Author: gates
Date: Tue Jan 15 22:05:38 2013
New Revision: 1433688
URL: http://svn.apache.org/viewvc?rev=1433688&view=rev
Log:
HCATALOG-509 Webhcat security work
Modified:
incubator/hcatalog/trunk/CHANGES.txt
incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java
Modified: incubator/hcatalog/trunk/CHANGES.txt
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/CHANGES.txt?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/CHANGES.txt (original)
+++ incubator/hcatalog/trunk/CHANGES.txt Tue Jan 15 22:05:38 2013
@@ -24,6 +24,8 @@ Trunk (unreleased changes)
NEW FEATURES
HCAT-546 Rework HCatalog's JMS Notifications (mithunr via gates)
+ HCAT-509 Webhcat security work (thejas via gates)
+
IMPROVEMENTS
OPTIMIZATIONS
Modified:
incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml
(original)
+++
incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml
Tue Jan 15 22:05:38 2013
@@ -158,7 +158,10 @@ ${env.PIG_HOME}/bin/pig
<code>hive.metastore.local=false,
hive.metastore.uris=thrift://localhost:9933,
hive.metastore.sasl.enabled=false</code></td>
- <td>Properties to set when running hive.</td>
+ <td>Properties to set when running hive. To use it in a cluster with
+kerberos security enabled set hive.metastore.sasl.enabled=false and add
hive.metastore.execute.setugi=true
+Using localhost in metastore uri does not work with kerberos security.
+</td>
</tr>
<tr>
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
Tue Jan 15 22:05:38 2013
@@ -20,6 +20,7 @@ package org.apache.hadoop.mapred;
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.RPC;
@@ -30,23 +31,29 @@ import org.apache.hadoop.security.UserGr
* Communicate with the JobTracker as a specific user.
*/
public class TempletonJobTracker {
- private JobSubmissionProtocol cnx;
+ private final JobSubmissionProtocol cnx;
/**
* Create a connection to the Job Tracker.
*/
- public TempletonJobTracker(UserGroupInformation ugi,
- InetSocketAddress addr,
- Configuration conf)
- throws IOException {
- cnx = (JobSubmissionProtocol)
- RPC.getProxy(JobSubmissionProtocol.class,
- JobSubmissionProtocol.versionID,
- addr,
- ugi,
- conf,
- NetUtils.getSocketFactory(conf,
- JobSubmissionProtocol.class));
+ public TempletonJobTracker(final InetSocketAddress addr,
+ final Configuration conf)
+ throws IOException, InterruptedException {
+
+ UserGroupInformation ugi = UserGroupInformation.getLoginUser();
+ cnx =
+ ugi.doAs(new PrivilegedExceptionAction<JobSubmissionProtocol>() {
+ public JobSubmissionProtocol run ()
+ throws IOException, InterruptedException {
+ return (JobSubmissionProtocol)
+ RPC.getProxy(JobSubmissionProtocol.class,
+ JobSubmissionProtocol.versionID,
+ addr,
+ conf,
+ NetUtils.getSocketFactory(conf,
+ JobSubmissionProtocol.class));
+ }
+ });
}
/**
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
Tue Jan 15 22:05:38 2013
@@ -62,7 +62,7 @@ import org.apache.hcatalog.templeton.too
*/
public class AppConfig extends Configuration {
public static final String[] HADOOP_CONF_FILENAMES = {
- "core-default.xml", "core-site.xml", "mapred-default.xml",
"mapred-site.xml"
+ "core-default.xml", "core-site.xml", "mapred-default.xml",
"mapred-site.xml", "hdfs-site.xml"
};
public static final String[] HADOOP_PREFIX_VARS = {
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
Tue Jan 15 22:05:38 2013
@@ -34,14 +34,13 @@ public class DeleteDelegator extends Tem
}
public QueueStatusBean run(String user, String id)
- throws NotAuthorizedException, BadParam, IOException
+ throws NotAuthorizedException, BadParam, IOException,
InterruptedException
{
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
TempletonJobTracker tracker = null;
JobState state = null;
try {
- tracker = new TempletonJobTracker(ugi,
- JobTracker.getAddress(appConf),
+ tracker = new TempletonJobTracker(JobTracker.getAddress(appConf),
appConf);
JobID jobid = StatusDelegator.StringToJobID(id);
if (jobid == null)
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
Tue Jan 15 22:05:38 2013
@@ -23,7 +23,9 @@ import java.io.IOException;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.List;
+
import org.apache.commons.exec.ExecuteException;
+import org.apache.hcatalog.templeton.tool.TempletonControllerJob;
import org.apache.hcatalog.templeton.tool.TempletonUtils;
/**
@@ -59,8 +61,14 @@ public class HiveDelegator extends Launc
args.addAll(makeBasicArgs(execute, srcFile, statusdir,
completedUrl));
args.add("--");
args.add(appConf.hivePath());
+
args.add("--service");
args.add("cli");
+
+ //the token file location as initial hiveconf arg
+ args.add("--hiveconf");
+ args.add(TempletonControllerJob.TOKEN_FILE_ARG_PLACEHOLDER);
+
