Home Explore Help
Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

HADOOP-6815. refreshSuperUserGroupsConfiguration should use server side configuration for the refresh

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@957074 13f79535-47bb-0310-9956-ffa450edef68
Boris Shkolnik 15 years ago
parent
35a4624771
commit
8970e93b01
5 changed files with 33 additions and 10 deletions
Unified View Show Diff Stats
  1. 3 0
      CHANGES.txt
  2. 9 0
      src/java/org/apache/hadoop/security/Groups.java
  3. 2 3
      src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
  4. 17 7
      src/java/org/apache/hadoop/security/authorize/ProxyUsers.java
  5. 2 0
      src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java

+ 3 - 0
CHANGES.txt
View File 

@@ -91,6 +91,9 @@ Trunk (unreleased changes)
 
     HADOOP-6652. Removes the unnecessary cache from ShellBasedUnixGroupsMapping.
 
     HADOOP-6652. Removes the unnecessary cache from ShellBasedUnixGroupsMapping.
 
     (ddas)
 
     (ddas)
 
 
 
+    HADOOP-6815. refreshSuperUserGroupsConfiguration should use server side 
+configuration for the refresh (boryas)
 
+
 
 Release 0.21.0 - Unreleased
 
 Release 0.21.0 - Unreleased
 
 
 
   INCOMPATIBLE CHANGES
 
   INCOMPATIBLE CHANGES

+ 9 - 0
src/java/org/apache/hadoop/security/Groups.java
View File 

@@ -121,6 +121,15 @@ public class Groups {
 
    * Get the groups being used to map user-to-groups.
 
    * Get the groups being used to map user-to-groups.
 
    * @return the groups being used to map user-to-groups.
 
    * @return the groups being used to map user-to-groups.
 
    */
 
    */
 
+  public static Groups getUserToGroupsMappingService() {
 
+    return getUserToGroupsMappingService(new Configuration()); 
+  }
 
+  
+  /**
 
+   * Get the groups being used to map user-to-groups.
 
+   * @param Configuration
 
+   * @return the groups being used to map user-to-groups.
 
+   */
 
   public static Groups getUserToGroupsMappingService(Configuration conf) {
 
   public static Groups getUserToGroupsMappingService(Configuration conf) {
 
     if(GROUPS == null) {
 
     if(GROUPS == null) {
 
       LOG.debug(" Creating new Groups object");
 
       LOG.debug(" Creating new Groups object");

+ 2 - 3
src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
View File 

@@ -46,13 +46,12 @@ public interface RefreshUserMappingsProtocol extends VersionedProtocol {
 
    * @param conf
 
    * @param conf
 
    * @throws IOException
 
    * @throws IOException
 
    */
 
    */
 
-  public void refreshUserToGroupsMappings(Configuration conf) throws IOException;
 
+  public void refreshUserToGroupsMappings() throws IOException;
 
   
   
   /**
 
   /**
 
    * Refresh superuser proxy group list
 
    * Refresh superuser proxy group list
 
-   * @param conf
 
    * @throws IOException
 
    * @throws IOException
 
    */
 
    */
 
-  public void refreshSuperUserGroupsConfiguration(Configuration conf) 
+  public void refreshSuperUserGroupsConfiguration() 
   throws IOException;
 
   throws IOException;
 
 }
 
 }

+ 17 - 7
src/java/org/apache/hadoop/security/authorize/ProxyUsers.java
View File 

@@ -37,7 +37,7 @@ public class ProxyUsers {
 
   public static final String CONF_GROUPS = ".groups";
 
   public static final String CONF_GROUPS = ".groups";
 
   public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
 
   public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
 
   public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\.";
 
   public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\.";
 
-  private static Configuration conf=null;
 
+  private static boolean init = false;
 
   // list of groups and hosts per proxyuser
 
   // list of groups and hosts per proxyuser
 
   private static Map<String, Collection<String>> proxyGroups = 
   private static Map<String, Collection<String>> proxyGroups = 
     new HashMap<String, Collection<String>>();
 
     new HashMap<String, Collection<String>>();
 
