HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full principal name. (tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1342334 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2012-05-24 16:51:04 +00:00
parent c4f17d242d
commit e937068c0b
2 changed files with 12 additions and 2 deletions

View File

@ -49,6 +49,7 @@ import org.apache.hadoop.lib.service.ProxyUser;
import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter;
import org.apache.hadoop.lib.servlet.HostnameFilter;
import org.apache.hadoop.lib.wsrs.InputStreamEntity;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.json.simple.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -145,9 +146,15 @@ public class HttpFSServer {
String effectiveUser = user.getName();
if (doAs != null && !doAs.equals(user.getName())) {
ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class);
proxyUser.validate(user.getName(), HostnameFilter.get(), doAs);
String proxyUserName;
if (user instanceof AuthenticationToken) {
proxyUserName = ((AuthenticationToken)user).getUserName();
} else {
proxyUserName = user.getName();
}
proxyUser.validate(proxyUserName, HostnameFilter.get(), doAs);
effectiveUser = doAs;
AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", user.getName(), doAs);
AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", proxyUserName, doAs);
}
return effectiveUser;
}

View File

@ -254,6 +254,9 @@ Release 2.0.1-alpha - UNRELEASED
use the stored generation stamp to check if the block is valid. (Vinay
via szetszwo)
HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full
principal name. (tucu)
Release 2.0.0-alpha - UNRELEASED
INCOMPATIBLE CHANGES