HDDS-1259. OzoneFS classpath separation is broken by the token validation. Contributed by Elek Marton.

 Closes #604

hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java

@@ -30,6 +30,7 @@ import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hdds.client.ReplicationFactor;
 import org.apache.hadoop.hdds.client.ReplicationType;
 import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.security.x509.SecurityConfig;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.ozone.OzoneConfigKeys;
 import org.apache.hadoop.ozone.client.ObjectStore;
@@ -60,7 +61,7 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
   private ReplicationType replicationType;
   private ReplicationFactor replicationFactor;
   private OzoneFSStorageStatistics storageStatistics;
-
+  private boolean securityEnabled;
   /**
    * Create new OzoneClientAdapter implementation.
    *
@@ -104,12 +105,24 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
   }
 
   public OzoneClientAdapterImpl(String omHost, int omPort,
-      OzoneConfiguration conf, String volumeStr, String bucketStr,
+      Configuration hadoopConf, String volumeStr, String bucketStr,
       OzoneFSStorageStatistics storageStatistics) throws IOException {
 
     ClassLoader contextClassLoader =
         Thread.currentThread().getContextClassLoader();
     Thread.currentThread().setContextClassLoader(null);
+    OzoneConfiguration conf;
+    if (hadoopConf instanceof OzoneConfiguration) {
+      conf = (OzoneConfiguration) hadoopConf;
+    } else {
+      conf = new OzoneConfiguration(hadoopConf);
+    }
+
+    SecurityConfig secConfig = new SecurityConfig(conf);
+
+    if (secConfig.isSecurityEnabled()) {
+      this.securityEnabled = true;
+    }
 
     try {
       String replicationTypeConf =
@@ -276,10 +289,14 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
   @Override
   public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
       throws IOException {
-    Token<OzoneTokenIdentifier> token =
-        ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
-    token.setKind(OzoneTokenIdentifier.KIND_NAME);
-    return token;
+    if (!securityEnabled) {
+      return null;
+    } else {
+      Token<OzoneTokenIdentifier> token =
+          ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
+      token.setKind(OzoneTokenIdentifier.KIND_NAME);
+      return token;
+    }
   }
 
   /**

hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java

@@ -48,8 +48,6 @@ import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException;
 import org.apache.hadoop.fs.GlobalStorageStatistics;
 import org.apache.hadoop.fs.permission.FsPermission;
-import org.apache.hadoop.hdds.conf.OzoneConfiguration;
-import org.apache.hadoop.hdds.security.x509.SecurityConfig;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.util.Progressable;
@@ -87,7 +85,6 @@ public class OzoneFileSystem extends FileSystem {
   private Path workingDir;
 
   private OzoneClientAdapter adapter;
-  private boolean securityEnabled;
 
   private OzoneFSStorageStatistics storageStatistics;
 
@@ -174,19 +171,9 @@ public class OzoneFileSystem extends FileSystem {
               OzoneClientAdapterFactory.createAdapter(volumeStr, bucketStr);
         }
       } else {
-        OzoneConfiguration ozoneConfiguration;
-        if (conf instanceof OzoneConfiguration) {
-          ozoneConfiguration = (OzoneConfiguration) conf;
-        } else {
-          ozoneConfiguration = new OzoneConfiguration(conf);
-        }
 
-        SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
-        if (secConfig.isSecurityEnabled()) {
-          this.securityEnabled = true;
-        }
         this.adapter = new OzoneClientAdapterImpl(omHost,
-            Integer.parseInt(omPort), ozoneConfiguration,
+            Integer.parseInt(omPort), conf,
             volumeStr, bucketStr, storageStatistics);
       }
 
@@ -701,8 +688,7 @@ public class OzoneFileSystem extends FileSystem {
 
   @Override
   public Token<?> getDelegationToken(String renewer) throws IOException {
-    return securityEnabled? adapter.getDelegationToken(renewer) :
-        super.getDelegationToken(renewer);
+    return adapter.getDelegationToken(renewer);
   }
 
   /**