svn commit: r904339 - in /hadoop/common/trunk: CHANGES.txt src/java/org/apache/hadoop/security/UserGroupInformation.java src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java

Thu, 28 Jan 2010 17:57:24 -0800 

Author: ddas
Date: Fri Jan 29 01:56:57 2010
New Revision: 904339

URL: http://svn.apache.org/viewvc?rev=904339&view=rev
Log:
HADOOP-6517. Fix UserGroupInformation so that tokens are saved/retrieved 
to/from the embedded Subject. Contributed by Owen O'Malley & Kan Zhang.

Modified:
    hadoop/common/trunk/CHANGES.txt
    
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
    
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java

Modified: hadoop/common/trunk/CHANGES.txt
URL: 
http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=904339&r1=904338&r2=904339&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Fri Jan 29 01:56:57 2010
@@ -152,6 +152,9 @@
 
     HADOOP-6489. Fix 3 findbugs warnings. (Erik Steffl via suresh)
 
+    HADOOP-6517. Fix UserGroupInformation so that tokens are saved/retrieved
+    to/from the embedded Subject (Owen O'Malley & Kan Zhang via ddas)
+
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

Modified: 
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java?rev=904339&r1=904338&r2=904339&view=diff
==============================================================================
--- 
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
 (original)
+++ 
hadoop/common/trunk/src/java/org/apache/hadoop/security/UserGroupInformation.java
 Fri Jan 29 01:56:57 2010
@@ -198,8 +198,6 @@
   private static String keytabFile = null;
 
   private final Subject subject;
-  private final Set<Token<? extends TokenIdentifier>> tokens =
-                  new LinkedHashSet<Token<? extends TokenIdentifier>>();
   
   private static final String OS_LOGIN_MODULE_NAME;
   private static final Class<? extends Principal> OS_PRINCIPAL_CLASS;
@@ -443,7 +441,7 @@
    * @return true on successful add of new token
    */
   public synchronized boolean addToken(Token<? extends TokenIdentifier> token) 
{
-    return tokens.add(token);
+    return subject.getPrivateCredentials().add(token);
   }
   
   /**
@@ -451,8 +449,16 @@
    * 
    * @return an unmodifiable collection of tokens associated with user
    */
-  public synchronized Collection<Token<? extends TokenIdentifier>> getTokens() 
{
-    return Collections.unmodifiableSet(tokens);
+  public synchronized
+  Collection<Token<? extends TokenIdentifier>> getTokens() {
+    Set<Object> creds = subject.getPrivateCredentials();
+    List<Token<?>> result = new ArrayList<Token<?>>(creds.size());
+    for(Object o: creds) {
+      if (o instanceof Token<?>) {
+        result.add((Token<?>) o);
+      }
+    }
+    return Collections.unmodifiableList(result);
   }
 
   /**

Modified: 
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
URL: 
http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java?rev=904339&r1=904338&r2=904339&view=diff
==============================================================================
--- 
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
 (original)
+++ 
hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestUserGroupInformation.java
 Fri Jan 29 01:56:57 2010
@@ -27,6 +27,7 @@
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -164,12 +165,12 @@
   
   @SuppressWarnings("unchecked") // from Mockito mocks
   @Test
-  public void testUGITokens() {
+  public <T extends TokenIdentifier> void testUGITokens() throws Exception {
     UserGroupInformation ugi = 
       UserGroupInformation.createUserForTesting("TheDoctor", 
                                                 new String [] { "TheTARDIS"});
-    Token t1 = mock(Token.class);
-    Token t2 = mock(Token.class);
+    Token<T> t1 = mock(Token.class);
+    Token<T> t2 = mock(Token.class);
     
     ugi.addToken(t1);
     ugi.addToken(t2);
@@ -185,5 +186,15 @@
     } catch(UnsupportedOperationException uoe) {
       // Can't modify tokens
     }
+    
+    // ensure that the tokens are passed through doAs
+    Collection<Token<? extends TokenIdentifier>> otherSet = 
+      ugi.doAs(new PrivilegedExceptionAction<Collection<Token<?>>>(){
+        public Collection<Token<?>> run() throws IOException {
+          return UserGroupInformation.getCurrentUser().getTokens();
+        }
+      });
+    assertTrue(otherSet.contains(t1));
+    assertTrue(otherSet.contains(t2));
   }
 }

Reply via email to