You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2019/03/15 17:10:32 UTC
[hadoop] 02/02: HDDS-1259. OzoneFS classpath separation is broken
by the token validation. Contributed by Elek Marton.
This is an automated email from the ASF dual-hosted git repository.
xyao pushed a commit to branch ozone-0.4
in repository https://gitbox.apache.org/repos/asf/hadoop.git
commit 522976e405301fe8dd23f4751ba40edd27244c1d
Author: Elek, Márton <el...@users.noreply.github.com>
AuthorDate: Fri Mar 15 17:43:01 2019 +0100
HDDS-1259. OzoneFS classpath separation is broken by the token validation. Contributed by Elek Marton.
Closes #604
(cherry picked from commit dc21655f2a477196ccc5173666b73d11865eeaf5)
---
.../hadoop/fs/ozone/OzoneClientAdapterImpl.java | 29 +++++++++++++++++-----
.../apache/hadoop/fs/ozone/OzoneFileSystem.java | 18 ++------------
2 files changed, 25 insertions(+), 22 deletions(-)
diff --git a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
index 1ea1261..1dbfa95 100644
--- a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
+++ b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneClientAdapterImpl.java
@@ -30,6 +30,7 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.client.ReplicationFactor;
import org.apache.hadoop.hdds.client.ReplicationType;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
+import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.hadoop.ozone.client.ObjectStore;
@@ -60,7 +61,7 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
private ReplicationType replicationType;
private ReplicationFactor replicationFactor;
private OzoneFSStorageStatistics storageStatistics;
-
+ private boolean securityEnabled;
/**
* Create new OzoneClientAdapter implementation.
*
@@ -104,12 +105,24 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
}
public OzoneClientAdapterImpl(String omHost, int omPort,
- OzoneConfiguration conf, String volumeStr, String bucketStr,
+ Configuration hadoopConf, String volumeStr, String bucketStr,
OzoneFSStorageStatistics storageStatistics) throws IOException {
ClassLoader contextClassLoader =
Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(null);
+ OzoneConfiguration conf;
+ if (hadoopConf instanceof OzoneConfiguration) {
+ conf = (OzoneConfiguration) hadoopConf;
+ } else {
+ conf = new OzoneConfiguration(hadoopConf);
+ }
+
+ SecurityConfig secConfig = new SecurityConfig(conf);
+
+ if (secConfig.isSecurityEnabled()) {
+ this.securityEnabled = true;
+ }
try {
String replicationTypeConf =
@@ -276,10 +289,14 @@ public class OzoneClientAdapterImpl implements OzoneClientAdapter {
@Override
public Token<OzoneTokenIdentifier> getDelegationToken(String renewer)
throws IOException {
- Token<OzoneTokenIdentifier> token =
- ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
- token.setKind(OzoneTokenIdentifier.KIND_NAME);
- return token;
+ if (!securityEnabled) {
+ return null;
+ } else {
+ Token<OzoneTokenIdentifier> token =
+ ozoneClient.getObjectStore().getDelegationToken(new Text(renewer));
+ token.setKind(OzoneTokenIdentifier.KIND_NAME);
+ return token;
+ }
}
/**
diff --git a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
index 3cfbebf..97f5c8e 100644
--- a/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
+++ b/hadoop-ozone/ozonefs/src/main/java/org/apache/hadoop/fs/ozone/OzoneFileSystem.java
@@ -48,8 +48,6 @@ import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.PathIsNotEmptyDirectoryException;
import org.apache.hadoop.fs.GlobalStorageStatistics;
import org.apache.hadoop.fs.permission.FsPermission;
-import org.apache.hadoop.hdds.conf.OzoneConfiguration;
-import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Progressable;
@@ -87,7 +85,6 @@ public class OzoneFileSystem extends FileSystem {
private Path workingDir;
private OzoneClientAdapter adapter;
- private boolean securityEnabled;
private OzoneFSStorageStatistics storageStatistics;
@@ -174,19 +171,9 @@ public class OzoneFileSystem extends FileSystem {
OzoneClientAdapterFactory.createAdapter(volumeStr, bucketStr);
}
} else {
- OzoneConfiguration ozoneConfiguration;
- if (conf instanceof OzoneConfiguration) {
- ozoneConfiguration = (OzoneConfiguration) conf;
- } else {
- ozoneConfiguration = new OzoneConfiguration(conf);
- }
- SecurityConfig secConfig = new SecurityConfig(ozoneConfiguration);
- if (secConfig.isSecurityEnabled()) {
- this.securityEnabled = true;
- }
this.adapter = new OzoneClientAdapterImpl(omHost,
- Integer.parseInt(omPort), ozoneConfiguration,
+ Integer.parseInt(omPort), conf,
volumeStr, bucketStr, storageStatistics);
}
@@ -701,8 +688,7 @@ public class OzoneFileSystem extends FileSystem {
@Override
public Token<?> getDelegationToken(String renewer) throws IOException {
- return securityEnabled? adapter.getDelegationToken(renewer) :
- super.getDelegationToken(renewer);
+ return adapter.getDelegationToken(renewer);
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org