HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from non-Hadoop JAAS context. Contributed by Todd Lipcon
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1058875 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ee27b8ea64
commit
ebb7b7f088
|
@ -440,6 +440,9 @@ Release 0.22.0 - Unreleased
|
|||
|
||||
HADOOP-7093. Servlets should default to text/plain (todd)
|
||||
|
||||
HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from
|
||||
non-Hadoop JAAS context. (todd)
|
||||
|
||||
Release 0.21.1 - Unreleased
|
||||
|
||||
IMPROVEMENTS
|
||||
|
|
|
@ -468,7 +468,11 @@ public class UserGroupInformation {
|
|||
public static UserGroupInformation getCurrentUser() throws IOException {
|
||||
AccessControlContext context = AccessController.getContext();
|
||||
Subject subject = Subject.getSubject(context);
|
||||
return subject == null ? getLoginUser() : new UserGroupInformation(subject);
|
||||
if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
|
||||
return getLoginUser();
|
||||
} else {
|
||||
return new UserGroupInformation(subject);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -16,11 +16,7 @@
|
|||
*/
|
||||
package org.apache.hadoop.security;
|
||||
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.junit.Assert.*;
|
||||
import org.mockito.Mockito;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
|
@ -32,6 +28,7 @@ import java.util.ArrayList;
|
|||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.login.AppConfigurationEntry;
|
||||
import javax.security.auth.login.LoginContext;
|
||||
|
||||
|
@ -383,4 +380,22 @@ public class TestUserGroupInformation {
|
|||
// for "foobar"
|
||||
LoginContext login = new LoginContext("foobar-app");
|
||||
}
|
||||
|
||||
/**
|
||||
* Test for the case that UserGroupInformation.getCurrentUser()
|
||||
* is called when the AccessControlContext has a Subject associated
|
||||
* with it, but that Subject was not created by Hadoop (ie it has no
|
||||
* associated User principal)
|
||||
*/
|
||||
@Test
|
||||
public void testUGIUnderNonHadoopContext() throws Exception {
|
||||
Subject nonHadoopSubject = new Subject();
|
||||
Subject.doAs(nonHadoopSubject, new PrivilegedExceptionAction<Void>() {
|
||||
public Void run() throws IOException {
|
||||
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
|
||||
assertNotNull(ugi);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue