Revert "HADOOP-13081. add the ability to create multiple UGIs/subjects from one kerberos login. Contributed by Sergey Shelukhin."
This reverts commit 0458a2af6e925d023882714e8b7b0568eca7a775. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/1e0ea27e Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/1e0ea27e Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/1e0ea27e Branch: refs/heads/YARN-2915 Commit: 1e0ea27e9602efba102b2145d0240ecc9d5845a1 Parents: 236ac77 Author: Chris Nauroth <cnaur...@apache.org> Authored: Thu Sep 29 13:59:09 2016 -0700 Committer: Chris Nauroth <cnaur...@apache.org> Committed: Thu Sep 29 13:59:09 2016 -0700 ---------------------------------------------------------------------- .../hadoop/security/UserGroupInformation.java | 29 +------------------- .../security/TestUserGroupInformation.java | 27 ------------------ 2 files changed, 1 insertion(+), 55 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/1e0ea27e/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java index ed3a9d0..bcdfd53 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java @@ -38,7 +38,6 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashMap; -import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; @@ -652,33 +651,7 @@ public class UserGroupInformation { } this.isKrbTkt = KerberosUtil.hasKerberosTicket(subject); } - - /** - * Copies the Subject of this UGI and creates a new UGI with the new subject. - * This can be used to add credentials (e.g. tokens) to different copies of - * the same UGI, allowing multiple users with different tokens to reuse the - * UGI without re-authenticating with Kerberos. - * @return clone of the UGI with a new subject. - */ - @InterfaceAudience.Public - @InterfaceStability.Evolving - public UserGroupInformation copySubjectAndUgi() { - Subject subj = getSubject(); - // The ctor will set other fields automatically from the principals. - return new UserGroupInformation(new Subject(false, subj.getPrincipals(), - cloneCredentials(subj.getPublicCredentials()), - cloneCredentials(subj.getPrivateCredentials()))); - } - - private static Set<Object> cloneCredentials(Set<Object> old) { - Set<Object> set = new HashSet<>(); - // Make sure Hadoop credentials objects do not reuse the maps. - for (Object o : old) { - set.add(o instanceof Credentials ? new Credentials((Credentials)o) : o); - } - return set; - } - + /** * checks if logged in using kerberos * @return true if the subject logged via keytab or has a Kerberos TGT http://git-wip-us.apache.org/repos/asf/hadoop/blob/1e0ea27e/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java index e45d70d..09a5807 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java @@ -50,7 +50,6 @@ import java.security.PrivilegedExceptionAction; import java.util.Collection; import java.util.ConcurrentModificationException; import java.util.LinkedHashSet; -import java.util.List; import java.util.Set; import static org.apache.hadoop.fs.CommonConfigurationKeys.HADOOP_USER_GROUP_METRICS_PERCENTILES_INTERVALS; @@ -899,32 +898,6 @@ public class TestUserGroupInformation { assertEquals(1, tokens.size()); } - @Test(timeout = 30000) - public void testCopySubjectAndUgi() throws IOException { - SecurityUtil.setAuthenticationMethod(AuthenticationMethod.SIMPLE, conf); - UserGroupInformation.setConfiguration(conf); - UserGroupInformation u1 = UserGroupInformation.getLoginUser(); - assertNotNull(u1); - @SuppressWarnings("unchecked") - Token<? extends TokenIdentifier> tmpToken = mock(Token.class); - u1.addToken(tmpToken); - - UserGroupInformation u2 = u1.copySubjectAndUgi(); - assertEquals(u1.getAuthenticationMethod(), u2.getAuthenticationMethod()); - assertNotSame(u1.getSubject(), u2.getSubject()); - Credentials c1 = u1.getCredentials(), c2 = u2.getCredentials(); - List<Text> sc1 = c1.getAllSecretKeys(), sc2 = c2.getAllSecretKeys(); - assertArrayEquals(sc1.toArray(new Text[0]), sc2.toArray(new Text[0])); - Collection<Token<? extends TokenIdentifier>> ts1 = c1.getAllTokens(), - ts2 = c2.getAllTokens(); - assertArrayEquals(ts1.toArray(new Token[0]), ts2.toArray(new Token[0])); - @SuppressWarnings("unchecked") - Token<? extends TokenIdentifier> token = mock(Token.class); - u2.addToken(token); - assertTrue(u2.getCredentials().getAllTokens().contains(token)); - assertFalse(u1.getCredentials().getAllTokens().contains(token)); - } - /** * This test checks a race condition between getting and adding tokens for * the current user. Calling UserGroupInformation.getCurrentUser() returns --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org