Author: bobby Date: Wed Dec 18 21:26:13 2013 New Revision: 1552106 URL: http://svn.apache.org/r1552106 Log: svn merge -c 1552104 FIXES: HADOOP-10164. Allow UGI to login with a known Subject (bobby)
Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1552106&r1=1552105&r2=1552106&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/CHANGES.txt Wed Dec 18 21:26:13 2013 @@ -107,6 +107,8 @@ Release 2.4.0 - UNRELEASED HADOOP-10168. fix javadoc of ReflectionUtils#copy. (Thejas Nair via suresh) + HADOOP-10164. Allow UGI to login with a known Subject (bobby) + OPTIMIZATIONS HADOOP-9748. Reduce blocking on UGI.ensureInitialized (daryn) Modified: hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1552106&r1=1552105&r2=1552106&view=diff ============================================================================== --- hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original) +++ hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Wed Dec 18 21:26:13 2013 @@ -465,7 +465,7 @@ public class UserGroupInformation { private static final AppConfigurationEntry[] SIMPLE_CONF = new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, HADOOP_LOGIN}; - + private static final AppConfigurationEntry[] USER_KERBEROS_CONF = new AppConfigurationEntry[]{OS_SPECIFIC_LOGIN, USER_KERBEROS_LOGIN, HADOOP_LOGIN}; @@ -670,44 +670,59 @@ public class UserGroupInformation { public synchronized static UserGroupInformation getLoginUser() throws IOException { if (loginUser == null) { - ensureInitialized(); - try { - Subject subject = new Subject(); - LoginContext login = - newLoginContext(authenticationMethod.getLoginAppName(), - subject, new HadoopConfiguration()); - login.login(); - UserGroupInformation realUser = new UserGroupInformation(subject); - realUser.setLogin(login); - realUser.setAuthenticationMethod(authenticationMethod); - realUser = new UserGroupInformation(login.getSubject()); - // If the HADOOP_PROXY_USER environment variable or property - // is specified, create a proxy user as the logged in user. - String proxyUser = System.getenv(HADOOP_PROXY_USER); - if (proxyUser == null) { - proxyUser = System.getProperty(HADOOP_PROXY_USER); - } - loginUser = proxyUser == null ? realUser : createProxyUser(proxyUser, realUser); - - String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION); - if (fileLocation != null) { - // Load the token storage file and put all of the tokens into the - // user. Don't use the FileSystem API for reading since it has a lock - // cycle (HADOOP-9212). - Credentials cred = Credentials.readTokenStorageFile( - new File(fileLocation), conf); - loginUser.addCredentials(cred); - } - loginUser.spawnAutoRenewalThreadForUserCreds(); - } catch (LoginException le) { - LOG.debug("failure to login", le); - throw new IOException("failure to login", le); + loginUserFromSubject(null); + } + return loginUser; + } + + /** + * Log in a user using the given subject + * @parma subject the subject to use when logging in a user, or null to + * create a new subject. + * @throws IOException if login fails + */ + @InterfaceAudience.Public + @InterfaceStability.Evolving + public synchronized + static void loginUserFromSubject(Subject subject) throws IOException { + ensureInitialized(); + try { + if (subject == null) { + subject = new Subject(); + } + LoginContext login = + newLoginContext(authenticationMethod.getLoginAppName(), + subject, new HadoopConfiguration()); + login.login(); + UserGroupInformation realUser = new UserGroupInformation(subject); + realUser.setLogin(login); + realUser.setAuthenticationMethod(authenticationMethod); + realUser = new UserGroupInformation(login.getSubject()); + // If the HADOOP_PROXY_USER environment variable or property + // is specified, create a proxy user as the logged in user. + String proxyUser = System.getenv(HADOOP_PROXY_USER); + if (proxyUser == null) { + proxyUser = System.getProperty(HADOOP_PROXY_USER); } - if (LOG.isDebugEnabled()) { - LOG.debug("UGI loginUser:"+loginUser); + loginUser = proxyUser == null ? realUser : createProxyUser(proxyUser, realUser); + + String fileLocation = System.getenv(HADOOP_TOKEN_FILE_LOCATION); + if (fileLocation != null) { + // Load the token storage file and put all of the tokens into the + // user. Don't use the FileSystem API for reading since it has a lock + // cycle (HADOOP-9212). + Credentials cred = Credentials.readTokenStorageFile( + new File(fileLocation), conf); + loginUser.addCredentials(cred); } + loginUser.spawnAutoRenewalThreadForUserCreds(); + } catch (LoginException le) { + LOG.debug("failure to login", le); + throw new IOException("failure to login", le); } - return loginUser; + if (LOG.isDebugEnabled()) { + LOG.debug("UGI loginUser:"+loginUser); + } } @InterfaceAudience.Private