You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sqoop.apache.org by ab...@apache.org on 2015/01/21 03:52:11 UTC

sqoop git commit: SQOOP-2026: Sqoop2: Make getUserName function in RequestContext support Kerberos

Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 a6ef76e05 -> 1f89de217


SQOOP-2026: Sqoop2: Make getUserName function in RequestContext support Kerberos

(Richard Zhou via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/1f89de21
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/1f89de21
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/1f89de21

Branch: refs/heads/sqoop2
Commit: 1f89de21725f873745700242ba4ca87890a3e997
Parents: a6ef76e
Author: Abraham Elmahrek <ab...@apache.org>
Authored: Tue Jan 20 18:51:31 2015 -0800
Committer: Abraham Elmahrek <ab...@apache.org>
Committed: Tue Jan 20 18:52:01 2015 -0800

----------------------------------------------------------------------
 .../org/apache/sqoop/client/request/ResourceRequest.java | 11 ++++++++++-
 .../java/org/apache/sqoop/server/RequestContext.java     | 10 ++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/1f89de21/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java b/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
index aa5fd35..a8a7e89 100644
--- a/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
+++ b/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
@@ -22,6 +22,7 @@ import org.apache.hadoop.security.Credentials;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.authentication.client.AuthenticationException;
 import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
+import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
 import org.apache.log4j.Logger;
@@ -65,6 +66,8 @@ public class ResourceRequest {
     DataOutputStream wr = null;
     BufferedReader reader = null;
     try {
+//    This user name is only in simple mode. In Kerberos mode, this user name will be ignored by Sqoop server and user name in UGI which is authenticated by Kerberos server will be used instead.
+      strURL = addUsername(strURL);
       URL url = new URL(strURL);
       HttpURLConnection conn = new DelegationTokenAuthenticatedURL().openConnection(url, authToken);
 
@@ -220,4 +223,10 @@ public class ResourceRequest {
   public DelegationTokenAuthenticatedURL.Token getAuthToken() {
     return authToken;
   }
-}
+
+  private String addUsername(String strUrl) {
+    String paramSeparator = (strUrl.contains("?")) ? "&" : "?";
+    strUrl += paramSeparator + PseudoAuthenticator.USER_NAME + "=" + System.getProperty("user.name");
+    return strUrl;
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/1f89de21/server/src/main/java/org/apache/sqoop/server/RequestContext.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/sqoop/server/RequestContext.java b/server/src/main/java/org/apache/sqoop/server/RequestContext.java
index d0963f5..5324a0a 100644
--- a/server/src/main/java/org/apache/sqoop/server/RequestContext.java
+++ b/server/src/main/java/org/apache/sqoop/server/RequestContext.java
@@ -18,7 +18,9 @@
 package org.apache.sqoop.server;
 
 import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
+import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
 import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.security.AuthenticationManager;
 import org.apache.sqoop.server.common.ServerError;
 
 import javax.servlet.http.HttpServletRequest;
@@ -67,7 +69,7 @@ public class RequestContext {
       return Method.valueOf(request.getMethod());
     } catch(IllegalArgumentException ex) {
       throw new SqoopException(ServerError.SERVER_0002,
-        "Unsupported HTTP method:" + request.getMethod(), ex);
+              "Unsupported HTTP method:" + request.getMethod(), ex);
     }
   }
 
@@ -119,6 +121,10 @@ public class RequestContext {
    * @return Name of user sending the request
    */
   public String getUserName() {
-    return request.getParameter(PseudoAuthenticator.USER_NAME);
+    if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) {
+      return HttpUserGroupInformation.get().getUserName();
+    } else {
+      return request.getParameter(PseudoAuthenticator.USER_NAME);
+    }
   }
 }