hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077442 - /hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
Date Fri, 04 Mar 2011 04:15:28 GMT
Author: omalley
Date: Fri Mar  4 04:15:28 2011
New Revision: 1077442

URL: http://svn.apache.org/viewvc?rev=1077442&view=rev
Log:
commit ebdc0709836b6ec9823d2a335c083a9ff411f72a
Author: Devaraj Das <ddas@yahoo-inc.com>
Date:   Wed May 5 14:09:32 2010 -0700

    HDFS:1006 from https://issues.apache.org/jira/secure/attachment/12443766/hdfs-1006-bugfix-1.patch
    
    +++ b/YAHOO-CHANGES.txt
    +    HDFS-1006. Removes unnecessary logins from the previous patch. (ddas)
    +
    +    HADOOP-6745. adding some java doc to Server.RpcMetrics, UGI (boryas)
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java?rev=1077442&r1=1077441&r2=1077442&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/hdfs/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
Fri Mar  4 04:15:28 2011
@@ -180,20 +180,19 @@ public class SecondaryNameNode implement
 
     // initialize the webserver for uploading files.
     // Kerberized SSL servers must be run from the host principal...
-    if (UserGroupInformation.isSecurityEnabled()) {
-      SecurityUtil.login(conf,
-          DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY,
-          DFSConfigKeys.DFS_SECONDARY_NAMENODE_KRB_HTTPS_USER_NAME_KEY,
-          infoBindAddress);
-    }
-    UserGroupInformation ugi = UserGroupInformation.getLoginUser();
+    UserGroupInformation httpUGI = 
+      UserGroupInformation.loginUserFromKeytabAndReturnUGI(
+          SecurityUtil.getServerPrincipal(conf
+        .get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KRB_HTTPS_USER_NAME_KEY), 
+        infoBindAddress), 
+        conf.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY));
     try {
-      infoServer = ugi.doAs(new PrivilegedExceptionAction<HttpServer>() {
+      infoServer = httpUGI.doAs(new PrivilegedExceptionAction<HttpServer>() {
 
         @Override
         public HttpServer run() throws IOException, InterruptedException {
           LOG.info("Starting web server as: " +
-              UserGroupInformation.getLoginUser().getUserName());
+              UserGroupInformation.getCurrentUser().getUserName());
 
           int tmpInfoPort = infoSocAddr.getPort();
           infoServer = new HttpServer("secondary", infoBindAddress, tmpInfoPort,
@@ -219,17 +218,8 @@ public class SecondaryNameNode implement
       });
     } catch (InterruptedException e) {
       throw new RuntimeException(e);
-    } finally {
-      if (UserGroupInformation.isSecurityEnabled()) {
-        // Go back to being the correct Namenode principal
-        SecurityUtil.login(conf, 
-            DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY,
-            DFSConfigKeys.DFS_SECONDARY_NAMENODE_USER_NAME_KEY,
-            infoBindAddress);
-        LOG.info("Web server init done, returning to: " + 
-            UserGroupInformation.getLoginUser().getUserName());
-      }
     }
+    LOG.info("Web server init done");
     // The web-server port can be ephemeral... ensure we have the correct info
     
     infoPort = infoServer.getPort();



Mime
View raw message