svn merge -c 1366440 FIXES: HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token auth type. (daryn)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1366450 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Daryn Sharp 2012-07-27 16:53:38 +00:00
parent 85351f8176
commit b1109c152e
4 changed files with 59 additions and 5 deletions

View File

@ -673,6 +673,9 @@ Release 0.23.3 - UNRELEASED
HADOOP-8551. fs -mkdir creates parent directories without the -p option HADOOP-8551. fs -mkdir creates parent directories without the -p option
(John George via bobby) (John George via bobby)
HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token
auth type. (daryn)
Release 0.23.2 - UNRELEASED Release 0.23.2 - UNRELEASED
NEW FEATURES NEW FEATURES

View File

@ -29,6 +29,7 @@ import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.WritableUtils; import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.security.HadoopKerberosName; import org.apache.hadoop.security.HadoopKerberosName;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
@ -88,14 +89,17 @@ extends TokenIdentifier {
if ( (owner == null) || ("".equals(owner.toString()))) { if ( (owner == null) || ("".equals(owner.toString()))) {
return null; return null;
} }
final UserGroupInformation realUgi;
final UserGroupInformation ugi;
if ((realUser == null) || ("".equals(realUser.toString())) if ((realUser == null) || ("".equals(realUser.toString()))
|| realUser.equals(owner)) { || realUser.equals(owner)) {
return UserGroupInformation.createRemoteUser(owner.toString()); ugi = realUgi = UserGroupInformation.createRemoteUser(owner.toString());
} else { } else {
UserGroupInformation realUgi = UserGroupInformation realUgi = UserGroupInformation.createRemoteUser(realUser.toString());
.createRemoteUser(realUser.toString()); ugi = UserGroupInformation.createProxyUser(owner.toString(), realUgi);
return UserGroupInformation.createProxyUser(owner.toString(), realUgi);
} }
realUgi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
return ugi;
} }
public Text getOwner() { public Text getOwner() {

View File

@ -40,6 +40,8 @@ import org.apache.hadoop.io.DataOutputBuffer;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable; import org.apache.hadoop.io.Writable;
import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.SecretManager; import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.SecretManager.InvalidToken; import org.apache.hadoop.security.token.SecretManager.InvalidToken;
@ -171,6 +173,52 @@ public class TestDelegationToken {
} }
} }
@Test
public void testGetUserNullOwner() {
TestDelegationTokenIdentifier ident =
new TestDelegationTokenIdentifier(null, null, null);
UserGroupInformation ugi = ident.getUser();
assertNull(ugi);
}
@Test
public void testGetUserWithOwner() {
TestDelegationTokenIdentifier ident =
new TestDelegationTokenIdentifier(new Text("owner"), null, null);
UserGroupInformation ugi = ident.getUser();
assertNull(ugi.getRealUser());
assertEquals("owner", ugi.getUserName());
assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
}
@Test
public void testGetUserWithOwnerEqualsReal() {
Text owner = new Text("owner");
TestDelegationTokenIdentifier ident =
new TestDelegationTokenIdentifier(owner, null, owner);
UserGroupInformation ugi = ident.getUser();
assertNull(ugi.getRealUser());
assertEquals("owner", ugi.getUserName());
assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
}
@Test
public void testGetUserWithOwnerAndReal() {
Text owner = new Text("owner");
Text realUser = new Text("realUser");
TestDelegationTokenIdentifier ident =
new TestDelegationTokenIdentifier(owner, null, realUser);
UserGroupInformation ugi = ident.getUser();
assertNotNull(ugi.getRealUser());
assertNull(ugi.getRealUser().getRealUser());
assertEquals("owner", ugi.getUserName());
assertEquals("realUser", ugi.getRealUser().getUserName());
assertEquals(AuthenticationMethod.PROXY,
ugi.getAuthenticationMethod());
assertEquals(AuthenticationMethod.TOKEN,
ugi.getRealUser().getAuthenticationMethod());
}
@Test @Test
public void testDelegationTokenSecretManager() throws Exception { public void testDelegationTokenSecretManager() throws Exception {
final TestDelegationTokenSecretManager dtSecretManager = final TestDelegationTokenSecretManager dtSecretManager =

View File

@ -578,7 +578,6 @@ public class JspHelper {
ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf); ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
} }
ugi.addToken(token); ugi.addToken(token);
ugi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
} else { } else {
if(remoteUser == null) { if(remoteUser == null) {
throw new IOException("Security enabled but user not " + throw new IOException("Security enabled but user not " +