Details
Major Description
We need the ability to use a Subject that was created inside an embedding application through a kerberos authentication. For example, an application that uses JAAS to authenticate to a KDC should be able to provide the resulting Subject and get a UGI instance to call doAs on.
Example:
UserGroupInformation.setConfiguration(conf); LoginContext context = new LoginContext("com.sun.security.jgss.login", new UserNamePasswordCallbackHandler(userName, password)); context.login(); Subject subject = context.getSubject(); final UserGroupInformation ugi2 = UserGroupInformation.getUGIFromSubject(subject); ugi2.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { final FileSystem fs = FileSystem.get(conf); int i=0; for (FileStatus status : fs.listStatus(new Path("/user"))) { System.out.println(status.getPath()); System.out.println(status); if (i++ > 10) { System.out.println("only first 10 showed..."); break; } } return null; } });