You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bo...@apache.org on 2013/12/18 22:34:10 UTC
svn commit: r1552112 - in
/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common:
CHANGES.txt
src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Author: bobby
Date: Wed Dec 18 21:34:10 2013
New Revision: 1552112
URL: http://svn.apache.org/r1552112
Log:
HADOOP-10164. Allow UGI to login with a known Subject (bobby)
Modified:
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1552112&r1=1552111&r2=1552112&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/CHANGES.txt Wed Dec 18 21:34:10 2013
@@ -10,6 +10,8 @@ Release 0.23.11 - UNRELEASED
HADOOP-10148. backport hadoop-10107 to branch-0.23 (Chen He via jeagles)
+ HADOOP-10164. Allow UGI to login with a known Subject (bobby)
+
OPTIMIZATIONS
BUG FIXES
Modified: hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1552112&r1=1552111&r2=1552112&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/branches/branch-0.23/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Wed Dec 18 21:34:10 2013
@@ -435,7 +435,7 @@ public class UserGroupInformation {
private static final AppConfigurationEntry[] SIMPLE_CONF =
new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, HADOOP_LOGIN};
-
+
private static final AppConfigurationEntry[] USER_KERBEROS_CONF =
new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, USER_KERBEROS_LOGIN,
HADOOP_LOGIN};
@@ -525,49 +525,65 @@ public class UserGroupInformation {
public synchronized
static UserGroupInformation getLoginUser() throws IOException {
if (loginUser == null) {
- try {
- Subject subject = new Subject();
- LoginContext login;
- if (isSecurityEnabled()) {
- login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
- subject);
- } else {
- login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME,
- subject);
- }
- login.login();
- UserGroupInformation realUser = new UserGroupInformation(subject);
- realUser.setLogin(login);
- realUser.setAuthenticationMethod(isSecurityEnabled() ?
- AuthenticationMethod.KERBEROS :
- AuthenticationMethod.SIMPLE);
- realUser = new UserGroupInformation(login.getSubject());
- // If the HADOOP_PROXY_USER environment variable or property
- // is specified, create a proxy user as the logged in user.
- String proxyUser = System.getenv(HADOOP_PROXY_USER);
- if (proxyUser == null) {
- proxyUser = System.getProperty(HADOOP_PROXY_USER);
- }
- setLoginUser(proxyUser == null ? realUser : createProxyUser(proxyUser, realUser));
-
- String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
- if (fileLocation != null) {
- // Load the token storage file and put all of the tokens into the
- // user. Don't use the FileSystem API for reading since it has a lock
- // cycle (HADOOP-9212).
- Credentials cred = Credentials.readTokenStorageFile(
- new File(fileLocation), conf);
- loginUser.addCredentials(cred);
- }
- loginUser.spawnAutoRenewalThreadForUserCreds();
- } catch (LoginException le) {
- throw new IOException("failure to login", le);
+ loginUserFromSubject(null);
+ }
+ return loginUser;
+ }
+
+ /**
+ * Log in a user using the given subject
+ * @parma subject the subject to use when logging in a user, or null to
+ * create a new subject.
+ * @throws IOException if login fails
+ */
+ @InterfaceAudience.Public
+ @InterfaceStability.Evolving
+ public synchronized
+ static void loginUserFromSubject(Subject subject) throws IOException {
+ ensureInitialized();
+ try {
+ if (subject == null) {
+ subject = new Subject();
+ }
+ LoginContext login;
+ if (isSecurityEnabled()) {
+ login = newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME,
+ subject);
+ } else {
+ login = newLoginContext(HadoopConfiguration.SIMPLE_CONFIG_NAME,
+ subject);
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("UGI loginUser:"+loginUser);
+ login.login();
+ UserGroupInformation realUser = new UserGroupInformation(subject);
+ realUser.setLogin(login);
+ realUser.setAuthenticationMethod(isSecurityEnabled() ?
+ AuthenticationMethod.KERBEROS :
+ AuthenticationMethod.SIMPLE);
+ realUser = new UserGroupInformation(login.getSubject());
+ // If the HADOOP_PROXY_USER environment variable or property
+ // is specified, create a proxy user as the logged in user.
+ String proxyUser = System.getenv(HADOOP_PROXY_USER);
+ if (proxyUser == null) {
+ proxyUser = System.getProperty(HADOOP_PROXY_USER);
+ }
+ setLoginUser(proxyUser == null ? realUser : createProxyUser(proxyUser, realUser));
+
+ String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
+ if (fileLocation != null) {
+ // Load the token storage file and put all of the tokens into the
+ // user. Don't use the FileSystem API for reading since it has a lock
+ // cycle (HADOOP-9212).
+ Credentials cred = Credentials.readTokenStorageFile(
+ new File(fileLocation), conf);
+ loginUser.addCredentials(cred);
}
+ loginUser.spawnAutoRenewalThreadForUserCreds();
+ } catch (LoginException le) {
+ throw new IOException("failure to login", le);
}
- return loginUser;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("UGI loginUser:"+loginUser);
+ }
}
@InterfaceAudience.Private