hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [hbase] branch branch-2 updated: HBASE-23722 Real user might be null in non-proxy-user case
Date Thu, 23 Jan 2020 21:43:28 GMT
This is an automated email from the ASF dual-hosted git repository.

elserj pushed a commit to branch branch-2
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2 by this push:
     new 427e367  HBASE-23722 Real user might be null in non-proxy-user case
427e367 is described below

commit 427e367d958f46a83bebcbaf53aad8c99fc889a8
Author: Josh Elser <elserj@apache.org>
AuthorDate: Thu Jan 23 07:41:28 2020 -0500

    HBASE-23722 Real user might be null in non-proxy-user case
    
    Closes #1085
    
    Signed-off-by: stack <stack@apache.org>
    Signed-off-by: Viraj Jasani <vjasani@apache.org>
---
 .../hadoop/hbase/security/provider/BuiltInProviderSelector.java   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/provider/BuiltInProviderSelector.java
b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/provider/BuiltInProviderSelector.java
index 8d20171..752003d 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/provider/BuiltInProviderSelector.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/provider/BuiltInProviderSelector.java
@@ -29,6 +29,7 @@ import org.apache.hadoop.hbase.HBaseInterfaceAudience;
 import org.apache.hadoop.hbase.security.User;
 import org.apache.hadoop.hbase.util.Pair;
 import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.yetus.audience.InterfaceAudience;
@@ -124,8 +125,11 @@ public class BuiltInProviderSelector implements AuthenticationProviderSelector
{
       }
     }
     // Unwrap PROXY auth'n method if that's what we have coming in.
-    if (user.getUGI().hasKerberosCredentials() ||
-        user.getUGI().getRealUser().hasKerberosCredentials()) {
+    final UserGroupInformation currentUser = user.getUGI();
+    // May be null if Hadoop AuthenticationMethod is PROXY
+    final UserGroupInformation realUser = currentUser.getRealUser();
+    if (currentUser.hasKerberosCredentials() ||
+        (realUser != null && realUser.hasKerberosCredentials())) {
       return new Pair<>(krbAuth, null);
     }
     // This indicates that a client is requesting some authentication mechanism which the
servers


Mime
View raw message