@@ -47,9 +47,17 @@ public class ProxyUsers {
 
   /**
 
   /**
 
    * reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts"
 
    * reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts"
 
    */
 
    */
 
-  public static synchronized void refreshSuperUserGroupsConfiguration(Configuration cn) {
 
-    conf = cn;
 
+  public static void refreshSuperUserGroupsConfiguration() {
 
+    //load server side configuration;
 
+    refreshSuperUserGroupsConfiguration(new Configuration());
 
+  }
 
 
 
+  /**
 
+   * refresh configuration
 
+   * @param conf
 
+   */
 
+  public static synchronized void refreshSuperUserGroupsConfiguration(Configuration conf) {
 
+    
     // remove alle existing stuff
 
     // remove alle existing stuff
 
     proxyGroups.clear();
 
     proxyGroups.clear();
 
     proxyHosts.clear();
 
     proxyHosts.clear();
 
@@ -69,6 +77,8 @@ public class ProxyUsers {
 
       proxyHosts.put(entry.getKey(),
 
       proxyHosts.put(entry.getKey(),
 
           StringUtils.getStringCollection(entry.getValue()));
 
           StringUtils.getStringCollection(entry.getValue()));
 
     }
 
     }
 
+    
+    init = true;
 
   }
 
   }
 
 
 
   /**
 
   /**
 
@@ -102,8 +112,8 @@ public class ProxyUsers {
 
   public static synchronized void authorize(UserGroupInformation user, 
   public static synchronized void authorize(UserGroupInformation user, 
       String remoteAddress, Configuration newConf) throws AuthorizationException {
 
       String remoteAddress, Configuration newConf) throws AuthorizationException {
 
 
 
-    if(conf == null) {
 
-      refreshSuperUserGroupsConfiguration(newConf); 
+    if(!init) {
 
+      refreshSuperUserGroupsConfiguration(); 
     }
 
     }
 
 
 
     if (user.getRealUser() == null) {
 
     if (user.getRealUser() == null) {
 
@@ -116,7 +126,7 @@ public class ProxyUsers {
 
     Collection<String> allowedUserGroups = proxyGroups.get(
 
     Collection<String> allowedUserGroups = proxyGroups.get(
 
         getProxySuperuserGroupConfKey(superUser.getShortUserName()));
 
         getProxySuperuserGroupConfKey(superUser.getShortUserName()));
 
     
     
-    if (!allowedUserGroups.isEmpty()) {
 
+    if (allowedUserGroups != null && !allowedUserGroups.isEmpty()) {
 
       for (String group : user.getGroupNames()) {
 
       for (String group : user.getGroupNames()) {
 
         if (allowedUserGroups.contains(group)) {
 
         if (allowedUserGroups.contains(group)) {
 
           groupAuthorized = true;
 
           groupAuthorized = true;
 
@@ -133,7 +143,7 @@ public class ProxyUsers {
 
     Collection<String> ipList = proxyHosts.get(
 
     Collection<String> ipList = proxyHosts.get(
 
         getProxySuperuserIpConfKey(superUser.getShortUserName()));
 
         getProxySuperuserIpConfKey(superUser.getShortUserName()));
 
     
     
-    if (!ipList.isEmpty()) {
 
+    if (ipList != null && !ipList.isEmpty()) {
 
       for (String allowedHost : ipList) {
 
       for (String allowedHost : ipList) {
 
         InetAddress hostAddr;
 
         InetAddress hostAddr;
 
         try {
 
         try {

+ 2 - 0
src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java
View File 

@@ -148,6 +148,7 @@ public class TestDoAsEffectiveUser {
 
     Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
 
     Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
 
         0, 5, true, conf, null);
 
         0, 5, true, conf, null);
 
 
 
+    refreshConf(conf);
 
     try {
 
     try {
 
       server.start();
 
       server.start();
 
 
 
@@ -188,6 +189,7 @@ public class TestDoAsEffectiveUser {
 
     Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
 
     Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
 
         0, 2, false, conf, null);
 
         0, 2, false, conf, null);
 
 
 
+    refreshConf(conf);
 
     try {
 
     try {
 
       server.start();
 
       server.start();