Larry McCay created HADOOP-10342:
------------------------------------
Summary: Extend UserGroupInformation to return a UGI given a
preauthenticated kerberos Subject
Key: HADOOP-10342
URL: https://issues.apache.org/jira/browse/HADOOP-10342
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Larry McCay
Assignee: Larry McCay
We need the ability to use a Subject that was created inside an embedding
application through a kerberos authentication. For example, an application that
uses JAAS to authenticate to a KDC should be able to provide the resulting
Subject and get a UGI instance to call doAs on.
Example:
{code}
UserGroupInformation.setConfiguration(conf);
LoginContext context = new
LoginContext("com.sun.security.jgss.login", new
UserNamePasswordCallbackHandler(userName, password));
context.login();
Subject subject = context.getSubject();
final UserGroupInformation ugi2 =
UserGroupInformation.getUGIFromSubject(subject);
ugi2.doAs(new PrivilegedExceptionAction<Object>() {
@Override
public Object run() throws Exception {
final FileSystem fs = FileSystem.get(conf);
int i=0;
for (FileStatus status : fs.listStatus(new Path("/user"))) {
System.out.println(status.getPath());
System.out.println(status);
if (i++ > 10) {
System.out.println("only first 10 showed...");
break;
}
}
return null;
}
});
{code}
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
