> UserGroupInformation.createRemoteUser throws IllegalArgumentException if null or empty user is passed to it.
I think createRemoteUser() should be changed to allow an empty ugi to be created. This will save the null checking at the caller and allow method chaining. Any code that uses ugi (like the authorize() method) should be able to deal with an empty ugi.
HADOOP-6510 getUser() is used. It cannot return null if the user is successfully authorized. Any calls to getUser before the authorization is successful should check for null.
I'm not aware that the SASL layer requires username (i.e., jobId) being non-empty. We're making a runtime assumption that jobId's won't be empty String or they won't authenticate successfully. In my view, the less such assumptions we make, the more robust the code is.