hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sur...@apache.org
Subject svn commit: r1455953 - in /hadoop/common/branches/branch-1: CHANGES.txt src/core/org/apache/hadoop/security/UserGroupInformation.java src/test/org/apache/hadoop/security/TestUserGroupInformation.java
Date Wed, 13 Mar 2013 14:24:48 GMT
Author: suresh
Date: Wed Mar 13 14:24:47 2013
New Revision: 1455953

URL: http://svn.apache.org/r1455953
Log:
HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from non-Hadoop JAAS
context. Backported by Suresh Srinivas.

Modified:
    hadoop/common/branches/branch-1/CHANGES.txt
    hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
    hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java

Modified: hadoop/common/branches/branch-1/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1455953&r1=1455952&r2=1455953&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1/CHANGES.txt Wed Mar 13 14:24:47 2013
@@ -536,6 +536,9 @@ Release 1.2.0 - unreleased
     HADOOP-9379. capture the ulimit info after printing the log to the console.
     (Arpit Gupta via suresh)
 
+    HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from
+    non-Hadoop JAAS context. (todd, backported by suresh)
+
 Release 1.1.2 - 2013.01.30
 
   INCOMPATIBLE CHANGES

Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1455953&r1=1455952&r2=1455953&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
(original)
+++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java
Wed Mar 13 14:24:47 2013
@@ -465,7 +465,11 @@ public class UserGroupInformation {
   static UserGroupInformation getCurrentUser() throws IOException {
     AccessControlContext context = AccessController.getContext();
     Subject subject = Subject.getSubject(context);
-    return subject == null ? getLoginUser() : new UserGroupInformation(subject);
+    if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
+      return getLoginUser();
+    } else {
+      return new UserGroupInformation(subject);
+    }
   }
 
   /**

Modified: hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1455953&r1=1455952&r2=1455953&view=diff
==============================================================================
--- hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
(original)
+++ hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java
Wed Mar 13 14:24:47 2013
@@ -16,12 +16,7 @@
  */
 package org.apache.hadoop.security;
 
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
+import static org.junit.Assert.*;
 import static org.mockito.Mockito.mock;
 
 import java.io.BufferedReader;
@@ -32,6 +27,7 @@ import java.util.Collection;
 import java.util.LinkedHashSet;
 import java.util.Set;
 
+import javax.security.auth.Subject;
 import javax.security.auth.login.AppConfigurationEntry;
 
 import junit.framework.Assert;
@@ -339,4 +335,22 @@ public class TestUserGroupInformation {
       assertGaugeGt("loginFailure_avg_time", 0, rb);
     }
   }
+
+  /**
+   * Test for the case that UserGroupInformation.getCurrentUser()
+   * is called when the AccessControlContext has a Subject associated
+   * with it, but that Subject was not created by Hadoop (ie it has no
+   * associated User principal)
+   */
+  @Test
+  public void testUGIUnderNonHadoopContext() throws Exception {
+    Subject nonHadoopSubject = new Subject();
+    Subject.doAs(nonHadoopSubject, new PrivilegedExceptionAction<Void>() {
+        public Void run() throws IOException {
+          UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
+          assertNotNull(ugi);
+          return null;
+        }
+      });
+  }
 }



Mime
View raw message