You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:59:05 UTC

svn commit: r1077277 - /hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java

Author: omalley
Date: Fri Mar  4 03:59:05 2011
New Revision: 1077277

URL: http://svn.apache.org/viewvc?rev=1077277&view=rev
Log:
commit 4db2841ee4a4c3b8f1477a219f9111b3fed5a19c
Author: Devaraj Das <dd...@yahoo-inc.com>
Date:   Wed Mar 3 18:53:33 2010 -0800

    MAPREDUCE:1559 from https://issues.apache.org/jira/secure/attachment/12437821/mr-1559.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    MAPREDUCE-1559. Fixes a problem in DelegationTokenRenewal class to
    +    do with using the right credentials when talking to the NameNode.(ddas)
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java?rev=1077277&r1=1077276&r2=1077277&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java Fri Mar  4 03:59:05 2011
@@ -21,6 +21,9 @@ package org.apache.hadoop.mapreduce.secu
 import java.io.IOException;
 import java.net.URI;
 import org.apache.hadoop.security.AccessControlException;
+import org.apache.hadoop.security.UserGroupInformation;
+
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -194,12 +197,20 @@ public class DelegationTokenRenewal {
   }
   
   private static DistributedFileSystem getDFSForToken(
-      Token<DelegationTokenIdentifier> token, Configuration conf) 
+      Token<DelegationTokenIdentifier> token, final Configuration conf) 
   throws Exception {
     DistributedFileSystem dfs = null;
     try {
-      URI uri = new URI (SCHEME + "://" + token.getService().toString());
-      dfs =  (DistributedFileSystem) FileSystem.get(uri, conf);
+      final URI uri = new URI (SCHEME + "://" + token.getService().toString());
+      dfs = (DistributedFileSystem)
+      UserGroupInformation.getLoginUser().doAs(
+          new PrivilegedExceptionAction<DistributedFileSystem>() {
+        public DistributedFileSystem run() throws IOException {
+          return (DistributedFileSystem) FileSystem.get(uri, conf);  
+        }
+      });
+
+      
     } catch (Exception e) {
       LOG.warn("Failed to create a dfs to renew for:" + token.getService(), e);
       throw e;