Merge -r 1342333:1342334 from trunk to branch. FIXES: HDFS-3460

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1342336 13f79535-47bb-0310-9956-ffa450edef68

hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java

@@ -49,6 +49,7 @@ import org.apache.hadoop.lib.service.ProxyUser;
 import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter;
 import org.apache.hadoop.lib.servlet.HostnameFilter;
 import org.apache.hadoop.lib.wsrs.InputStreamEntity;
+import org.apache.hadoop.security.authentication.server.AuthenticationToken;
 import org.json.simple.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -145,9 +146,15 @@ public class HttpFSServer {
     String effectiveUser = user.getName();
     if (doAs != null && !doAs.equals(user.getName())) {
       ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class);
-      proxyUser.validate(user.getName(), HostnameFilter.get(), doAs);
+      String proxyUserName;
+      if (user instanceof AuthenticationToken) {
+        proxyUserName = ((AuthenticationToken)user).getUserName();
+      } else {
+        proxyUserName = user.getName();
+      }
+      proxyUser.validate(proxyUserName, HostnameFilter.get(), doAs);
       effectiveUser = doAs;
-      AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", user.getName(), doAs);
+      AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", proxyUserName, doAs);
     }
     return effectiveUser;
   }

hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

@@ -110,6 +110,9 @@ Release 2.0.1-alpha - UNRELEASED
     use the stored generation stamp to check if the block is valid.  (Vinay
     via szetszwo)
 
+    HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full 
+    principal name. (tucu)
+
 Release 2.0.0-alpha - UNRELEASED
 
   INCOMPATIBLE CHANGES