Home Esplora Aiuto
Accedi
apache
/
hadoop
mirror da https://github.com/apache/hadoop.git
2
0
Forka 1
File Problemi 0 Wiki
Sfoglia il codice sorgente

commit 0597a43481b779b1da5db0330be8e23a0b0d9aff
Author: Devaraj Das <ddas@yahoo-inc.com>
Date: Mon Nov 22 17:49:12 2010 -0800

. Adds a check for whether relogin is needed to getDelegationToken in HftpFileSystem. Contributed by Kan Zhang.

+++ b/YAHOO-CHANGES.txt
+ . Adds a check for whether relogin is needed to
+ getDelegationToken in HftpFileSystem. (Kan Zhang via ddas)
+


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security-patches@1077746 13f79535-47bb-0310-9956-ffa450edef68

Owen O'Malley 14 anni fa
parent
8d7744fead
commit
51afeefb6b
2 ha cambiato i file con 6 aggiunte e 10 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 3 6
      src/core/org/apache/hadoop/security/UserGroupInformation.java
  2. 3 4
      src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java

+ 3 - 6
src/core/org/apache/hadoop/security/UserGroupInformation.java
Vedi File 

@@ -448,7 +448,7 @@ public class UserGroupInformation {
 
    * Get the Kerberos TGT
 
    * @return the user's TGT or null if none was found
 
    */
 
-  private KerberosTicket getTGT() {
 
+  private synchronized KerberosTicket getTGT() {
 
     Set<KerberosTicket> tickets = 
       subject.getPrivateCredentials(KerberosTicket.class);
 
     for(KerberosTicket ticket: tickets) {
 
@@ -674,13 +674,10 @@ public class UserGroupInformation {
 
         || !isKeytab)
 
       return;
 
     KerberosTicket tgt = getTGT();
 
-    if (tgt == null) {
 
+    if (tgt != null && System.currentTimeMillis() < getRefreshTime(tgt)) {
 
       return;
 
     }
 
-
 
-    if (System.currentTimeMillis() > getRefreshTime(tgt)) {
 
-      reloginFromKeytab();
 
-    }
 
+    reloginFromKeytab();
 
   }
 
   
   /**

+ 3 - 4
src/hdfs/org/apache/hadoop/hdfs/HftpFileSystem.java
Vedi File 

@@ -166,9 +166,6 @@ public class HftpFileSystem extends FileSystem {
 
         }
 
       }
 
       
-      //Renew TGT if needed
 
-      ugi.checkTGTAndReloginFromKeytab();
 
-      
       //since we don't already have a token, go get one over https
 
       if (delegationToken == null) {
 
         delegationToken = 
@@ -179,8 +176,10 @@ public class HftpFileSystem extends FileSystem {
 
   }
 
   
   @Override
 
-  public Token<?> getDelegationToken(final String renewer) throws IOException {
 
+  public synchronized Token<?> getDelegationToken(final String renewer) throws IOException {
 
     try {
 
+      //Renew TGT if needed
 
+      ugi.checkTGTAndReloginFromKeytab();
 
       return ugi.doAs(new PrivilegedExceptionAction<Token<?>>() {
 
         public Token<?> run() throws IOException {
 
           Credentials c;