for (String prop : appConf.getStrings(AppConfig.HIVE_PROPS_NAME)) {
args.add("--hiveconf");
args.add(prop);
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
Tue Jan 15 22:05:38 2013
@@ -25,6 +25,7 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.commons.exec.ExecuteException;
+import org.apache.hcatalog.templeton.tool.TempletonControllerJob;
import org.apache.hcatalog.templeton.tool.TempletonUtils;
/**
@@ -79,7 +80,9 @@ public class JarDelegator extends Launch
args.add(TempletonUtils.hadoopFsListAsString(files, appConf,
runAs));
}
-
+ //the token file location comes after mainClass, as a -Dprop=val
+ args.add("-D" + TempletonControllerJob.TOKEN_FILE_ARG_PLACEHOLDER);
+
for (String d : defines)
args.add("-D" + d);
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
Tue Jan 15 22:05:38 2013
@@ -37,13 +37,13 @@ public class ListDelegator extends Templ
}
public List<String> run(String user)
- throws NotAuthorizedException, BadParam, IOException {
+ throws NotAuthorizedException, BadParam, IOException,
InterruptedException {
+
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
TempletonJobTracker tracker = null;
try {
- tracker = new TempletonJobTracker(ugi,
- JobTracker.getAddress(appConf),
- appConf);
+ tracker = new TempletonJobTracker(JobTracker.getAddress(appConf),
+ appConf);
ArrayList<String> ids = new ArrayList<String>();
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
Tue Jan 15 22:05:38 2013
@@ -147,12 +147,33 @@ public class Main {
ServletContextHandler root = new ServletContextHandler(server, "/");
// Add the Auth filter
- root.addFilter(makeAuthFilter(), "/*", FilterMapping.REQUEST);
+ FilterHolder fHolder = makeAuthFilter();
+
+ /*
+ * We add filters for each of the URIs supported by templeton.
+ * If we added the entire sub-structure using '/*', the mapreduce
+ * notification cannot give the callback to templeton in secure mode.
+ * This is because mapreduce does not use secure credentials for
+ * callbacks. So jetty would fail the request as unauthorized.
+ */
+ root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/ddl/*",
+ FilterMapping.REQUEST);
+ root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/pig/*",
+ FilterMapping.REQUEST);
+ root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/hive/*",
+ FilterMapping.REQUEST);
+ root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/queue/*",
+ FilterMapping.REQUEST);
+ root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/mapreduce/*",
+ FilterMapping.REQUEST);
+ root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/status/*",
+ FilterMapping.REQUEST);
+ root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/version/*",
+ FilterMapping.REQUEST);
// Connect Jersey
ServletHolder h = new ServletHolder(new
ServletContainer(makeJerseyConfig()));
root.addServlet(h, "/" + SERVLET_PATH + "/*");
-
// Add any redirects
addRedirects(server);
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
Tue Jan 15 22:05:38 2013
@@ -26,6 +26,7 @@ import java.util.Arrays;
import java.util.List;
import org.apache.commons.exec.ExecuteException;
+import org.apache.hcatalog.templeton.tool.TempletonControllerJob;
import org.apache.hcatalog.templeton.tool.TempletonUtils;
/**
@@ -73,6 +74,9 @@ public class PigDelegator extends Launch
args.add("--");
args.add(appConf.pigPath());
+ //the token file location should be first argument of pig
+ args.add("-D" + TempletonControllerJob.TOKEN_FILE_ARG_PLACEHOLDER);
+
args.addAll(pigArgs);
if (TempletonUtils.isset(execute)) {
args.add("-execute");
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
Tue Jan 15 22:05:38 2013
@@ -679,7 +679,8 @@ public class Server {
@Path("queue/{jobid}")
@Produces({MediaType.APPLICATION_JSON})
public QueueStatusBean showQueueId(@PathParam("jobid") String jobid)
- throws NotAuthorizedException, BadParam, IOException {
+ throws NotAuthorizedException, BadParam, IOException,
InterruptedException {
+
verifyUser();
verifyParam(jobid, ":jobid");
@@ -694,7 +695,8 @@ public class Server {
@Path("queue/{jobid}")
@Produces({MediaType.APPLICATION_JSON})
public QueueStatusBean deleteQueueId(@PathParam("jobid") String jobid)
- throws NotAuthorizedException, BadParam, IOException {
+ throws NotAuthorizedException, BadParam, IOException,
InterruptedException {
+
verifyUser();
verifyParam(jobid, ":jobid");
@@ -709,7 +711,8 @@ public class Server {
@Path("queue")
@Produces({MediaType.APPLICATION_JSON})
public List<String> showQueueList()
- throws NotAuthorizedException, BadParam, IOException {
+ throws NotAuthorizedException, BadParam, IOException,
InterruptedException {
+
verifyUser();
ListDelegator d = new ListDelegator(appConf);
