From fd1befb6ba450e45b1fcb3fb28b0da6c48daf6b3 Mon Sep 17 00:00:00 2001 From: Xiaoyu Yao Date: Wed, 17 Feb 2016 08:27:27 -0800 Subject: [PATCH] HADOOP-12878. KMS SPNEGO sequence does not work with WEBHDFS. Contributed by Xiaoyu Yao. --- hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ .../hadoop/crypto/key/kms/KMSClientProvider.java | 14 +++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index b0dda765183..cde5f3b7ccb 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -1710,6 +1710,8 @@ Release 2.8.0 - UNRELEASED HADOOP-12780. During atomic rename handle crash when one directory has been renamed but not file under it. (Madhumita Chakraborty via cnauroth) + HADOOP-12878. KMS SPNEGO sequence does not work with WEBHDFS. (xyao) + Release 2.7.3 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index fd7a83ebe1f..7682888a935 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -397,11 +397,15 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT), new EncryptedQueueRefiller()); authToken = new DelegationTokenAuthenticatedURL.Token(); - actualUgi = - (UserGroupInformation.getCurrentUser().getAuthenticationMethod() == - UserGroupInformation.AuthenticationMethod.PROXY) ? UserGroupInformation - .getCurrentUser().getRealUser() : UserGroupInformation - .getCurrentUser(); + UserGroupInformation.AuthenticationMethod authMethod = + UserGroupInformation.getCurrentUser().getAuthenticationMethod(); + if (authMethod == UserGroupInformation.AuthenticationMethod.PROXY) { + actualUgi = UserGroupInformation.getCurrentUser().getRealUser(); + } else if (authMethod == UserGroupInformation.AuthenticationMethod.TOKEN) { + actualUgi = UserGroupInformation.getLoginUser(); + } else { + actualUgi =UserGroupInformation.getCurrentUser(); + } } private static Path extractKMSPath(URI uri) throws MalformedURLException, IOException {