hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bor...@apache.org
Subject svn commit: r957074 - in /hadoop/common/trunk: ./ src/java/org/apache/hadoop/security/ src/java/org/apache/hadoop/security/authorize/ src/test/core/org/apache/hadoop/security/
Date Tue, 22 Jun 2010 23:04:33 GMT
Author: boryas
Date: Tue Jun 22 23:04:33 2010
New Revision: 957074

URL: http://svn.apache.org/viewvc?rev=957074&view=rev
Log:
HADOOP-6815. refreshSuperUserGroupsConfiguration should use server side configuration for
the refresh

Modified:
    hadoop/common/trunk/CHANGES.txt
    hadoop/common/trunk/src/java/org/apache/hadoop/security/Groups.java
    hadoop/common/trunk/src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
    hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ProxyUsers.java
    hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java

Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=957074&r1=957073&r2=957074&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Tue Jun 22 23:04:33 2010
@@ -91,6 +91,9 @@ Trunk (unreleased changes)
     HADOOP-6652. Removes the unnecessary cache from ShellBasedUnixGroupsMapping.
     (ddas)
 
+    HADOOP-6815. refreshSuperUserGroupsConfiguration should use server side 
+configuration for the refresh (boryas)
+
 Release 0.21.0 - Unreleased
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/Groups.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/Groups.java?rev=957074&r1=957073&r2=957074&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/Groups.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/Groups.java Tue Jun 22 23:04:33
2010
@@ -121,6 +121,15 @@ public class Groups {
    * Get the groups being used to map user-to-groups.
    * @return the groups being used to map user-to-groups.
    */
+  public static Groups getUserToGroupsMappingService() {
+    return getUserToGroupsMappingService(new Configuration()); 
+  }
+  
+  /**
+   * Get the groups being used to map user-to-groups.
+   * @param Configuration
+   * @return the groups being used to map user-to-groups.
+   */
   public static Groups getUserToGroupsMappingService(Configuration conf) {
     if(GROUPS == null) {
       LOG.debug(" Creating new Groups object");

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java?rev=957074&r1=957073&r2=957074&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
(original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/RefreshUserMappingsProtocol.java
Tue Jun 22 23:04:33 2010
@@ -46,13 +46,12 @@ public interface RefreshUserMappingsProt
    * @param conf
    * @throws IOException
    */
-  public void refreshUserToGroupsMappings(Configuration conf) throws IOException;
+  public void refreshUserToGroupsMappings() throws IOException;
   
   /**
    * Refresh superuser proxy group list
-   * @param conf
    * @throws IOException
    */
-  public void refreshSuperUserGroupsConfiguration(Configuration conf) 
+  public void refreshSuperUserGroupsConfiguration() 
   throws IOException;
 }

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ProxyUsers.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ProxyUsers.java?rev=957074&r1=957073&r2=957074&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ProxyUsers.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/authorize/ProxyUsers.java Tue
Jun 22 23:04:33 2010
@@ -37,7 +37,7 @@ public class ProxyUsers {
   public static final String CONF_GROUPS = ".groups";
   public static final String CONF_HADOOP_PROXYUSER = "hadoop.proxyuser.";
   public static final String CONF_HADOOP_PROXYUSER_RE = "hadoop\\.proxyuser\\.";
-  private static Configuration conf=null;
+  private static boolean init = false;
   // list of groups and hosts per proxyuser
   private static Map<String, Collection<String>> proxyGroups = 
     new HashMap<String, Collection<String>>();
@@ -47,9 +47,17 @@ public class ProxyUsers {
   /**
    * reread the conf and get new values for "hadoop.proxyuser.*.groups/hosts"
    */
-  public static synchronized void refreshSuperUserGroupsConfiguration(Configuration cn) {
-    conf = cn;
+  public static void refreshSuperUserGroupsConfiguration() {
+    //load server side configuration;
+    refreshSuperUserGroupsConfiguration(new Configuration());
+  }
 
+  /**
+   * refresh configuration
+   * @param conf
+   */
+  public static synchronized void refreshSuperUserGroupsConfiguration(Configuration conf)
{
+    
     // remove alle existing stuff
     proxyGroups.clear();
     proxyHosts.clear();
@@ -69,6 +77,8 @@ public class ProxyUsers {
       proxyHosts.put(entry.getKey(),
           StringUtils.getStringCollection(entry.getValue()));
     }
+    
+    init = true;
   }
 
   /**
@@ -102,8 +112,8 @@ public class ProxyUsers {
   public static synchronized void authorize(UserGroupInformation user, 
       String remoteAddress, Configuration newConf) throws AuthorizationException {
 
-    if(conf == null) {
-      refreshSuperUserGroupsConfiguration(newConf); 
+    if(!init) {
+      refreshSuperUserGroupsConfiguration(); 
     }
 
     if (user.getRealUser() == null) {
@@ -116,7 +126,7 @@ public class ProxyUsers {
     Collection<String> allowedUserGroups = proxyGroups.get(
         getProxySuperuserGroupConfKey(superUser.getShortUserName()));
     
-    if (!allowedUserGroups.isEmpty()) {
+    if (allowedUserGroups != null && !allowedUserGroups.isEmpty()) {
       for (String group : user.getGroupNames()) {
         if (allowedUserGroups.contains(group)) {
           groupAuthorized = true;
@@ -133,7 +143,7 @@ public class ProxyUsers {
     Collection<String> ipList = proxyHosts.get(
         getProxySuperuserIpConfKey(superUser.getShortUserName()));
     
-    if (!ipList.isEmpty()) {
+    if (ipList != null && !ipList.isEmpty()) {
       for (String allowedHost : ipList) {
         InetAddress hostAddr;
         try {

Modified: hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java?rev=957074&r1=957073&r2=957074&view=diff
==============================================================================
--- hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java
(original)
+++ hadoop/common/trunk/src/test/core/org/apache/hadoop/security/TestDoAsEffectiveUser.java
Tue Jun 22 23:04:33 2010
@@ -148,6 +148,7 @@ public class TestDoAsEffectiveUser {
     Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
         0, 5, true, conf, null);
 
+    refreshConf(conf);
     try {
       server.start();
 
@@ -188,6 +189,7 @@ public class TestDoAsEffectiveUser {
     Server server = RPC.getServer(TestProtocol.class, new TestImpl(), ADDRESS,
         0, 2, false, conf, null);
 
+    refreshConf(conf);
     try {
       server.start();
 



Mime
View raw message