[ https://issues.apache.org/jira/browse/HADOOP-10342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Larry McCay updated HADOOP-10342: --------------------------------- Attachment: 10342.branch-2.patch patch for branch-2. > Extend UserGroupInformation to return a UGI given a preauthenticated kerberos > Subject > ------------------------------------------------------------------------------------- > > Key: HADOOP-10342 > URL: https://issues.apache.org/jira/browse/HADOOP-10342 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Larry McCay > Assignee: Larry McCay > Attachments: 10342.branch-2.patch, 10342.patch > > > We need the ability to use a Subject that was created inside an embedding > application through a kerberos authentication. For example, an application > that uses JAAS to authenticate to a KDC should be able to provide the > resulting Subject and get a UGI instance to call doAs on. > Example: > {code} > UserGroupInformation.setConfiguration(conf); > LoginContext context = new > LoginContext("com.sun.security.jgss.login", new > UserNamePasswordCallbackHandler(userName, password)); > context.login(); > > Subject subject = context.getSubject(); > final UserGroupInformation ugi2 = > UserGroupInformation.getUGIFromSubject(subject); > ugi2.doAs(new PrivilegedExceptionAction<Object>() { > @Override > public Object run() throws Exception { > final FileSystem fs = FileSystem.get(conf); > int i=0; > for (FileStatus status : fs.listStatus(new Path("/user"))) { > System.out.println(status.getPath()); > System.out.println(status); > if (i++ > 10) { > System.out.println("only first 10 showed..."); > break; > } > } > return null; > } > }); > {code} -- This message was sent by Atlassian JIRA (v6.1.5#6160)