sqoop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject sqoop git commit: SQOOP-2026: Sqoop2: Make getUserName function in RequestContext support Kerberos
Date Wed, 21 Jan 2015 02:52:11 GMT
Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 a6ef76e05 -> 1f89de217


SQOOP-2026: Sqoop2: Make getUserName function in RequestContext support Kerberos

(Richard Zhou via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/1f89de21
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/1f89de21
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/1f89de21

Branch: refs/heads/sqoop2
Commit: 1f89de21725f873745700242ba4ca87890a3e997
Parents: a6ef76e
Author: Abraham Elmahrek <abe@apache.org>
Authored: Tue Jan 20 18:51:31 2015 -0800
Committer: Abraham Elmahrek <abe@apache.org>
Committed: Tue Jan 20 18:52:01 2015 -0800

----------------------------------------------------------------------
 .../org/apache/sqoop/client/request/ResourceRequest.java | 11 ++++++++++-
 .../java/org/apache/sqoop/server/RequestContext.java     | 10 ++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/1f89de21/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
----------------------------------------------------------------------
diff --git a/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java b/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
index aa5fd35..a8a7e89 100644
--- a/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
+++ b/client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
@@ -22,6 +22,7 @@ import org.apache.hadoop.security.Credentials;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.authentication.client.AuthenticationException;
 import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
+import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
 import org.apache.log4j.Logger;
@@ -65,6 +66,8 @@ public class ResourceRequest {
     DataOutputStream wr = null;
     BufferedReader reader = null;
     try {
+//    This user name is only in simple mode. In Kerberos mode, this user name will be ignored
by Sqoop server and user name in UGI which is authenticated by Kerberos server will be used
instead.
+      strURL = addUsername(strURL);
       URL url = new URL(strURL);
       HttpURLConnection conn = new DelegationTokenAuthenticatedURL().openConnection(url,
authToken);
 
@@ -220,4 +223,10 @@ public class ResourceRequest {
   public DelegationTokenAuthenticatedURL.Token getAuthToken() {
     return authToken;
   }
-}
+
+  private String addUsername(String strUrl) {
+    String paramSeparator = (strUrl.contains("?")) ? "&" : "?";
+    strUrl += paramSeparator + PseudoAuthenticator.USER_NAME + "=" + System.getProperty("user.name");
+    return strUrl;
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/1f89de21/server/src/main/java/org/apache/sqoop/server/RequestContext.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/sqoop/server/RequestContext.java b/server/src/main/java/org/apache/sqoop/server/RequestContext.java
index d0963f5..5324a0a 100644
--- a/server/src/main/java/org/apache/sqoop/server/RequestContext.java
+++ b/server/src/main/java/org/apache/sqoop/server/RequestContext.java
@@ -18,7 +18,9 @@
 package org.apache.sqoop.server;
 
 import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
+import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
 import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.security.AuthenticationManager;
 import org.apache.sqoop.server.common.ServerError;
 
 import javax.servlet.http.HttpServletRequest;
@@ -67,7 +69,7 @@ public class RequestContext {
       return Method.valueOf(request.getMethod());
     } catch(IllegalArgumentException ex) {
       throw new SqoopException(ServerError.SERVER_0002,
-        "Unsupported HTTP method:" + request.getMethod(), ex);
+              "Unsupported HTTP method:" + request.getMethod(), ex);
     }
   }
 
@@ -119,6 +121,10 @@ public class RequestContext {
    * @return Name of user sending the request
    */
   public String getUserName() {
-    return request.getParameter(PseudoAuthenticator.USER_NAME);
+    if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) {
+      return HttpUserGroupInformation.get().getUserName();
+    } else {
+      return request.getParameter(PseudoAuthenticator.USER_NAME);
+    }
   }
 }


Mime
View raw message