You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bo...@apache.org on 2013/12/18 22:20:57 UTC
svn commit: r1552104 - in
/hadoop/common/trunk/hadoop-common-project/hadoop-common: CHANGES.txt
src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Author: bobby
Date: Wed Dec 18 21:20:56 2013
New Revision: 1552104
URL: http://svn.apache.org/r1552104
Log:
HADOOP-10164. Allow UGI to login with a known Subject (bobby)
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1552104&r1=1552103&r2=1552104&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Wed Dec 18 21:20:56 2013
@@ -399,6 +399,8 @@ Release 2.4.0 - UNRELEASED
HADOOP-10168. fix javadoc of ReflectionUtils#copy. (Thejas Nair via suresh)
+ HADOOP-10164. Allow UGI to login with a known Subject (bobby)
+
OPTIMIZATIONS
HADOOP-9748. Reduce blocking on UGI.ensureInitialized (daryn)
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1552104&r1=1552103&r2=1552104&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Wed Dec 18 21:20:56 2013
@@ -477,7 +477,7 @@ public class UserGroupInformation {
private static final AppConfigurationEntry[] SIMPLE_CONF =
new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, HADOOP_LOGIN};
-
+
private static final AppConfigurationEntry[] USER_KERBEROS_CONF =
new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, USER_KERBEROS_LOGIN,
HADOOP_LOGIN};
@@ -682,44 +682,59 @@ public class UserGroupInformation {
public synchronized
static UserGroupInformation getLoginUser() throws IOException {
if (loginUser == null) {
- ensureInitialized();
- try {
- Subject subject = new Subject();
- LoginContext login =
- newLoginContext(authenticationMethod.getLoginAppName(),
- subject, new HadoopConfiguration());
- login.login();
- UserGroupInformation realUser = new UserGroupInformation(subject);
- realUser.setLogin(login);
- realUser.setAuthenticationMethod(authenticationMethod);
- realUser = new UserGroupInformation(login.getSubject());
- // If the HADOOP_PROXY_USER environment variable or property
- // is specified, create a proxy user as the logged in user.
- String proxyUser = System.getenv(HADOOP_PROXY_USER);
- if (proxyUser == null) {
- proxyUser = System.getProperty(HADOOP_PROXY_USER);
- }
- loginUser = proxyUser == null ? realUser : createProxyUser(proxyUser, realUser);
-
- String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
- if (fileLocation != null) {
- // Load the token storage file and put all of the tokens into the
- // user. Don't use the FileSystem API for reading since it has a lock
- // cycle (HADOOP-9212).
- Credentials cred = Credentials.readTokenStorageFile(
- new File(fileLocation), conf);
- loginUser.addCredentials(cred);
- }
- loginUser.spawnAutoRenewalThreadForUserCreds();
- } catch (LoginException le) {
- LOG.debug("failure to login", le);
- throw new IOException("failure to login", le);
+ loginUserFromSubject(null);
+ }
+ return loginUser;
+ }
+
+ /**
+ * Log in a user using the given subject
+ * @parma subject the subject to use when logging in a user, or null to
+ * create a new subject.
+ * @throws IOException if login fails
+ */
+ @InterfaceAudience.Public
+ @InterfaceStability.Evolving
+ public synchronized
+ static void loginUserFromSubject(Subject subject) throws IOException {
+ ensureInitialized();
+ try {
+ if (subject == null) {
+ subject = new Subject();
+ }
+ LoginContext login =
+ newLoginContext(authenticationMethod.getLoginAppName(),
+ subject, new HadoopConfiguration());
+ login.login();
+ UserGroupInformation realUser = new UserGroupInformation(subject);
+ realUser.setLogin(login);
+ realUser.setAuthenticationMethod(authenticationMethod);
+ realUser = new UserGroupInformation(login.getSubject());
+ // If the HADOOP_PROXY_USER environment variable or property
+ // is specified, create a proxy user as the logged in user.
+ String proxyUser = System.getenv(HADOOP_PROXY_USER);
+ if (proxyUser == null) {
+ proxyUser = System.getProperty(HADOOP_PROXY_USER);
}
- if (LOG.isDebugEnabled()) {
- LOG.debug("UGI loginUser:"+loginUser);
+ loginUser = proxyUser == null ? realUser : createProxyUser(proxyUser, realUser);
+
+ String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
+ if (fileLocation != null) {
+ // Load the token storage file and put all of the tokens into the
+ // user. Don't use the FileSystem API for reading since it has a lock
+ // cycle (HADOOP-9212).
+ Credentials cred = Credentials.readTokenStorageFile(
+ new File(fileLocation), conf);
+ loginUser.addCredentials(cred);
}
+ loginUser.spawnAutoRenewalThreadForUserCreds();
+ } catch (LoginException le) {
+ LOG.debug("failure to login", le);
+ throw new IOException("failure to login", le);
}
- return loginUser;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("UGI loginUser:"+loginUser);
+ }
}
@InterfaceAudience.Private