Author: daryn
Date: Fri Jul 27 17:21:25 2012
New Revision: 1366467
URL: http://svn.apache.org/viewvc?rev=1366467&view=rev
Log:
HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token auth
type. (daryn)
Modified:
hadoop/common/branches/branch-1/CHANGES.txt
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
hadoop/common/branches/branch-1/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1366467&r1=1366466&r2=1366467&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Fri Jul 27 17:21:25 2012
@@ -136,6 +136,9 @@ Release 1.2.0 - unreleased
HDFS-3696. Set chunked streaming mode in WebHdfsFileSystem write operations
to get around a Java library bug causing OutOfMemoryError. (szetszwo)
+ HADOOP-8613. AbstractDelegationTokenIdentifier#getUser() should set token
+ auth type. (daryn)
+
Release 1.1.0 - unreleased
INCOMPATIBLE CHANGES
Modified:
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java?rev=1366467&r1=1366466&r2=1366467&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
(original)
+++
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
Fri Jul 27 17:21:25 2012
@@ -30,6 +30,7 @@ import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.security.KerberosName;
import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.TokenIdentifier;
//@InterfaceAudience.LimitedPrivate({HDFS, MAPREDUCE})
@@ -86,14 +87,17 @@ extends TokenIdentifier {
if ( (owner == null) || ("".equals(owner.toString()))) {
return null;
}
+ final UserGroupInformation realUgi;
+ final UserGroupInformation ugi;
if ((realUser == null) || ("".equals(realUser.toString()))
|| realUser.equals(owner)) {
- return UserGroupInformation.createRemoteUser(owner.toString());
+ ugi = realUgi = UserGroupInformation.createRemoteUser(owner.toString());
} else {
- UserGroupInformation realUgi = UserGroupInformation
- .createRemoteUser(realUser.toString());
- return UserGroupInformation.createProxyUser(owner.toString(), realUgi);
+ realUgi = UserGroupInformation.createRemoteUser(realUser.toString());
+ ugi = UserGroupInformation.createProxyUser(owner.toString(), realUgi);
}
+ realUgi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
+ return ugi;
}
public Text getRenewer() {
Modified:
hadoop/common/branches/branch-1/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java?rev=1366467&r1=1366466&r2=1366467&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
(original)
+++
hadoop/common/branches/branch-1/src/hdfs/org/apache/hadoop/hdfs/server/namenode/JspHelper.java
Fri Jul 27 17:21:25 2012
@@ -506,7 +506,6 @@ public class JspHelper {
ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
}
ugi.addToken(token);
- ugi.setAuthenticationMethod(AuthenticationMethod.TOKEN);
} else {
if(remoteUser == null) {
throw new IOException("Security enabled but user not " +
Modified:
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/token/delegation/TestDelegationToken.java?rev=1366467&r1=1366466&r2=1366467&view=diff
==============================================================================
---
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
(original)
+++
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/token/delegation/TestDelegationToken.java
Fri Jul 27 17:21:25 2012
@@ -39,6 +39,8 @@ import org.apache.hadoop.io.DataOutputBu
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.security.AccessControlException;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
@@ -170,6 +172,52 @@ public class TestDelegationToken {
}
@Test
+ public void testGetUserNullOwner() {
+ TestDelegationTokenIdentifier ident =
+ new TestDelegationTokenIdentifier(null, null, null);
+ UserGroupInformation ugi = ident.getUser();
+ assertNull(ugi);
+ }
+
+ @Test
+ public void testGetUserWithOwner() {
+ TestDelegationTokenIdentifier ident =
+ new TestDelegationTokenIdentifier(new Text("owner"), null, null);
+ UserGroupInformation ugi = ident.getUser();
+ assertNull(ugi.getRealUser());
+ assertEquals("owner", ugi.getUserName());
+ assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
+ }
+
+ @Test
+ public void testGetUserWithOwnerEqualsReal() {
+ Text owner = new Text("owner");
+ TestDelegationTokenIdentifier ident =
+ new TestDelegationTokenIdentifier(owner, null, owner);
+ UserGroupInformation ugi = ident.getUser();
+ assertNull(ugi.getRealUser());
+ assertEquals("owner", ugi.getUserName());
+ assertEquals(AuthenticationMethod.TOKEN, ugi.getAuthenticationMethod());
+ }
+
+ @Test
+ public void testGetUserWithOwnerAndReal() {
+ Text owner = new Text("owner");
+ Text realUser = new Text("realUser");
+ TestDelegationTokenIdentifier ident =
+ new TestDelegationTokenIdentifier(owner, null, realUser);
+ UserGroupInformation ugi = ident.getUser();
+ assertNotNull(ugi.getRealUser());
+ assertNull(ugi.getRealUser().getRealUser());
+ assertEquals("owner", ugi.getUserName());
+ assertEquals("realUser", ugi.getRealUser().getUserName());
+ assertEquals(AuthenticationMethod.PROXY,
+ ugi.getAuthenticationMethod());
+ assertEquals(AuthenticationMethod.TOKEN,
+ ugi.getRealUser().getAuthenticationMethod());
+ }
+
+ @Test
public void testDelegationTokenSecretManager() throws Exception {
final TestDelegationTokenSecretManager dtSecretManager =
new TestDelegationTokenSecretManager(24*60*60*1000,