github/sqoop
5
0
Fork 0
mirror of https://github.com/apache/sqoop.git synced 2025-05-10 05:09:41 +08:00
Code Issues Projects Releases Wiki Activity

SQOOP-2026: Sqoop2: Make getUserName function in RequestContext support Kerberos

Browse Source 
(Richard Zhou via Abraham Elmahrek)
This commit is contained in:
Abraham Elmahrek 2015-01-20 18:51:31 -08:00
parent a6ef76e05c
commit 1f89de2172
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
client/src/main/java/org/apache/sqoop/client/request/ResourceRequest.java
View File

@ -22,6 +22,7 @@
import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator; import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL; import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
@ -65,6 +66,8 @@ protected String doHttpRequest(String strURL, String method, String data) {
DataOutputStream wr = null; DataOutputStream wr = null;
BufferedReader reader = null; BufferedReader reader = null;
try { try {
// This user name is only in simple mode. In Kerberos mode, this user name will be ignored by Sqoop server and user name in UGI which is authenticated by Kerberos server will be used instead.
strURL = addUsername(strURL);
URL url = new URL(strURL); URL url = new URL(strURL);
HttpURLConnection conn = new DelegationTokenAuthenticatedURL().openConnection(url, authToken); HttpURLConnection conn = new DelegationTokenAuthenticatedURL().openConnection(url, authToken);
@ -220,4 +223,10 @@ private Text getDelegationTokenService(String strURL) throws IOException {
public DelegationTokenAuthenticatedURL.Token getAuthToken() { public DelegationTokenAuthenticatedURL.Token getAuthToken() {
return authToken; return authToken;
} }
}
private String addUsername(String strUrl) {
String paramSeparator = (strUrl.contains("?")) ? "&" : "?";
strUrl += paramSeparator + PseudoAuthenticator.USER_NAME + "=" + System.getProperty("user.name");
return strUrl;
}
}

10
server/src/main/java/org/apache/sqoop/server/RequestContext.java
View File

@ -18,7 +18,9 @@
package org.apache.sqoop.server; package org.apache.sqoop.server;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator; import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
import org.apache.sqoop.common.SqoopException; import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.security.AuthenticationManager;
import org.apache.sqoop.server.common.ServerError; import org.apache.sqoop.server.common.ServerError;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -67,7 +69,7 @@ public Method getMethod() {
return Method.valueOf(request.getMethod()); return Method.valueOf(request.getMethod());
} catch(IllegalArgumentException ex) { } catch(IllegalArgumentException ex) {
throw new SqoopException(ServerError.SERVER_0002, throw new SqoopException(ServerError.SERVER_0002,
"Unsupported HTTP method:" + request.getMethod(), ex); "Unsupported HTTP method:" + request.getMethod(), ex);
} }
} }
@ -119,6 +121,10 @@ public Locale getAcceptLanguageHeader() {
* @return Name of user sending the request * @return Name of user sending the request
*/ */
public String getUserName() { public String getUserName() {
return request.getParameter(PseudoAuthenticator.USER_NAME); if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) {
return HttpUserGroupInformation.get().getUserName();
} else {
return request.getParameter(PseudoAuthenticator.USER_NAME);
}
} }
} }