svn commit: r1342334 - in /hadoop/common/trunk/hadoop-hdfs-project: hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java hadoop-hdfs/CHANGES.txt

Thu, 24 May 2012 09:51:28 -0700 

Author: tucu
Date: Thu May 24 16:51:04 2012
New Revision: 1342334

URL: http://svn.apache.org/viewvc?rev=1342334&view=rev
Log:
HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full principal 
name. (tucu)

Modified:
    
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
    hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt

Modified: 
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java?rev=1342334&r1=1342333&r2=1342334&view=diff
==============================================================================
--- 
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
 (original)
+++ 
hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSServer.java
 Thu May 24 16:51:04 2012
@@ -49,6 +49,7 @@ import org.apache.hadoop.lib.service.Pro
 import org.apache.hadoop.lib.servlet.FileSystemReleaseFilter;
 import org.apache.hadoop.lib.servlet.HostnameFilter;
 import org.apache.hadoop.lib.wsrs.InputStreamEntity;
+import org.apache.hadoop.security.authentication.server.AuthenticationToken;
 import org.json.simple.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -145,9 +146,15 @@ public class HttpFSServer {
     String effectiveUser = user.getName();
     if (doAs != null && !doAs.equals(user.getName())) {
       ProxyUser proxyUser = HttpFSServerWebApp.get().get(ProxyUser.class);
-      proxyUser.validate(user.getName(), HostnameFilter.get(), doAs);
+      String proxyUserName;
+      if (user instanceof AuthenticationToken) {
+        proxyUserName = ((AuthenticationToken)user).getUserName();
+      } else {
+        proxyUserName = user.getName();
+      }
+      proxyUser.validate(proxyUserName, HostnameFilter.get(), doAs);
       effectiveUser = doAs;
-      AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", user.getName(), doAs);
+      AUDIT_LOG.info("Proxy user [{}] DoAs user [{}]", proxyUserName, doAs);
     }
     return effectiveUser;
   }

Modified: hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1342334&r1=1342333&r2=1342334&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Thu May 24 
16:51:04 2012
@@ -254,6 +254,9 @@ Release 2.0.1-alpha - UNRELEASED
     use the stored generation stamp to check if the block is valid.  (Vinay
     via szetszwo)
 
+    HDFS-3460. HttpFS proxyuser validation with Kerberos ON uses full 
+    principal name. (tucu)
+
 Release 2.0.0-alpha - UNRELEASED
 
   INCOMPATIBLE CHANGES

Reply via email to