Author: cnauroth Date: Mon Jun 16 20:30:04 2014 New Revision: 1602991 URL: http://svn.apache.org/r1602991 Log: HADOOP-10683. Users authenticated with KERBEROS are recorded as being authenticated with SIMPLE. Contributed by Benoy Antony.
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1602991&r1=1602990&r2=1602991&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Mon Jun 16 20:30:04 2014 @@ -553,6 +553,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10678. SecurityUtil has unnecessary synchronization on collection used for only tests. (Benoy Antony via cnauroth) + HADOOP-10683. Users authenticated with KERBEROS are recorded as being + authenticated with SIMPLE. (Benoy Antony via cnauroth) + BREAKDOWN OF HADOOP-10514 SUBTASKS AND RELATED JIRAS HADOOP-10520. Extended attributes definition and FileSystem APIs for Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java?rev=1602991&r1=1602990&r2=1602991&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java Mon Jun 16 20:30:04 2014 @@ -1221,7 +1221,7 @@ public abstract class Server { ugi.addTokenIdentifier(tokenId); return ugi; } else { - return UserGroupInformation.createRemoteUser(authorizedId); + return UserGroupInformation.createRemoteUser(authorizedId, authMethod); } } Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1602991&r1=1602990&r2=1602991&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java Mon Jun 16 20:30:04 2014 @@ -1157,13 +1157,25 @@ public class UserGroupInformation { @InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createRemoteUser(String user) { + return createRemoteUser(user, AuthMethod.SIMPLE); + } + + /** + * Create a user from a login name. It is intended to be used for remote + * users in RPC, since it won't have any credentials. + * @param user the full user principal name, must not be empty or null + * @return the UserGroupInformation for the remote user. + */ + @InterfaceAudience.Public + @InterfaceStability.Evolving + public static UserGroupInformation createRemoteUser(String user, AuthMethod authMethod) { if (user == null || user.isEmpty()) { throw new IllegalArgumentException("Null user"); } Subject subject = new Subject(); subject.getPrincipals().add(new User(user)); UserGroupInformation result = new UserGroupInformation(subject); - result.setAuthenticationMethod(AuthenticationMethod.SIMPLE); + result.setAuthenticationMethod(authMethod); return result; } Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1602991&r1=1602990&r2=1602991&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java Mon Jun 16 20:30:04 2014 @@ -20,6 +20,7 @@ import org.apache.hadoop.conf.Configurat import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.io.Text; import org.apache.hadoop.metrics2.MetricsRecordBuilder; +import org.apache.hadoop.security.SaslRpcServer.AuthMethod; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; import org.apache.hadoop.security.authentication.util.KerberosName; import org.apache.hadoop.security.token.Token; @@ -31,6 +32,7 @@ import javax.security.auth.Subject; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.LoginContext; + import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; @@ -151,6 +153,18 @@ public class TestUserGroupInformation { assertEquals(AuthenticationMethod.PROXY, ugi.getAuthenticationMethod()); assertEquals(AuthenticationMethod.SIMPLE, ugi.getRealAuthenticationMethod()); } + + @Test (timeout = 30000) + public void testCreateRemoteUser() { + UserGroupInformation ugi = UserGroupInformation.createRemoteUser("user1"); + assertEquals(AuthenticationMethod.SIMPLE, ugi.getAuthenticationMethod()); + assertTrue (ugi.toString().contains("(auth:SIMPLE)")); + ugi = UserGroupInformation.createRemoteUser("user1", + AuthMethod.KERBEROS); + assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod()); + assertTrue (ugi.toString().contains("(auth:KERBEROS)")); + } + /** Test login method */ @Test (timeout = 30000) public void testLogin() throws Exception {