commit 02210561e7ca48d7cf2e5787f633e9bafdb9cb5a Author: Eric Yang Date: Wed Mar 13 19:04:46 2019 -0400 YARN-9385. Use UGI provided username for simple security. Contributed by Eric Yang diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java index 88f1981..834bb03 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/main/java/org/apache/hadoop/yarn/service/client/ApiServiceClient.java @@ -210,12 +210,15 @@ private String getComponentsPath(String appName) throws IOException { return api.toString(); } - private void appendUserNameIfRequired(StringBuilder builder) { + private void appendUserNameIfRequired(StringBuilder builder) + throws IOException { Configuration conf = getConfig(); - if (conf.get("hadoop.http.authentication.type").equalsIgnoreCase( - "simple")) { + if (conf.get("hadoop.http.authentication.type") + .equalsIgnoreCase("simple")) { + String username = UserGroupInformation.getCurrentUser() + .getShortUserName(); builder.append("?user.name=").append(UrlEncoded - .encodeString(System.getProperty("user.name"))); + .encodeString(username)); } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/test/java/org/apache/hadoop/yarn/service/client/TestApiServiceClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/test/java/org/apache/hadoop/yarn/service/client/TestApiServiceClient.java index 6cf0880..9a00693 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/test/java/org/apache/hadoop/yarn/service/client/TestApiServiceClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-services/hadoop-yarn-services-api/src/test/java/org/apache/hadoop/yarn/service/client/TestApiServiceClient.java @@ -27,6 +27,9 @@ import javax.servlet.http.HttpServletResponse; import com.google.common.collect.Lists; +import com.sun.jersey.api.client.ClientResponse; +import com.sun.jersey.api.client.WebResource.Builder; + import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.yarn.exceptions.YarnException; import org.eclipse.jetty.server.Server; @@ -310,5 +313,13 @@ public void testComponentsUpgrade() { } } + @Test + public void testNoneSecureApiClient() throws IOException { + String url = asc.getServicePath("/foobar"); + assertTrue("User.name flag is missing in service path.", + url.contains("user.name")); + assertTrue("User.name flag is not matching JVM user.", + url.contains(System.getProperty("user.name"))); + } }