Home Explore Help
Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token auth type. (daryn)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1@1366467 13f79535-47bb-0310-9956-ffa450edef68
Daryn Sharp 13 years ago
parent
3e286fbad0
commit
387cf3502e
4 changed files with 59 additions and 5 deletions
Split View Show Diff Stats
  1. 3 0
      CHANGES.txt
  2. 8 4
      src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
  3. 0 1
      src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
  4. 48 0
      src/test/org/apache/hadoop/security/token/delegation/TestDelegationToken.java

+ 3 - 0
CHANGES.txt
View File 

@@ -136,6 +136,9 @@ Release 1.2.0 - unreleased
 
     HDFS-3696. Set chunked streaming mode in WebHdfsFileSystem write operations
 
     to get around a Java library bug causing OutOfMemoryError.  (szetszwo)
 
 
+    HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token
 
+    auth type. (daryn)
 
+
 
 Release 1.1.0 - unreleased
 
 
   INCOMPATIBLE CHANGES

+ 8 - 4
src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
View File 

@@ -30,6 +30,7 @@ import org.apache.hadoop.io.Text;
 
 import org.apache.hadoop.io.WritableUtils;
 
 import org.apache.hadoop.security.KerberosName;
 
 import org.apache.hadoop.security.UserGroupInformation;
 
+import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
 
 import org.apache.hadoop.security.token.TokenIdentifier;
 
 
 //@InterfaceAudience.LimitedPrivate({HDFS, MAPREDUCE})
 
@@ -86,14 +87,17 @@ extends TokenIdentifier {
 
     if ( (owner == null) || ("".equals(owner.toString()))) {
 
       return null;
 
     }
 
+    final UserGroupInformation realUgi;
 
+    final UserGroupInformation ugi;
 
     if ((realUser == null) || ("".equals(realUser.toString()))
 
         || realUser.equals(owner)) {
 
-      return UserGroupInformation.createRemoteUser(owner.toString());
 
+      ugi = realUgi = UserGroupInformation.createRemoteUser(owner.toString());
 
     } else {
 
-      UserGroupInformation realUgi = UserGroupInformation
 
-          .createRemoteUser(realUser.toString());
 
-      return UserGroupInformation.createProxyUser(owner.toString(), realUgi);
 
+      realUgi = UserGroupInformation.createRemoteUser(realUser.toString());
 
+      ugi = UserGroupInformation.createProxyUser(owner.toString(), realUgi);
 
     }
 
+    realUgi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
 
+    return ugi;
 
   }
 
 
   public Text getRenewer() {

+ 0 - 1
src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
View File 

@@ -506,7 +506,6 @@ public class JspHelper {
 
           ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
 
         }
 
         ugi.addToken(token);
 
-        ugi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
 
       } else {
 
         if(remoteUser == null) {
 
           throw new IOException("Security enabled but user not " +

+ 48 - 0
src/test/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
View File 

@@ -39,6 +39,8 @@ import org.apache.hadoop.io.DataOutputBuffer;
 
 import org.apache.hadoop.io.Text;
 
 import org.apache.hadoop.io.Writable;
 
 import org.apache.hadoop.security.AccessControlException;
 
+import org.apache.hadoop.security.UserGroupInformation;
 
+import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
 
 import org.apache.hadoop.security.token.SecretManager;
 
 import org.apache.hadoop.security.token.Token;
 
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
 
@@ -169,6 +171,52 @@ public class TestDelegationToken {
 
     }
 
   }
 
 
+  @Test
 
+  public void testGetUserNullOwner() {
 
+    TestDelegationTokenIdentifier ident =
 
+        new TestDelegationTokenIdentifier(null, null, null);
 
+    UserGroupInformation ugi = ident.getUser();
 
+    assertNull(ugi);
 
+  }
 
+  
+  @Test
 
+  public void testGetUserWithOwner() {
 
+    TestDelegationTokenIdentifier ident =
 
+        new TestDelegationTokenIdentifier(new Text("owner"), null, null);
 
+    UserGroupInformation ugi = ident.getUser();
 
+    assertNull(ugi.getRealUser());
 
+    assertEquals("owner", ugi.getUserName());
 
+    assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
 
+  }
 
+
 
+  @Test
 
+  public void testGetUserWithOwnerEqualsReal() {
 
+    Text owner = new Text("owner");
 
+    TestDelegationTokenIdentifier ident =
 
+        new TestDelegationTokenIdentifier(owner, null, owner);
 
+    UserGroupInformation ugi = ident.getUser();
 
+    assertNull(ugi.getRealUser());
 
+    assertEquals("owner", ugi.getUserName());
 
+    assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
 
+  }
 
+
 
+  @Test
 
+  public void testGetUserWithOwnerAndReal() {
 
+    Text owner = new Text("owner");
 
+    Text realUser = new Text("realUser");
 
+    TestDelegationTokenIdentifier ident =
 
+        new TestDelegationTokenIdentifier(owner, null, realUser);
 
+    UserGroupInformation ugi = ident.getUser();
 
+    assertNotNull(ugi.getRealUser());
 
+    assertNull(ugi.getRealUser().getRealUser());
 
+    assertEquals("owner", ugi.getUserName());
 
+    assertEquals("realUser", ugi.getRealUser().getUserName());
 
+    assertEquals(AuthenticationMethod.PROXY,
 
+                 ugi.getAuthenticationMethod());
 
+    assertEquals(AuthenticationMethod.TOKEN,
 
+                 ugi.getRealUser().getAuthenticationMethod());
 
+  }
 
+
 
   @Test
 
   public void testDelegationTokenSecretManager() throws Exception {
 
     final TestDelegationTokenSecretManager dtSecretManager =