Return-Path: X-Original-To: apmail-hadoop-hdfs-commits-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 81DBAE3DB for ; Thu, 14 Mar 2013 15:20:41 +0000 (UTC) Received: (qmail 90523 invoked by uid 500); 14 Mar 2013 15:20:41 -0000 Delivered-To: apmail-hadoop-hdfs-commits-archive@hadoop.apache.org Received: (qmail 90483 invoked by uid 500); 14 Mar 2013 15:20:41 -0000 Mailing-List: contact hdfs-commits-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-dev@hadoop.apache.org Delivered-To: mailing list hdfs-commits@hadoop.apache.org Received: (qmail 90467 invoked by uid 99); 14 Mar 2013 15:20:40 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Mar 2013 15:20:40 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Mar 2013 15:20:39 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 754482388906; Thu, 14 Mar 2013 15:18:34 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1456475 - in /hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs: CHANGES.txt src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java Date: Thu, 14 Mar 2013 15:18:34 -0000 To: hdfs-commits@hadoop.apache.org From: daryn@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130314151834.754482388906@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: daryn Date: Thu Mar 14 15:18:34 2013 New Revision: 1456475 URL: http://svn.apache.org/r1456475 Log: HDFS-3367. WebHDFS doesn't use the logged in user when opening connections (daryn) Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1456475&r1=1456474&r2=1456475&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Thu Mar 14 15:18:34 2013 @@ -84,6 +84,9 @@ Release 0.23.7 - UNRELEASED HDFS-3344. Unreliable corrupt blocks counting in TestProcessCorruptBlocks (kihwal) + HDFS-3367. WebHDFS doesn't use the logged in user when opening + connections (daryn) + Release 0.23.6 - 2013-02-06 INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java?rev=1456475&r1=1456474&r2=1456475&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java Thu Mar 14 15:18:34 2013 @@ -18,6 +18,8 @@ package org.apache.hadoop.hdfs.web; +import java.security.PrivilegedExceptionAction; + import java.io.BufferedOutputStream; import java.io.FileNotFoundException; import java.io.IOException; @@ -332,17 +334,39 @@ public class WebHdfsFileSystem extends F return url; } - private HttpURLConnection getHttpUrlConnection(URL url) + private HttpURLConnection getHttpUrlConnection(final URL url, + final boolean requireAuth) + throws IOException { + UserGroupInformation connectUgi = ugi.getRealUser(); + if (connectUgi == null) { + connectUgi = ugi; + } + try { + return connectUgi.doAs( + new PrivilegedExceptionAction() { + @Override + public HttpURLConnection run() throws IOException { + return openHttpUrlConnection(url, requireAuth); + } + }); + } catch (InterruptedException e) { + throw new IOException(e); + } + } + + private HttpURLConnection openHttpUrlConnection(URL url, boolean requireAuth) throws IOException { final HttpURLConnection conn; try { - if (ugi.hasKerberosCredentials()) { + if (requireAuth) { + LOG.debug("open AuthenticatedURL connection"); conn = new AuthenticatedURL(AUTH).openConnection(url, authToken); } else { + LOG.debug("open URL connection"); conn = (HttpURLConnection)url.openConnection(); } } catch (AuthenticationException e) { - throw new IOException("Authentication failed, url=" + url, e); + throw new IOException(e); } return conn; } @@ -352,7 +376,7 @@ public class WebHdfsFileSystem extends F final URL url = toUrl(op, fspath, parameters); //connect and get response - HttpURLConnection conn = getHttpUrlConnection(url); + HttpURLConnection conn = getHttpUrlConnection(url, op.getRequireAuth()); try { conn.setRequestMethod(op.getType().toString()); if (op.getDoOutput()) { @@ -619,7 +643,7 @@ public class WebHdfsFileSystem extends F /** Open connection with offset url. */ @Override protected HttpURLConnection openConnection() throws IOException { - return getHttpUrlConnection(offsetUrl); + return getHttpUrlConnection(offsetUrl, false); } /** Setup offset url before open connection. */