首页 发现 帮助
注册 登录
apache
/
hadoop
镜像自地址 https://github.com/apache/hadoop.git
2
0
派生 1
文件 工单管理 0 Wiki
浏览代码

HADOOP-12682. Fix TestKMS#testKMSRestart* failure. Contributed by Wei-Chiu Chuang.

(cherry picked from commit ab725cff66e8a047e9437e42ac49ac8685ee7a94)

Conflicts:
	hadoop-common-project/hadoop-common/CHANGES.txt
Xiaoyu Yao 9 年之前
父节点
c3f24c6353
当前提交
77deb15c17
共有 2 个文件被更改,包括 39 次插入18 次删除
合并视图 显示文件统计
  1. 36 0
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
  2. 3 18
      hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java

+ 36 - 0
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
查看文件 

@@ -964,6 +964,42 @@ public class UserGroupInformation {
 
     LOG.info("Login successful for user " + keytabPrincipal
 
     LOG.info("Login successful for user " + keytabPrincipal
 
         + " using keytab file " + keytabFile);
 
         + " using keytab file " + keytabFile);
 
   }
 
   }
 
+
 
+  /**
 
+   * Log the current user out who previously logged in using keytab.
 
+   * This method assumes that the user logged in by calling
 
+   * {@link #loginUserFromKeytab(String, String)}.
 
+   *
 
+   * @throws IOException if a failure occurred in logout, or if the user did
 
+   * not log in by invoking loginUserFromKeyTab() before.
 
+   */
 
+  @InterfaceAudience.Public
 
+  @InterfaceStability.Evolving
 
+  public void logoutUserFromKeytab() throws IOException {
 
+    if (!isSecurityEnabled() ||
 
+        user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS) {
 
+      return;
 
+    }
 
+    LoginContext login = getLogin();
 
+    if (login == null || keytabFile == null) {
 
+      throw new IOException("loginUserFromKeytab must be done first");
 
+    }
 
+
 
+    try {
 
+      if (LOG.isDebugEnabled()) {
 
+        LOG.debug("Initiating logout for " + getUserName());
 
+      }
 
+      synchronized (UserGroupInformation.class) {
 
+        login.logout();
 
+      }
 
+    } catch (LoginException le) {
 
+      throw new IOException("Logout failure for " + user + " from keytab " +
 
+          keytabFile, le);
 
+    }
 
+
 
+    LOG.info("Logout successful for user " + keytabPrincipal
 
+        + " using keytab file " + keytabFile);
 
+  }
 
   
   
   /**
 
   /**
 
    * Re-login a user from keytab if TGT is expired or is close to expiry.
 
    * Re-login a user from keytab if TGT is expired or is close to expiry.

+ 3 - 18
hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
查看文件 

@@ -43,10 +43,8 @@ import org.junit.Before;
 
 import org.junit.BeforeClass;
 
 import org.junit.BeforeClass;
 
 import org.junit.Test;
 
 import org.junit.Test;
 
 
 
-import javax.security.auth.Subject;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import javax.security.auth.login.AppConfigurationEntry;
 
 import javax.security.auth.login.AppConfigurationEntry;
 
-import javax.security.auth.login.LoginContext;
 
 
 
 import java.io.File;
 
 import java.io.File;
 
 import java.io.FileWriter;
 
 import java.io.FileWriter;
 
@@ -60,16 +58,13 @@ import java.net.ServerSocket;
 
 import java.net.SocketTimeoutException;
 
 import java.net.SocketTimeoutException;
 
 import java.net.URI;
 
 import java.net.URI;
 
 import java.net.URL;
 
 import java.net.URL;
 
-import java.security.Principal;
 
 import java.security.PrivilegedExceptionAction;
 
 import java.security.PrivilegedExceptionAction;
 
 import java.util.ArrayList;
 
 import java.util.ArrayList;
 
 import java.util.Date;
 
 import java.util.Date;
 
 import java.util.HashMap;
 
 import java.util.HashMap;
 
-import java.util.HashSet;
 
 import java.util.List;
 
 import java.util.List;
 
 import java.util.Map;
 
 import java.util.Map;
 
 import java.util.Properties;
 
 import java.util.Properties;
 
-import java.util.Set;
 
 import java.util.UUID;
 
 import java.util.UUID;
 
 import java.util.concurrent.Callable;
 
 import java.util.concurrent.Callable;
 
 
 
@@ -245,22 +240,12 @@ public class TestKMS {
 
 
 
   private <T> T doAs(String user, final PrivilegedExceptionAction<T> action)
 
   private <T> T doAs(String user, final PrivilegedExceptionAction<T> action)
 
       throws Exception {
 
       throws Exception {
 
-    Set<Principal> principals = new HashSet<Principal>();
 
-    principals.add(new KerberosPrincipal(user));
 
-
 
-    //client login
 
-    Subject subject = new Subject(false, principals,
 
-        new HashSet<Object>(), new HashSet<Object>());
 
-    LoginContext loginContext = new LoginContext("", subject, null,
 
-        KerberosConfiguration.createClientConfig(user, keytab));
 
+    UserGroupInformation.loginUserFromKeytab(user, keytab.getAbsolutePath());
 
+    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
 
     try {
 
     try {
 
-      loginContext.login();
 
-      subject = loginContext.getSubject();
 
-      UserGroupInformation ugi =
 
-          UserGroupInformation.getUGIFromSubject(subject);
 
       return ugi.doAs(action);
 
       return ugi.doAs(action);
 
     } finally {
 
     } finally {
 
-      loginContext.logout();
 
+      ugi.logoutUserFromKeytab();
 
     }
 
     }
 
   }
 
   }