HBASE-23722 Real user might be null in non-proxy-user case
Closes #1085 Signed-off-by: stack <stack@apache.org> Signed-off-by: Viraj Jasani <vjasani@apache.org>
This commit is contained in:
parent
0dc71f9fdf
commit
427e367d95
|
@ -29,6 +29,7 @@ import org.apache.hadoop.hbase.HBaseInterfaceAudience;
|
||||||
import org.apache.hadoop.hbase.security.User;
|
import org.apache.hadoop.hbase.security.User;
|
||||||
import org.apache.hadoop.hbase.util.Pair;
|
import org.apache.hadoop.hbase.util.Pair;
|
||||||
import org.apache.hadoop.io.Text;
|
import org.apache.hadoop.io.Text;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
import org.apache.hadoop.security.token.TokenIdentifier;
|
import org.apache.hadoop.security.token.TokenIdentifier;
|
||||||
import org.apache.yetus.audience.InterfaceAudience;
|
import org.apache.yetus.audience.InterfaceAudience;
|
||||||
|
@ -124,8 +125,11 @@ public class BuiltInProviderSelector implements AuthenticationProviderSelector {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Unwrap PROXY auth'n method if that's what we have coming in.
|
// Unwrap PROXY auth'n method if that's what we have coming in.
|
||||||
if (user.getUGI().hasKerberosCredentials() ||
|
final UserGroupInformation currentUser = user.getUGI();
|
||||||
user.getUGI().getRealUser().hasKerberosCredentials()) {
|
// May be null if Hadoop AuthenticationMethod is PROXY
|
||||||
|
final UserGroupInformation realUser = currentUser.getRealUser();
|
||||||
|
if (currentUser.hasKerberosCredentials() ||
|
||||||
|
(realUser != null && realUser.hasKerberosCredentials())) {
|
||||||
return new Pair<>(krbAuth, null);
|
return new Pair<>(krbAuth, null);
|
||||||
}
|
}
|
||||||
// This indicates that a client is requesting some authentication mechanism which the servers
|
// This indicates that a client is requesting some authentication mechanism which the servers
|
||||||
|
|
Loading…
Reference in New Issue