diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java index 6c92a66..6adcc9a 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java @@ -56,6 +56,7 @@ import org.apache.hadoop.hbase.security.SecureBulkLoadUtil; import org.apache.hadoop.hbase.security.User; import org.apache.hadoop.hbase.security.UserProvider; import org.apache.hadoop.hbase.security.token.FsDelegationToken; +import org.apache.hadoop.hbase.security.token.TokenUtil; import org.apache.hadoop.hbase.util.Bytes; import org.apache.hadoop.hbase.util.FSHDFSUtils; import org.apache.hadoop.hbase.util.Methods; @@ -226,7 +227,18 @@ public class SecureBulkLoadEndpoint extends SecureBulkLoadService final String bulkToken = request.getBulkToken(); User user = getActiveUser(); final UserGroupInformation ugi = user.getUGI(); - if(userToken != null) { + if (userProvider.isHadoopSecurityEnabled()) { + try { + Token tok = TokenUtil.obtainToken(conf); + if (tok != null) { + boolean b = ugi.addToken(tok); + LOG.debug("extra token added " + tok + " ret=" + b); + } + } catch (IOException ioe) { + LOG.warn("unable to add token", ioe); + } + } + if (userToken != null) { ugi.addToken(userToken); } else if (userProvider.isHadoopSecurityEnabled()) { //we allow this to pass through in "simple" security mode