hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From weic...@apache.org
Subject [hadoop] branch branch-3.3.0 updated: HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not getting called in for authorization. (#1998)
Date Wed, 06 May 2020 04:25:49 GMT
This is an automated email from the ASF dual-hosted git repository.

weichiu pushed a commit to branch branch-3.3.0
in repository https://gitbox.apache.org/repos/asf/hadoop.git


The following commit(s) were added to refs/heads/branch-3.3.0 by this push:
     new 3d8e392  HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext
not getting called in for authorization. (#1998)
3d8e392 is described below

commit 3d8e392eb49f5ccc1031b97a0ae4f976ef70a8cd
Author: Wei-Chiu Chuang <weichiu@apache.org>
AuthorDate: Tue May 5 16:04:54 2020 -0700

    HDFS-15334. INodeAttributeProvider's new API checkPermissionWithContext not getting called
in for authorization. (#1998)
    
    Reviewed-by: Arpit Agarwal <arp@apache.org>
    (cherry picked from commit adecdb8b534c536354f4f47789467ffb82dd1496)
    (cherry picked from commit f4c05f1d93718c5cd574abf40c14510886289353)
---
 .../org/apache/hadoop/hdfs/server/namenode/FSDirectory.java | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
index 15389d6..7eae564 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSDirectory.java
@@ -73,6 +73,7 @@ import javax.annotation.Nullable;
 import java.io.Closeable;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -225,8 +226,18 @@ public class FSDirectory implements Closeable {
     Class[] cArg = new Class[1];
     cArg[0] = INodeAttributeProvider.AuthorizationContext.class;
 
+    INodeAttributeProvider.AccessControlEnforcer enforcer =
+        attributeProvider.getExternalAccessControlEnforcer(null);
+
+    // If external enforcer is null, we use the default enforcer, which
+    // supports the new API.
+    if (enforcer == null) {
+      useAuthorizationWithContextAPI = true;
+      return;
+    }
+
     try {
-      Class<?> clazz = attributeProvider.getClass();
+      Class<?> clazz = enforcer.getClass();
       clazz.getDeclaredMethod("checkPermissionWithContext", cArg);
       useAuthorizationWithContextAPI = true;
       LOG.info("Use the new authorization provider API");


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message