You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by bo...@apache.org on 2010/06/05 02:10:13 UTC
svn commit: r951618 - in /hadoop/common/trunk: CHANGES.txt
src/java/org/apache/hadoop/security/User.java
src/java/org/apache/hadoop/security/UserGroupInformation.java
src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
Author: boryas
Date: Sat Jun 5 00:10:13 2010
New Revision: 951618
URL: http://svn.apache.org/viewvc?rev=951618&view=rev
Log:
HADOOP-6649. login object in UGI should be inside the subject (jnp via boryas)
Modified:
hadoop/common/trunk/CHANGES.txt
hadoop/common/trunk/src/java/org/apache/hadoop/security/User.java
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=951618&r1=951617&r2=951618&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Sat Jun 5 00:10:13 2010
@@ -65,6 +65,8 @@ Trunk (unreleased changes)
glob pattern code less restrictive and more POSIX standard
compliant. (Luke Lu via eli)
+ HADOOP-6649. login object in UGI should be inside the subject (jnp via boryas)
+
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES
Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/User.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/User.java?rev=951618&r1=951617&r2=951618&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/User.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/User.java Sat Jun 5 00:10:13 2010
@@ -19,6 +19,8 @@ package org.apache.hadoop.security;
import java.security.Principal;
+import javax.security.auth.login.LoginContext;
+
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
/**
@@ -29,12 +31,13 @@ class User implements Principal {
private final String fullName;
private final String shortName;
private AuthenticationMethod authMethod = null;
+ private LoginContext login = null;
public User(String name) {
- this(name, null);
+ this(name, null, null);
}
- public User(String name, AuthenticationMethod authMethod) {
+ public User(String name, AuthenticationMethod authMethod, LoginContext login) {
fullName = name;
int atIdx = name.indexOf('@');
if (atIdx == -1) {
@@ -48,6 +51,7 @@ class User implements Principal {
}
}
this.authMethod = authMethod;
+ this.login = login;
}
/**
@@ -94,4 +98,20 @@ class User implements Principal {
public AuthenticationMethod getAuthenticationMethod() {
return authMethod;
}
+
+ /**
+ * Returns login object
+ * @return login
+ */
+ public LoginContext getLogin() {
+ return login;
+ }
+
+ /**
+ * Set the login object
+ * @param login
+ */
+ public void setLogin(LoginContext login) {
+ this.login = login;
+ }
}
Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java?rev=951618&r1=951617&r2=951618&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java Sat Jun 5 00:10:13 2010
@@ -206,8 +206,6 @@ public class UserGroupInformation {
private final Subject subject;
- private LoginContext login;
-
private static final String OS_LOGIN_MODULE_NAME;
private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
private static final boolean windows =
@@ -330,6 +328,19 @@ public class UserGroupInformation {
return null;
}
}
+
+ private LoginContext getLogin() {
+ for (User p: subject.getPrincipals(User.class)) {
+ return p.getLogin();
+ }
+ return null;
+ }
+
+ private void setLogin(LoginContext login) {
+ for (User p: subject.getPrincipals(User.class)) {
+ p.setLogin(login);
+ }
+ }
/**
* Create a UserGroupInformation for the given subject.
@@ -371,7 +382,7 @@ public class UserGroupInformation {
subject);
}
login.login();
- loginUser.login = login;
+ loginUser.setLogin(login);
loginUser = new UserGroupInformation(login.getSubject());
String tokenFile = System.getenv(HADOOP_TOKEN_FILE_LOCATION);
if (tokenFile != null && isSecurityEnabled()) {
@@ -407,7 +418,7 @@ public class UserGroupInformation {
new LoginContext(HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, subject);
login.login();
loginUser = new UserGroupInformation(subject);
- loginUser.login = login;
+ loginUser.setLogin(login);
} catch (LoginException le) {
throw new IOException("Login failure for " + user + " from keytab " +
path, le);
@@ -427,6 +438,7 @@ public class UserGroupInformation {
throws IOException {
if (!isSecurityEnabled())
return;
+ LoginContext login = getLogin();
if (login == null || keytabFile == null) {
throw new IOException("loginUserFromKeyTab must be done first");
}
@@ -452,6 +464,7 @@ public class UserGroupInformation {
getSubject());
LOG.info("Initiating re-login for " + keytabPrincipal);
login.login();
+ setLogin(login);
} catch (LoginException le) {
throw new IOException("Login failure for " + keytabPrincipal +
" from keytab " + keytabFile, le);
Modified: hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java?rev=951618&r1=951617&r2=951618&view=diff
==============================================================================
--- hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java (original)
+++ hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java Sat Jun 5 00:10:13 2010
@@ -32,6 +32,8 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import javax.security.auth.login.LoginContext;
+
import junit.framework.Assert;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
@@ -287,4 +289,17 @@ public class TestUserGroupInformation {
"proxyAnother", realugi);
Assert.assertEquals(proxyUgi3, proxyUgi4);
}
+
+ @Test
+ public void testLoginObjectInSubject() throws Exception {
+ UserGroupInformation loginUgi = UserGroupInformation.getLoginUser();
+ UserGroupInformation anotherUgi = new UserGroupInformation(loginUgi
+ .getSubject());
+ LoginContext login1 = loginUgi.getSubject().getPrincipals(User.class)
+ .iterator().next().getLogin();
+ LoginContext login2 = anotherUgi.getSubject().getPrincipals(User.class)
+ .iterator().next().getLogin();
+ //login1 and login2 must be same instances
+ Assert.assertTrue(login1 == login2);
+ }
}