You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by su...@apache.org on 2013/03/13 15:24:48 UTC
svn commit: r1455953 - in /hadoop/common/branches/branch-1: CHANGES.txt
src/core/org/apache/hadoop/security/UserGroupInformation.java
src/test/org/apache/hadoop/security/TestUserGroupInformation.java
Author: suresh
Date: Wed Mar 13 14:24:47 2013
New Revision: 1455953
URL: http://svn.apache.org/r1455953
Log:
HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from non-Hadoop JAAS context. Backported by Suresh Srinivas.
Modified:
hadoop/common/branches/branch-1/CHANGES.txt
hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1455953&r1=1455952&r2=1455953&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Wed Mar 13 14:24:47 2013
@@ -536,6 +536,9 @@ Release 1.2.0 - unreleased
HADOOP-9379. capture the ulimit info after printing the log to the console.
(Arpit Gupta via suresh)
+ HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from
+ non-Hadoop JAAS context. (todd, backported by suresh)
+
Release 1.1.2 - 2013.01.30
INCOMPATIBLE CHANGES
Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1455953&r1=1455952&r2=1455953&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java (original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java Wed Mar 13 14:24:47 2013
@@ -465,7 +465,11 @@ public class UserGroupInformation {
static UserGroupInformation getCurrentUser() throws IOException {
AccessControlContext context = AccessController.getContext();
Subject subject = Subject.getSubject(context);
- return subject == null ? getLoginUser() : new UserGroupInformation(subject);
+ if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
+ return getLoginUser();
+ } else {
+ return new UserGroupInformation(subject);
+ }
}
/**
Modified: hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1455953&r1=1455952&r2=1455953&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java (original)
+++ hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java Wed Mar 13 14:24:47 2013
@@ -16,12 +16,7 @@
*/
package org.apache.hadoop.security;
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
+import static org.junit.Assert.*;
import static org.mockito.Mockito.mock;
import java.io.BufferedReader;
@@ -32,6 +27,7 @@ import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.Set;
+import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import junit.framework.Assert;
@@ -339,4 +335,22 @@ public class TestUserGroupInformation {
assertGaugeGt("loginFailure_avg_time", 0, rb);
}
}
+
+ /**
+ * Test for the case that UserGroupInformation.getCurrentUser()
+ * is called when the AccessControlContext has a Subject associated
+ * with it, but that Subject was not created by Hadoop (ie it has no
+ * associated User principal)
+ */
+ @Test
+ public void testUGIUnderNonHadoopContext() throws Exception {
+ Subject nonHadoopSubject = new Subject();
+ Subject.doAs(nonHadoopSubject, new PrivilegedExceptionAction<Void>() {
+ public Void run() throws IOException {
+ UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
+ assertNotNull(ugi);
+ return null;
+ }
+ });
+ }
}