apache.org>
This commit is contained in:
parent
e877118454
commit
adecdb8b53
|
@ -73,6 +73,7 @@ import javax.annotation.Nullable;
|
||||||
import java.io.Closeable;
|
import java.io.Closeable;
|
||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
@ -225,8 +226,18 @@ public class FSDirectory implements Closeable {
|
||||||
Class[] cArg = new Class[1];
|
Class[] cArg = new Class[1];
|
||||||
cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
|
cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
|
||||||
|
|
||||||
|
INodeAttributeProvider.AccessControlEnforcer enforcer =
|
||||||
|
attributeProvider.getExternalAccessControlEnforcer(null);
|
||||||
|
|
||||||
|
// If external enforcer is null, we use the default enforcer, which
|
||||||
|
// supports the new API.
|
||||||
|
if (enforcer == null) {
|
||||||
|
useAuthorizationWithContextAPI = true;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Class<?> clazz = attributeProvider.getClass();
|
Class<?> clazz = enforcer.getClass();
|
||||||
clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
|
clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
|
||||||
useAuthorizationWithContextAPI = true;
|
useAuthorizationWithContextAPI = true;
|
||||||
LOG.info("Use the new authorization provider API");
|
LOG.info("Use the new authorization provider API");
|
||||||
|
|
Loading…
Reference in New Issue