HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full principal name. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1342334 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
c4f17d242d
commit
e937068c0b
|
@ -49,6 +49,7 @@ import org.apache.hadoop.lib.service.ProxyUser;
|
|||
import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter;
|
||||
import org.apache.hadoop.lib.servlet.HostnameFilter;
|
||||
import org.apache.hadoop.lib.wsrs.InputStreamEntity;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
|
||||
import org.json.simple.JSONObject;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -145,9 +146,15 @@ public class HttpFSServer {
|
|||
String effectiveUser = user.getName();
|
||||
if (doAs != null && !doAs.equals(user.getName())) {
|
||||
ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class);
|
||||
proxyUser.validate(user.getName(), HostnameFilter.get(), doAs);
|
||||
String proxyUserName;
|
||||
if (user instanceof AuthenticationToken) {
|
||||
proxyUserName = ((AuthenticationToken)user).getUserName();
|
||||
} else {
|
||||
proxyUserName = user.getName();
|
||||
}
|
||||
proxyUser.validate(proxyUserName, HostnameFilter.get(), doAs);
|
||||
effectiveUser = doAs;
|
||||
AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", user.getName(), doAs);
|
||||
AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", proxyUserName, doAs);
|
||||
}
|
||||
return effectiveUser;
|
||||
}
|
||||
|
|
|
@ -254,6 +254,9 @@ Release 2.0.1-alpha - UNRELEASED
|
|||
use the stored generation stamp to check if the block is valid. (Vinay
|
||||
via szetszwo)
|
||||
|
||||
HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full
|
||||
principal name. (tucu)
|
||||
|
||||
Release 2.0.0-alpha - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
|
Loading…
Reference in New Issue