From 24c67007e7f513ad22f0bc4aaec4f857df01ebc5 Mon Sep 17 00:00:00 2001 From: Reid Chan Date: Wed, 11 Oct 2017 16:57:49 +0800 Subject: [PATCH] IGNITE-6596: A safer way for user re-login in kerberized cluster --- .../impl/delegate/HadoopKerberosFileSystemFactoryDelegate.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/hadoop/src/main/java/org/apache/ignite/internal/processors/hadoop/impl/delegate/HadoopKerberosFileSystemFactoryDelegate.java b/modules/hadoop/src/main/java/org/apache/ignite/internal/processors/hadoop/impl/delegate/HadoopKerberosFileSystemFactoryDelegate.java index 75093bb116..41ee65ea40 100644 --- a/modules/hadoop/src/main/java/org/apache/ignite/internal/processors/hadoop/impl/delegate/HadoopKerberosFileSystemFactoryDelegate.java +++ b/modules/hadoop/src/main/java/org/apache/ignite/internal/processors/hadoop/impl/delegate/HadoopKerberosFileSystemFactoryDelegate.java @@ -38,6 +38,9 @@ public class HadoopKerberosFileSystemFactoryDelegate extends HadoopBasicFileSyst /** Time of last re-login attempt, in system milliseconds. */ private volatile long lastReloginTime; + /** Login user. */ + private UserGroupInformation user; + /** * Constructor. * @@ -56,8 +59,7 @@ public class HadoopKerberosFileSystemFactoryDelegate extends HadoopBasicFileSyst /** {@inheritDoc} */ @Override protected FileSystem create(String usrName) throws IOException, InterruptedException { - UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(usrName, - UserGroupInformation.getLoginUser()); + UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(usrName, user); return proxyUgi.doAs(new PrivilegedExceptionAction() { @Override public FileSystem run() throws Exception { @@ -84,7 +86,7 @@ public class HadoopKerberosFileSystemFactoryDelegate extends HadoopBasicFileSyst try { UserGroupInformation.setConfiguration(cfg); - UserGroupInformation.loginUserFromKeytab(proxy0.getKeyTabPrincipal(), proxy0.getKeyTab()); + user = UserGroupInformation.loginUserFromKeytabAndReturnUGI(proxy0.getKeyTabPrincipal(), proxy0.getKeyTab()); } catch (IOException ioe) { throw new IgniteException("Failed login from keytab [keyTab=" + proxy0.getKeyTab() + @@ -109,7 +111,7 @@ public class HadoopKerberosFileSystemFactoryDelegate extends HadoopBasicFileSyst long now = System.currentTimeMillis(); if (now >= lastReloginTime + reloginInterval) { - UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab(); + user.checkTGTAndReloginFromKeytab(); lastReloginTime = now; } -- 2.13.5 (Apple Git-94)