Author: cnauroth
Date: Mon Jun 16 20:30:04 2014
New Revision: 1602991
URL: http://svn.apache.org/r1602991
Log:
HADOOP-10683. Users authenticated with KERBEROS are recorded as being
authenticated with SIMPLE. Contributed by Benoy Antony.
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1602991&r1=1602990&r2=1602991&view=diff
==============================================================================
--- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
(original)
+++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Mon Jun
16 20:30:04 2014
@@ -553,6 +553,9 @@ Release 2.5.0 - UNRELEASED
HADOOP-10678. SecurityUtil has unnecessary synchronization on collection
used for only tests. (Benoy Antony via cnauroth)
+ HADOOP-10683. Users authenticated with KERBEROS are recorded as being
+ authenticated with SIMPLE. (Benoy Antony via cnauroth)
+
BREAKDOWN OF HADOOP-10514 SUBTASKS AND RELATED JIRAS
HADOOP-10520. Extended attributes definition and FileSystem APIs for
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java?rev=1602991&r1=1602990&r2=1602991&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Server.java
Mon Jun 16 20:30:04 2014
@@ -1221,7 +1221,7 @@ public abstract class Server {
ugi.addTokenIdentifier(tokenId);
return ugi;
} else {
- return UserGroupInformation.createRemoteUser(authorizedId);
+ return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
}
}
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java?rev=1602991&r1=1602990&r2=1602991&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
Mon Jun 16 20:30:04 2014
@@ -1157,13 +1157,25 @@ public class UserGroupInformation {
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user) {
+ return createRemoteUser(user, AuthMethod.SIMPLE);
+ }
+
+ /**
+ * Create a user from a login name. It is intended to be used for remote
+ * users in RPC, since it won't have any credentials.
+ * @param user the full user principal name, must not be empty or null
+ * @return the UserGroupInformation for the remote user.
+ */
+ @InterfaceAudience.Public
+ @InterfaceStability.Evolving
+ public static UserGroupInformation createRemoteUser(String user, AuthMethod
authMethod) {
if (user == null || user.isEmpty()) {
throw new IllegalArgumentException("Null user");
}
Subject subject = new Subject();
subject.getPrincipals().add(new User(user));
UserGroupInformation result = new UserGroupInformation(subject);
- result.setAuthenticationMethod(AuthenticationMethod.SIMPLE);
+ result.setAuthenticationMethod(authMethod);
return result;
}
Modified:
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
URL:
http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1602991&r1=1602990&r2=1602991&view=diff
==============================================================================
---
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
(original)
+++
hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
Mon Jun 16 20:30:04 2014
@@ -20,6 +20,7 @@ import org.apache.hadoop.conf.Configurat
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.metrics2.MetricsRecordBuilder;
+import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
import org.apache.hadoop.security.authentication.util.KerberosName;
import org.apache.hadoop.security.token.Token;
@@ -31,6 +32,7 @@ import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
+
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
@@ -151,6 +153,18 @@ public class TestUserGroupInformation {
assertEquals(AuthenticationMethod.PROXY, ugi.getAuthenticationMethod());
assertEquals(AuthenticationMethod.SIMPLE,
ugi.getRealAuthenticationMethod());
}
+
+ @Test (timeout = 30000)
+ public void testCreateRemoteUser() {
+ UserGroupInformation ugi = UserGroupInformation.createRemoteUser("user1");
+ assertEquals(AuthenticationMethod.SIMPLE, ugi.getAuthenticationMethod());
+ assertTrue (ugi.toString().contains("(auth:SIMPLE)"));
+ ugi = UserGroupInformation.createRemoteUser("user1",
+ AuthMethod.KERBEROS);
+ assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
+ assertTrue (ugi.toString().contains("(auth:KERBEROS)"));
+ }
+
/** Test login method */
@Test (timeout = 30000)
public void testLogin() throws Exception {
