[
https://issues.apache.org/jira/browse/HADOOP-12529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14982863#comment-14982863
]
Vinayakumar B commented on HADOOP-12529:
----------------------------------------
Why cant we just use as below
{code} /**
* Compare the subjects to see if they are equal to each other.
*/
@Override
public boolean equals(Object o) {
if (o == this) {
return true;
} else if (o == null || getClass() != o.getClass()) {
return false;
} else {
return subject.equals(((UserGroupInformation) o).subject);
}
}{code}
As per {{Subject.equals()}} javadoc it takes care of comparing both principals
and credentials.
{code} /**
* Compares the specified Object with this {@code Subject}
* for equality. Returns true if the given object is also a Subject
* and the two {@code Subject} instances are equivalent.
* More formally, two {@code Subject} instances are
* equal if their {@code Principal} and {@code Credential}
* Sets are equal.{code}
bq. If there are 2 different Subjects/UGIs with the same principal, but
different credentials attached, then an equality check on principal alone could
cause a get from the FileSystem cache or IPC client connection cache to return
an instance with incorrect credentials.
I think this problem also will be solved as well along with the one mentioned
in description, i.e. creating two proxy users with same name. If the principals
are same but credentials are different then subject.equals() will return false,
so not re-using the connection of different credentials.
[~cnauroth], does that sounds fine?
> UserGroupInformation equals method depend on the subject object address
> -----------------------------------------------------------------------
>
> Key: HADOOP-12529
> URL: https://issues.apache.org/jira/browse/HADOOP-12529
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.7.1
> Reporter: wangwenli
>
> my question is why UserGroupInformation equals method depend on the
> subject object?
> try below code which is extract from HiveMetaStore:
> {code:title=TestUgi.java|borderStyle=solid}
> UserGroupInformation clientUgi = null;
> UserGroupInformation clientUgi2 = null;
> try {
> clientUgi = UserGroupInformation.createProxyUser("user2",
> UserGroupInformation.getLoginUser());
> clientUgi2 = UserGroupInformation.createProxyUser("user2",
> UserGroupInformation.getLoginUser());
> if (clientUgi.equals(clientUgi2)) {
> System.out.println("==");
> } else {
> System.out.println("!="); // strangely this will be hit
> }
> } catch (IOException e1) {
> e1.printStackTrace();
> }
> {code}
> i found that it is because the equal method from UserGroupInformation
> is compare on subject object ref : subject == ((UserGroupInformation)
> o).subject; .
> as you know, ipc.Client connect to namenode,
> connections.get(ConnectionId) this code will try to reuse the same socket
> to namenode, but because of ConnectionId's equal depend on ugi equal, which
> will cause connections.get(ConnectionId) cann't get the same socket,
> suppose many connect to HiveMetaStore, then many connection to Namenode will
> established.
> so my doubts is why UserGroupInformation is compare on subject object
> ref : subject == ((UserGroupInformation) o).subject, it should compare on
> subject's principal, am i right?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
