HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from non-Hadoop JAAS context. Contributed by Todd Lipcon

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1058875 13f79535-47bb-0310-9956-ffa450edef68
2011-01-14 07:17:06 +00:00 · 2011-01-14 07:17:06 +00:00 · ebb7b7f088
parent ee27b8ea64
commit ebb7b7f088
3 changed files with 28 additions and 6 deletions
--- a/CHANGES.txt
+++ b/CHANGES.txt
@ -440,6 +440,9 @@ Release 0.22.0 - Unreleased
    HADOOP-7093. Servlets should default to text/plain (todd)
    HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from
    non-Hadoop JAAS context. (todd)
 Release 0.21.1 - Unreleased
  IMPROVEMENTS
--- a/src/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/src/java/org/apache/hadoop/security/UserGroupInformation.java
@ -468,7 +468,11 @@ public class UserGroupInformation {
  public static UserGroupInformation getCurrentUser() throws IOException {
    AccessControlContext context = AccessController.getContext();
    Subject subject = Subject.getSubject(context);
-    return subject == null ? getLoginUser() : new UserGroupInformation(subject);
+    if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
      return getLoginUser();
    } else {
      return new UserGroupInformation(subject);
    }
  }
  /**
--- a/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
+++ b/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
@ -16,11 +16,7 @@
 */
 package org.apache.hadoop.security;
-import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.*;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import org.mockito.Mockito;
 import static org.mockito.Mockito.mock;
@ -32,6 +28,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import javax.security.auth.Subject;
 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.LoginContext;
@ -383,4 +380,22 @@ public class TestUserGroupInformation {
    // for "foobar"
    LoginContext login = new LoginContext("foobar-app");
  }
  /**
   * Test for the case that UserGroupInformation.getCurrentUser()
   * is called when the AccessControlContext has a Subject associated
   * with it, but that Subject was not created by Hadoop (ie it has no
   * associated User principal)
   */
  @Test
  public void testUGIUnderNonHadoopContext() throws Exception {
    Subject nonHadoopSubject = new Subject();
    Subject.doAs(nonHadoopSubject, new PrivilegedExceptionAction<Void>() {
        public Void run() throws IOException {
          UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
          assertNotNull(ugi);
          return null;
        }
      });
  }
 }