HBASE-23722 Real user might be null in non-proxy-user case
Closes #1085 Signed-off-by: stack <stack@apache.org> Signed-off-by: Viraj Jasani <vjasani@apache.org>
This commit is contained in:
parent
0dc71f9fdf
commit
427e367d95
|
@ -29,6 +29,7 @@ import org.apache.hadoop.hbase.HBaseInterfaceAudience;
|
|||
import org.apache.hadoop.hbase.security.User;
|
||||
import org.apache.hadoop.hbase.util.Pair;
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.security.token.TokenIdentifier;
|
||||
import org.apache.yetus.audience.InterfaceAudience;
|
||||
|
@ -124,8 +125,11 @@ public class BuiltInProviderSelector implements AuthenticationProviderSelector {
|
|||
}
|
||||
}
|
||||
// Unwrap PROXY auth'n method if that's what we have coming in.
|
||||
if (user.getUGI().hasKerberosCredentials() ||
|
||||
user.getUGI().getRealUser().hasKerberosCredentials()) {
|
||||
final UserGroupInformation currentUser = user.getUGI();
|
||||
// May be null if Hadoop AuthenticationMethod is PROXY
|
||||
final UserGroupInformation realUser = currentUser.getRealUser();
|
||||
if (currentUser.hasKerberosCredentials() ||
|
||||
(realUser != null && realUser.hasKerberosCredentials())) {
|
||||
return new Pair<>(krbAuth, null);
|
||||
}
|
||||
// This indicates that a client is requesting some authentication mechanism which the servers
|
||||
|
|
Loading…
Reference in New Issue