You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 04:59:05 UTC
svn commit: r1077277 -
/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java
Author: omalley
Date: Fri Mar 4 03:59:05 2011
New Revision: 1077277
URL: http://svn.apache.org/viewvc?rev=1077277&view=rev
Log:
commit 4db2841ee4a4c3b8f1477a219f9111b3fed5a19c
Author: Devaraj Das <dd...@yahoo-inc.com>
Date: Wed Mar 3 18:53:33 2010 -0800
MAPREDUCE:1559 from https://issues.apache.org/jira/secure/attachment/12437821/mr-1559.patch
+++ b/YAHOO-CHANGES.txt
+ MAPREDUCE-1559. Fixes a problem in DelegationTokenRenewal class to
+ do with using the right credentials when talking to the NameNode.(ddas)
+
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java?rev=1077277&r1=1077276&r2=1077277&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapreduce/security/token/DelegationTokenRenewal.java Fri Mar 4 03:59:05 2011
@@ -21,6 +21,9 @@ package org.apache.hadoop.mapreduce.secu
import java.io.IOException;
import java.net.URI;
import org.apache.hadoop.security.AccessControlException;
+import org.apache.hadoop.security.UserGroupInformation;
+
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -194,12 +197,20 @@ public class DelegationTokenRenewal {
}
private static DistributedFileSystem getDFSForToken(
- Token<DelegationTokenIdentifier> token, Configuration conf)
+ Token<DelegationTokenIdentifier> token, final Configuration conf)
throws Exception {
DistributedFileSystem dfs = null;
try {
- URI uri = new URI (SCHEME + "://" + token.getService().toString());
- dfs = (DistributedFileSystem) FileSystem.get(uri, conf);
+ final URI uri = new URI (SCHEME + "://" + token.getService().toString());
+ dfs = (DistributedFileSystem)
+ UserGroupInformation.getLoginUser().doAs(
+ new PrivilegedExceptionAction<DistributedFileSystem>() {
+ public DistributedFileSystem run() throws IOException {
+ return (DistributedFileSystem) FileSystem.get(uri, conf);
+ }
+ });
+
+
} catch (Exception e) {
LOG.warn("Failed to create a dfs to renew for:" + token.getService(), e);
throw e;