From d61c5bcb0bb69cf5a55565c4e1a70b16d174d74c Mon Sep 17 00:00:00 2001
From: Eli Collins <eli@apache.org>
Date: Wed, 18 Jul 2012 05:11:01 +0000
Subject: [PATCH] Revert HDFS-3639. JspHelper#getUGI should always verify the
 token if security is enabled.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1362760 13f79535-47bb-0310-9956-ffa450edef68
---
 hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt           |  3 ---
 .../apache/hadoop/hdfs/server/common/JspHelper.java   | 11 +++++++++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index 4c01ec63631..db73506cb66 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -497,9 +497,6 @@ Branch-2 ( Unreleased changes )
 
     HDFS-3615. Two BlockTokenSecretManager findbugs warnings. (atm)
 
-    HDFS-3639. JspHelper#getUGI should always verify the token if
-    security is enabled. (eli)
-
     HDFS-470. libhdfs should handle 0-length reads from FSInputStream
     correctly. (Colin Patrick McCabe via eli)
 
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java
index c0da8779fd3..f8bfee73a7e 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java
@@ -44,6 +44,7 @@
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.hdfs.BlockReader;
 import org.apache.hadoop.hdfs.BlockReaderFactory;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.hdfs.DFSUtil;
 import org.apache.hadoop.hdfs.protocol.DatanodeInfo;
 import org.apache.hadoop.hdfs.protocol.ExtendedBlock;
@@ -58,6 +59,7 @@
 import org.apache.hadoop.hdfs.web.resources.DoAsParam;
 import org.apache.hadoop.hdfs.web.resources.UserParam;
 import org.apache.hadoop.http.HtmlQuoting;
+import org.apache.hadoop.io.Text;
 import org.apache.hadoop.net.NetUtils;
 import org.apache.hadoop.security.AccessControlException;
 import org.apache.hadoop.security.SecurityUtil;
@@ -557,8 +559,13 @@ public static UserGroupInformation getUGI(ServletContext context,
         DataInputStream in = new DataInputStream(buf);
         DelegationTokenIdentifier id = new DelegationTokenIdentifier();
         id.readFields(in);
-        final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context);
-        nn.getNamesystem().verifyToken(id, token.getPassword());
+        if (context != null) {
+          final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context);
+          if (nn != null) {
+            // Verify the token.
+            nn.getNamesystem().verifyToken(id, token.getPassword());
+          }
+        }
         ugi = id.getUser();
         if (ugi.getRealUser() == null) {
           //non-proxy case