[hadoop] branch branch-3.3 updated: HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not getting called in for authorization. (#1998)

Tue, 05 May 2020 21:26:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

weichiu pushed a commit to branch branch-3.3
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-3.3 by this push:
     new 78c9790  HDFS-15334. INodeAttributeProvider's new API 
checkPermissionWithContext not getting called in for authorization. (#1998)
78c9790 is described below

commit 78c97907cb173f46586f70bbceea2c763fc9ed90
Author: Wei-Chiu Chuang <[email protected]>
AuthorDate: Tue May 5 16:04:54 2020 -0700

    HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not 
getting called in for authorization. (#1998)
    
    Reviewed-by: Arpit Agarwal <[email protected]>
    (cherry picked from commit adecdb8b534c536354f4f47789467ffb82dd1496)
---
 .../org/apache/hadoop/hdfs/server/namenode/FSDirectory.java | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git 
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
 
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
index 15389d6..7eae564 100644
--- 
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
+++ 
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
@@ -73,6 +73,7 @@ import javax.annotation.Nullable;
 import java.io.Closeable;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -225,8 +226,18 @@ public class FSDirectory implements Closeable {
     Class[] cArg = new Class[1];
     cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
 
+    INodeAttributeProvider.AccessControlEnforcer enforcer =
+        attributeProvider.getExternalAccessControlEnforcer(null);
+
+    // If external enforcer is null, we use the default enforcer, which
+    // supports the new API.
+    if (enforcer == null) {
+      useAuthorizationWithContextAPI = true;
+      return;
+    }
+
     try {
-      Class<?> clazz = attributeProvider.getClass();
+      Class<?> clazz = enforcer.getClass();
       clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
       useAuthorizationWithContextAPI = true;
       LOG.info("Use the new authorization provider API");


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to