This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch branch-3.3.0
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.3.0 by this push:
new 3d8e392 HDFS-15334. INodeAttributeProvider's new API
checkPermissionWithContext not getting called in for authorization. (#1998)
3d8e392 is described below
commit 3d8e392eb49f5ccc1031b97a0ae4f976ef70a8cd
Author: Wei-Chiu Chuang <[email protected]>
AuthorDate: Tue May 5 16:04:54 2020 -0700
HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not
getting called in for authorization. (#1998)
Reviewed-by: Arpit Agarwal <[email protected]>
(cherry picked from commit adecdb8b534c536354f4f47789467ffb82dd1496)
(cherry picked from commit f4c05f1d93718c5cd574abf40c14510886289353)
---
.../org/apache/hadoop/hdfs/server/namenode/FSDirectory.java | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
index 15389d6..7eae564 100644
---
a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
+++
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
@@ -73,6 +73,7 @@ import javax.annotation.Nullable;
import java.io.Closeable;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -225,8 +226,18 @@ public class FSDirectory implements Closeable {
Class[] cArg = new Class[1];
cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
+ INodeAttributeProvider.AccessControlEnforcer enforcer =
+ attributeProvider.getExternalAccessControlEnforcer(null);
+
+ // If external enforcer is null, we use the default enforcer, which
+ // supports the new API.
+ if (enforcer == null) {
+ useAuthorizationWithContextAPI = true;
+ return;
+ }
+
try {
- Class<?> clazz = attributeProvider.getClass();
+ Class<?> clazz = enforcer.getClass();
clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
useAuthorizationWithContextAPI = true;
LOG.info("Use the new authorization provider API");
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
