HBASE-23722 Real user might be null in non-proxy-user case

Closes #1085

Signed-off-by: stack <stack@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
This commit is contained in:
Josh Elser 2020-01-23 07:41:28 -05:00
parent 0dc71f9fdf
commit 427e367d95
1 changed files with 6 additions and 2 deletions

View File

@ -29,6 +29,7 @@ import org.apache.hadoop.hbase.HBaseInterfaceAudience;
import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.util.Pair; import org.apache.hadoop.hbase.util.Pair;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.yetus.audience.InterfaceAudience; import org.apache.yetus.audience.InterfaceAudience;
@ -124,8 +125,11 @@ public class BuiltInProviderSelector implements AuthenticationProviderSelector {
} }
} }
// Unwrap PROXY auth'n method if that's what we have coming in. // Unwrap PROXY auth'n method if that's what we have coming in.
if (user.getUGI().hasKerberosCredentials() || final UserGroupInformation currentUser = user.getUGI();
user.getUGI().getRealUser().hasKerberosCredentials()) { // May be null if Hadoop AuthenticationMethod is PROXY
final UserGroupInformation realUser = currentUser.getRealUser();
if (currentUser.hasKerberosCredentials() ||
(realUser != null && realUser.hasKerberosCredentials())) {
return new Pair<>(krbAuth, null); return new Pair<>(krbAuth, null);
} }
// This indicates that a client is requesting some authentication mechanism which the servers // This indicates that a client is requesting some authentication mechanism which the servers