Author: ddas
Date: Fri Jan 29 01:56:57 2010
New Revision: 904339
URL: http://svn.apache.org/viewvc?rev=904339&view=rev
Log:
HADOOP-6517. Fix UserGroupInformation so that tokens are saved/retrieved
to/from the embedded Subject. Contributed by Owen O'Malley & Kan Zhang.
Modified:
hadoop/common/trunk/CHANGES.txt
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
Modified: hadoop/common/trunk/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=904339&r1=904338&r2=904339&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Fri Jan 29 01:56:57 2010
@@ -152,6 +152,9 @@
HADOOP-6489. Fix 3 findbugs warnings. (Erik Steffl via suresh)
+ HADOOP-6517. Fix UserGroupInformation so that tokens are saved/retrieved
+ to/from the embedded Subject (Owen O'Malley & Kan Zhang via ddas)
+
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES
Modified:
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java?rev=904339&r1=904338&r2=904339&view=diff
==============================================================================
---
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
(original)
+++
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
Fri Jan 29 01:56:57 2010
@@ -198,8 +198,6 @@
private static String keytabFile = null;
private final Subject subject;
- private final Set<Token<? extends TokenIdentifier>> tokens =
- new LinkedHashSet<Token<? extends TokenIdentifier>>();
private static final String OS_LOGIN_MODULE_NAME;
private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
@@ -443,7 +441,7 @@
* @return true on successful add of new token
*/
public synchronized boolean addToken(Token<? extends TokenIdentifier> token)
{
- return tokens.add(token);
+ return subject.getPrivateCredentials().add(token);
}
/**
@@ -451,8 +449,16 @@
*
* @return an unmodifiable collection of tokens associated with user
*/
- public synchronized Collection<Token<? extends TokenIdentifier>> getTokens()
{
- return Collections.unmodifiableSet(tokens);
+ public synchronized
+ Collection<Token<? extends TokenIdentifier>> getTokens() {
+ Set<Object> creds = subject.getPrivateCredentials();
+ List<Token<?>> result = new ArrayList<Token<?>>(creds.size());
+ for(Object o: creds) {
+ if (o instanceof Token<?>) {
+ result.add((Token<?>) o);
+ }
+ }
+ return Collections.unmodifiableList(result);
}
/**
Modified:
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java?rev=904339&r1=904338&r2=904339&view=diff
==============================================================================
---
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
(original)
+++
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
Fri Jan 29 01:56:57 2010
@@ -27,6 +27,7 @@
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
+import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
@@ -164,12 +165,12 @@
@SuppressWarnings("unchecked") // from Mockito mocks
@Test
- public void testUGITokens() {
+ public <T extends TokenIdentifier> void testUGITokens() throws Exception {
UserGroupInformation ugi =
UserGroupInformation.createUserForTesting("TheDoctor",
new String [] { "TheTARDIS"});
- Token t1 = mock(Token.class);
- Token t2 = mock(Token.class);
+ Token<T> t1 = mock(Token.class);
+ Token<T> t2 = mock(Token.class);
ugi.addToken(t1);
ugi.addToken(t2);
@@ -185,5 +186,15 @@
} catch(UnsupportedOperationException uoe) {
// Can't modify tokens
}
+
+ // ensure that the tokens are passed through doAs
+ Collection<Token<? extends TokenIdentifier>> otherSet =
+ ugi.doAs(new PrivilegedExceptionAction<Collection<Token<?>>>(){
+ public Collection<Token<?>> run() throws IOException {
+ return UserGroupInformation.getCurrentUser().getTokens();
+ }
+ });
+ assertTrue(otherSet.contains(t1));
+ assertTrue(otherSet.contains(t2));
}
}