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
Tue Jan 15 22:05:38 2013
@@ -27,7 +27,6 @@ import org.apache.hadoop.mapred.JobProfi
import org.apache.hadoop.mapred.JobStatus;
import org.apache.hadoop.mapred.JobTracker;
import org.apache.hadoop.mapred.TempletonJobTracker;
-import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hcatalog.templeton.tool.JobState;
/**
@@ -41,14 +40,13 @@ public class StatusDelegator extends Tem
}
public QueueStatusBean run(String user, String id)
- throws NotAuthorizedException, BadParam, IOException {
- UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
+ throws NotAuthorizedException, BadParam, IOException,
InterruptedException
+ {
TempletonJobTracker tracker = null;
JobState state = null;
try {
- tracker = new TempletonJobTracker(ugi,
- JobTracker.getAddress(appConf),
- appConf);
+ tracker = new TempletonJobTracker(JobTracker.getAddress(appConf),
+ appConf);
JobID jobid = StatusDelegator.StringToJobID(id);
if (jobid == null)
throw new BadParam("Invalid jobid: " + id);
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
Tue Jan 15 22:05:38 2013
@@ -26,6 +26,7 @@ import java.io.OutputStream;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@@ -48,11 +49,11 @@ import org.apache.hadoop.mapreduce.Job;
import org.apache.hadoop.mapreduce.JobID;
import org.apache.hadoop.mapreduce.Mapper;
import org.apache.hadoop.mapreduce.lib.output.NullOutputFormat;
+import
org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;
-import
org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
/**
* A Map Reduce job that will start another job.
@@ -70,7 +71,6 @@ public class TempletonControllerJob exte
static enum ControllerCounters {SIMPLE_COUNTER}
;
-
public static final String COPY_NAME = "templeton.copy";
public static final String STATUSDIR_NAME = "templeton.statusdir";
public static final String JAR_ARGS_NAME = "templeton.args";
@@ -82,7 +82,11 @@ public class TempletonControllerJob exte
public static final int WATCHER_TIMEOUT_SECS = 10;
public static final int KEEP_ALIVE_MSEC = 60 * 1000;
-
+
+ public static final String TOKEN_FILE_ARG_PLACEHOLDER
+ = "__WEBHCAT_TOKEN_FILE_LOCATION__";
+
+
private static TrivialExecService execService =
TrivialExecService.getInstance();
private static final Log LOG =
LogFactory.getLog(TempletonControllerJob.class);
@@ -104,8 +108,26 @@ public class TempletonControllerJob exte
overrideClasspath);
List<String> jarArgsList = new
LinkedList<String>(Arrays.asList(jarArgs));
String tokenFile = System.getenv("HADOOP_TOKEN_FILE_LOCATION");
+
+
if (tokenFile != null) {
- jarArgsList.add(1, "-Dmapreduce.job.credentials.binary=" +
tokenFile);
+ //Token is available, so replace the placeholder
+ String tokenArg = "mapreduce.job.credentials.binary=" +
tokenFile;
+ for(int i=0; i<jarArgsList.size(); i++){
+ String newArg =
+ jarArgsList.get(i).replace(TOKEN_FILE_ARG_PLACEHOLDER,
tokenArg);
+ jarArgsList.set(i, newArg);
+ }
+
+ }else{
+ //No token, so remove the placeholder arg
+ Iterator<String> it = jarArgsList.iterator();
+ while(it.hasNext()){
+ String arg = it.next();
+ if(arg.contains(TOKEN_FILE_ARG_PLACEHOLDER)){
+ it.remove();
+ }
+ }
}
return execService.run(jarArgsList, removeEnv, env);
}
Modified:
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java
URL:
http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
---
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java
(original)
+++
incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java
Tue Jan 15 22:05:38 2013
@@ -25,6 +25,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
+import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
@@ -35,6 +36,7 @@ import java.util.regex.Pattern;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.StringUtils;
/**
@@ -214,12 +216,24 @@ public class TempletonUtils {
if (fname == null || conf == null) {
return null;
}
- FileSystem defaultFs = FileSystem.get(new URI(fname), conf, user);
+
+ final Configuration fConf = new Configuration(conf);
+ final String finalFName = new String(fname);
+
+ UserGroupInformation ugi = UserGroupInformation.getLoginUser();
+ final FileSystem defaultFs =
+ ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
+ public FileSystem run()
+ throws URISyntaxException, FileNotFoundException,
IOException,
+ InterruptedException {
+ return FileSystem.get(new URI(finalFName), fConf);
+ }
+ });
+
URI u = new URI(fname);
Path p = new Path(u).makeQualified(defaultFs);
- FileSystem fs = p.getFileSystem(conf);
- if (hadoopFsIsMissing(fs, p))
+ if (hadoopFsIsMissing(defaultFs, p))
throw new FileNotFoundException("File " + fname + " does not
exist.");
return p;
