commit e0729b6ef778e0d01725ae0fb6fa3cf6ba8eeb1c

Author: Jakob Homan <jhoman@yahoo-inc.com>
Date:   Wed Mar 3 10:50:34 2010 -0800

    HDFS:1017 from
    https://issues.apache.org/jira/secure/attachment/12437683/HDFS-1017-Y20-2.patch
    
    +++ b/YAHOO-CHANGES.txt
    +
    +    HDFS-1017. browsedfs jsp should call JspHelper.getUGI rather than using
    +    createRemoteUser(). (jhoman)
    +    HDFS-1005. Fsck security. Makes it work over kerberized SSL(boryas and jhoman)
    +


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security-patches@1077272 13f79535-47bb-0310-9956-ffa450edef68

src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java

@@ -450,6 +450,8 @@ public class JspHelper {
                                 "authenticated by filter");
         }
         ugi = UserGroupInformation.createRemoteUser(user);
+        // This is not necessarily true, could have been auth'ed by user-facing
+        // filter
         ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS_SSL);
       }
     } else { // Security's not on, pull from url

src/webapps/hdfs/nn_browsedfscontent.jsp

@@ -20,18 +20,16 @@
   import="java.net.URLEncoder"
 %>
 <%!
-  static String getDelegationToken(final NameNode nn, final String user
-                                   ) throws IOException, InterruptedException {
-    if (user == null) {
-      return null;
-    }
-    UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
+  static String getDelegationToken(final NameNode nn,
+                                   HttpServletRequest request, Configuration conf) 
+                                   throws IOException, InterruptedException {
+    final UserGroupInformation ugi = JspHelper.getUGI(request, conf);
     Token<DelegationTokenIdentifier> token =
       ugi.doAs(
               new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>()
           {
             public Token<DelegationTokenIdentifier> run() throws IOException {
-              return nn.getDelegationToken(new Text(user));
+              return nn.getDelegationToken(new Text(ugi.getUserName()));
             }
           });
     return token.encodeToUrlString();
@@ -40,9 +38,10 @@
   public void redirectToRandomDataNode(
                             NameNode nn, 
                             HttpServletRequest request,
-                            HttpServletResponse resp
+                            HttpServletResponse resp,
+                            Configuration conf
                            ) throws IOException, InterruptedException {
-    String tokenString = getDelegationToken(nn, request.getRemoteUser());
+    String tokenString = getDelegationToken(nn, request, conf);
     FSNamesystem fsn = nn.getNamesystem();
     String datanode = fsn.randomDataNode();
     String redirectLocation;
@@ -76,7 +75,7 @@
 <% 
   NameNode nn = (NameNode)application.getAttribute("name.node");
   Configuration conf = (Configuration) application.getAttribute("name.conf");
-  redirectToRandomDataNode(nn, request, response); 
+  redirectToRandomDataNode(nn, request, response, conf); 
 %>
 <hr>