Return-Path: X-Original-To: apmail-hadoop-common-commits-archive@www.apache.org Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B5940E3CB for ; Wed, 13 Mar 2013 14:25:30 +0000 (UTC) Received: (qmail 98474 invoked by uid 500); 13 Mar 2013 14:25:30 -0000 Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org Received: (qmail 98374 invoked by uid 500); 13 Mar 2013 14:25:29 -0000 Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-dev@hadoop.apache.org Delivered-To: mailing list common-commits@hadoop.apache.org Received: (qmail 98362 invoked by uid 99); 13 Mar 2013 14:25:29 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Mar 2013 14:25:29 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Mar 2013 14:25:28 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 9A967238896F for ; Wed, 13 Mar 2013 14:24:48 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1455953 - in /hadoop/common/branches/branch-1: CHANGES.txt src/core/org/apache/hadoop/security/UserGroupInformation.java src/test/org/apache/hadoop/security/TestUserGroupInformation.java Date: Wed, 13 Mar 2013 14:24:48 -0000 To: common-commits@hadoop.apache.org From: suresh@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130313142448.9A967238896F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: suresh Date: Wed Mar 13 14:24:47 2013 New Revision: 1455953 URL: http://svn.apache.org/r1455953 Log: HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from non-Hadoop JAAS context. Backported by Suresh Srinivas. Modified: hadoop/common/branches/branch-1/CHANGES.txt hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java Modified: hadoop/common/branches/branch-1/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/CHANGES.txt?rev=1455953&r1=1455952&r2=1455953&view=diff ============================================================================== --- hadoop/common/branches/branch-1/CHANGES.txt (original) +++ hadoop/common/branches/branch-1/CHANGES.txt Wed Mar 13 14:24:47 2013 @@ -536,6 +536,9 @@ Release 1.2.0 - unreleased HADOOP-9379. capture the ulimit info after printing the log to the console. (Arpit Gupta via suresh) + HADOOP-7101. UserGroupInformation.getCurrentUser() fails when called from + non-Hadoop JAAS context. (todd, backported by suresh) + Release 1.1.2 - 2013.01.30 INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java?rev=1455953&r1=1455952&r2=1455953&view=diff ============================================================================== --- hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java (original) +++ hadoop/common/branches/branch-1/src/core/org/apache/hadoop/security/UserGroupInformation.java Wed Mar 13 14:24:47 2013 @@ -465,7 +465,11 @@ public class UserGroupInformation { static UserGroupInformation getCurrentUser() throws IOException { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); - return subject == null ? getLoginUser() : new UserGroupInformation(subject); + if (subject == null || subject.getPrincipals(User.class).isEmpty()) { + return getLoginUser(); + } else { + return new UserGroupInformation(subject); + } } /** Modified: hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java?rev=1455953&r1=1455952&r2=1455953&view=diff ============================================================================== --- hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java (original) +++ hadoop/common/branches/branch-1/src/test/org/apache/hadoop/security/TestUserGroupInformation.java Wed Mar 13 14:24:47 2013 @@ -16,12 +16,7 @@ */ package org.apache.hadoop.security; -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - +import static org.junit.Assert.*; import static org.mockito.Mockito.mock; import java.io.BufferedReader; @@ -32,6 +27,7 @@ import java.util.Collection; import java.util.LinkedHashSet; import java.util.Set; +import javax.security.auth.Subject; import javax.security.auth.login.AppConfigurationEntry; import junit.framework.Assert; @@ -339,4 +335,22 @@ public class TestUserGroupInformation { assertGaugeGt("loginFailure_avg_time", 0, rb); } } + + /** + * Test for the case that UserGroupInformation.getCurrentUser() + * is called when the AccessControlContext has a Subject associated + * with it, but that Subject was not created by Hadoop (ie it has no + * associated User principal) + */ + @Test + public void testUGIUnderNonHadoopContext() throws Exception { + Subject nonHadoopSubject = new Subject(); + Subject.doAs(nonHadoopSubject, new PrivilegedExceptionAction() { + public Void run() throws IOException { + UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); + assertNotNull(ugi); + return null; + } + }); + } }