HDFS-1017. browsedfs jsp should call JspHelper.getUGI rather than using createRemoteUser()

git-svn-id: https://svn.apache.org/repos/asf/hadoop/hdfs/trunk@957378 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -96,6 +96,9 @@ Trunk (unreleased changes)
 
     HDFS-1036. in DelegationTokenFetch dfs.getURI returns no port (boryas)
 
+    HDFS-1017. browsedfs jsp should call JspHelper.getUGI rather 
+    than using createRemoteUser() (jnp via boryas)
+
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

src/java/org/apache/hadoop/hdfs/server/common/JspHelper.java

@@ -491,6 +491,8 @@ public class JspHelper {
                                 "authenticated by filter");
         }
         ugi = UserGroupInformation.createRemoteUser(user);
+        // This is not necessarily true, could have been auth'ed by user-facing
+        // filter
         ugi.setAuthenticationMethod(AuthenticationMethod.KERBEROS_SSL);
       }
     } else { // Security's not on, pull from url

src/java/org/apache/hadoop/hdfs/server/namenode/NamenodeJspHelper.java

@@ -295,20 +295,19 @@ class NamenodeJspHelper {
     }
   }
 
-  static String getDelegationToken(final NameNode nn, final String user
-                                   ) throws IOException, InterruptedException {
-    if (!UserGroupInformation.isSecurityEnabled() ||  user == null) {
-      return null;
-    }
-    UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
-    Token<DelegationTokenIdentifier> token =
-      ugi.doAs(
-               new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
-                 public Token<DelegationTokenIdentifier> run() throws IOException {
-                   return nn.getDelegationToken(new Text(user));
-                 }
-               });
-    return token.encodeToUrlString();
+  static String getDelegationToken(final NameNode nn,
+      HttpServletRequest request, Configuration conf) throws IOException,
+      InterruptedException {
+    final UserGroupInformation ugi = JspHelper.getUGI(request, conf);
+
+    Token<DelegationTokenIdentifier> token = ugi
+        .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
+          public Token<DelegationTokenIdentifier> run() throws IOException {
+            return nn.getDelegationToken(new Text(ugi.getUserName()));
+          }
+        });
+
+    return token == null ? null : token.encodeToUrlString();
   }
 
   static void redirectToRandomDataNode(final NameNode nn, 
@@ -318,8 +317,7 @@ class NamenodeJspHelper {
                                        ) throws IOException,
                                                 InterruptedException {
     final DatanodeID datanode = nn.getNamesystem().getRandomDatanode();
-    final String user = request.getRemoteUser();
-    String tokenString = getDelegationToken(nn, user);
+    String tokenString = getDelegationToken(nn, request, conf);
     // if the user is defined, get a delegation token and stringify it
     final String redirectLocation;
     final String nodeToRedirect;

src/test/hdfs/org/apache/hadoop/hdfs/server/namenode/TestNameNodeJspHelper.java

@@ -18,8 +18,12 @@
 package org.apache.hadoop.hdfs.server.namenode;
 
 
+import static org.mockito.Mockito.mock;
+
 import java.io.IOException;
 
+import javax.servlet.http.HttpServletRequest;
+
 import junit.framework.Assert;
 
 import org.apache.hadoop.conf.Configuration;
@@ -32,10 +36,11 @@ import org.junit.Test;
 public class TestNameNodeJspHelper {
 
   private MiniDFSCluster cluster = null;
+  Configuration conf = null;
 
   @Before
   public void setUp() throws Exception {
-    Configuration conf = new HdfsConfiguration();
+    conf = new HdfsConfiguration();
     cluster  = new MiniDFSCluster(conf, 1, true, null);
     cluster.waitActive();
   }
@@ -49,7 +54,9 @@ public class TestNameNodeJspHelper {
   @Test
   public void testDelegationToken() throws IOException, InterruptedException {
     NameNode nn = cluster.getNameNode();
-    String tokenString = NamenodeJspHelper.getDelegationToken(nn, "SomeUser");
+    HttpServletRequest request = mock(HttpServletRequest.class);
+    String tokenString = NamenodeJspHelper
+        .getDelegationToken(nn, request, conf);
     //tokenString returned must be null because security is disabled
     Assert.assertEquals(null, tokenString);
   }