diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java index b1b474b..68e5ac8 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/AccessControlList.java @@ -24,7 +24,11 @@ import java.util.HashSet; import java.util.LinkedList; import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; @@ -55,6 +59,11 @@ // Indicates an ACL string that represents access to all users public static final String WILDCARD_ACL_VALUE = "*"; private static final int INITIAL_CAPACITY = 256; + private static final Log LOG = LogFactory.getLog(AccessControlList.class); + private static final String appattemptString = "^appattempt_\\d+_\\d+_\\d+$"; + private static final Pattern appAttemptPattern = Pattern.compile(appattemptString); + private static final String testingString = "^testing$"; + private static final Pattern testingPattern = Pattern.compile(testingString); // Set of users who are granted access. private Collection users; @@ -231,6 +240,14 @@ if (allAllowed || users.contains(ugi.getShortUserName())) { return true; } else if (!groups.isEmpty()) { + Matcher appAttemptMatcher = appAttemptPattern.matcher(ugi.getShortUserName()); + boolean appAttemptMatched = appAttemptMatcher.matches(); + Matcher testingMatcher = testingPattern.matcher(ugi.getShortUserName()); + boolean testingMatched = testingMatcher.matches(); + if (appAttemptMatched || testingMatched) { + LOG.warn("Return False - Do Not call UGI.getGroupNames No Groups: "+ugi.getShortUserName()); + return false; + } for(String group: ugi.getGroupNames()) { if (groups.contains(group)) { return true;