11 tahun lalu · 05b8e8f7c1
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -553,6 +553,9 @@ Release 2.5.0 - UNRELEASED
 
				     HADOOP-10678. SecurityUtil has unnecessary synchronization on collection
			
 
				     used for only tests. (Benoy Antony via cnauroth)
			
 
				 
			
 
				+    HADOOP-10683. Users authenticated with KERBEROS are recorded as being
			
 
				+    authenticated with SIMPLE. (Benoy Antony via cnauroth)
			
 
				+
			
 
				   BREAKDOWN OF HADOOP-10514 SUBTASKS AND RELATED JIRAS
			
 
				 
			
 
				     HADOOP-10520. Extended attributes definition and FileSystem APIs for
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
@@ -1221,7 +1221,7 @@ public abstract class Server {
 
				         ugi.addTokenIdentifier(tokenId);
			
 
				         return ugi;
			
 
				       } else {
			
 
				-        return UserGroupInformation.createRemoteUser(authorizedId);
			
 
				+        return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
			
 
				       }
			
 
				     }
			
 
				 
			
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -1157,13 +1157,25 @@ public class UserGroupInformation {
 
				   @InterfaceAudience.Public
			
 
				   @InterfaceStability.Evolving
			
 
				   public static UserGroupInformation createRemoteUser(String user) {
			
 
				+    return createRemoteUser(user, AuthMethod.SIMPLE);
			
 
				+  }
			
 
				+  
			
 
				+  /**
			
 
				+   * Create a user from a login name. It is intended to be used for remote
			
 
				+   * users in RPC, since it won't have any credentials.
			
 
				+   * @param user the full user principal name, must not be empty or null
			
 
				+   * @return the UserGroupInformation for the remote user.
			
 
				+   */
			
 
				+  @InterfaceAudience.Public
			
 
				+  @InterfaceStability.Evolving
			
 
				+  public static UserGroupInformation createRemoteUser(String user, AuthMethod authMethod) {
			
 
				     if (user == null || user.isEmpty()) {
			
 
				       throw new IllegalArgumentException("Null user");
			
 
				     }
			
 
				     Subject subject = new Subject();
			
 
				     subject.getPrincipals().add(new User(user));
			
 
				     UserGroupInformation result = new UserGroupInformation(subject);
			
 
				-    result.setAuthenticationMethod(AuthenticationMethod.SIMPLE);
			
 
				+    result.setAuthenticationMethod(authMethod);
			
 
				     return result;
			
 
				   }
			
 
				 
			
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
@@ -20,6 +20,7 @@ import org.apache.hadoop.conf.Configuration;
 
				 import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
			
 
				 import org.apache.hadoop.io.Text;
			
 
				 import org.apache.hadoop.metrics2.MetricsRecordBuilder;
			
 
				+import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
			
 
				 import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
			
 
				 import org.apache.hadoop.security.authentication.util.KerberosName;
			
 
				 import org.apache.hadoop.security.token.Token;
			
@@ -31,6 +32,7 @@ import javax.security.auth.Subject;
 
				 import javax.security.auth.kerberos.KerberosPrincipal;
			
 
				 import javax.security.auth.login.AppConfigurationEntry;
			
 
				 import javax.security.auth.login.LoginContext;
			
 
				+
			
 
				 import java.io.BufferedReader;
			
 
				 import java.io.IOException;
			
 
				 import java.io.InputStreamReader;
			
@@ -151,6 +153,18 @@ public class TestUserGroupInformation {
 
				     assertEquals(AuthenticationMethod.PROXY, ugi.getAuthenticationMethod());
			
 
				     assertEquals(AuthenticationMethod.SIMPLE, ugi.getRealAuthenticationMethod());
			
 
				   }
			
 
				+  
			
 
				+  @Test (timeout = 30000)
			
 
				+  public void testCreateRemoteUser() {
			
 
				+    UserGroupInformation ugi = UserGroupInformation.createRemoteUser("user1");
			
 
				+    assertEquals(AuthenticationMethod.SIMPLE, ugi.getAuthenticationMethod());
			
 
				+    assertTrue (ugi.toString().contains("(auth:SIMPLE)"));
			
 
				+    ugi = UserGroupInformation.createRemoteUser("user1", 
			
 
				+        AuthMethod.KERBEROS);
			
 
				+    assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
			
 
				+    assertTrue (ugi.toString().contains("(auth:KERBEROS)"));
			
 
				+  }
			
 
				+  
			
 
				   /** Test login method */
			
 
				   @Test (timeout = 30000)
			
 
				   public void testLogin() throws Exception {