Revert "HADOOP-17159 Ability for forceful relogin in UserGroupInformation class (#2197)"
This reverts commit a932796d0cad3d84df0003782e4247cbc2dcca93.
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
index d1ab436..91b64ad 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -1232,26 +1232,7 @@
reloginFromKeytab(false);
}
- /**
- * Force re-Login a user in from a keytab file. Loads a user identity from a
- * keytab file and logs them in. They become the currently logged-in user.
- * This method assumes that {@link #loginUserFromKeytab(String, String)} had
- * happened already. The Subject field of this UserGroupInformation object is
- * updated to have the new credentials.
- *
- * @param ignoreTimeElapsed Force re-login irrespective of the time of last
- * login
- * @throws IOException
- * @throws KerberosAuthException on a failure
- */
- @InterfaceAudience.Public
- @InterfaceStability.Evolving
- public void reloginFromKeytab(boolean ignoreTimeElapsed) throws IOException {
- reloginFromKeytab(false, ignoreTimeElapsed);
- }
-
- private void reloginFromKeytab(boolean checkTGT, boolean ignoreTimeElapsed)
- throws IOException {
+ private void reloginFromKeytab(boolean checkTGT) throws IOException {
if (!shouldRelogin() || !isFromKeytab()) {
return;
}
@@ -1266,7 +1247,7 @@
return;
}
}
- relogin(login, ignoreTimeElapsed);
+ relogin(login);
}
/**
@@ -1287,27 +1268,25 @@
if (login == null) {
throw new KerberosAuthException(MUST_FIRST_LOGIN);
}
- relogin(login, false);
+ relogin(login);
}
- private void relogin(HadoopLoginContext login, boolean ignoreTimeElapsed)
- throws IOException {
+ private void relogin(HadoopLoginContext login) throws IOException {
// ensure the relogin is atomic to avoid leaving credentials in an
// inconsistent state. prevents other ugi instances, SASL, and SPNEGO
// from accessing or altering credentials during the relogin.
synchronized(login.getSubjectLock()) {
// another racing thread may have beat us to the relogin.
if (login == getLogin()) {
- unprotectedRelogin(login, ignoreTimeElapsed);
+ unprotectedRelogin(login);
}
}
}
- private void unprotectedRelogin(HadoopLoginContext login,
- boolean ignoreTimeElapsed) throws IOException {
+ private void unprotectedRelogin(HadoopLoginContext login) throws IOException {
assert Thread.holdsLock(login.getSubjectLock());
long now = Time.now();
- if (!hasSufficientTimeElapsed(now) && !ignoreTimeElapsed) {
+ if (!hasSufficientTimeElapsed(now)) {
return;
}
// register most recent relogin attempt
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
index bf4cf75..d233234 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java
@@ -158,42 +158,6 @@
Assert.assertNotSame(login1, login2);
}
- /**
- * Force re-login from keytab using the MiniKDC and verify the UGI can
- * successfully relogin from keytab as well.
- */
- @Test
- public void testUGIForceReLoginFromKeytab() throws Exception {
- // Set this to false as we are testing force re-login anyways
- UserGroupInformation.setShouldRenewImmediatelyForTests(false);
- String principal = "foo";
- File keytab = new File(workDir, "foo.keytab");
- kdc.createPrincipal(keytab, principal);
-
- UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath());
- UserGroupInformation ugi = UserGroupInformation.getLoginUser();
- Assert.assertTrue("UGI should be configured to login from keytab",
- ugi.isFromKeytab());
-
- // Verify relogin from keytab.
- User user = getUser(ugi.getSubject());
- final long firstLogin = user.getLastLogin();
- final LoginContext login1 = user.getLogin();
- Assert.assertNotNull(login1);
-
- // Sleep for 2 secs to have a difference between first and second login
- Thread.sleep(2000);
-
- // Force relogin from keytab
- ugi.reloginFromKeytab(true);
- final long secondLogin = user.getLastLogin();
- final LoginContext login2 = user.getLogin();
- Assert.assertTrue("User should have been able to relogin from keytab",
- secondLogin > firstLogin);
- Assert.assertNotNull(login2);
- Assert.assertNotSame(login1, login2);
- }
-
@Test
public void testGetUGIFromKnownSubject() throws Exception {
KerberosPrincipal principal = new KerberosPrincipal("user");