branch-2.1: [Fix](Iceberg-hadoop-catalog)Fix Kerberos-authenticated HadoopCatalog insert failures due to missing kerberos credentials #51245 (#51337)

Cherry-picked from #51245 --------- Co-authored-by: Calvin Kirs <guoqiang@selectdb.com>
2025-06-20 14:12:25 +08:00
parent 2e8ec1850f
commit f58b3204ca
3 changed files with 124 additions and 38 deletions
--- a/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/PreExecutionAuthenticator.java
+++ b/fe/fe-common/src/main/java/org/apache/doris/common/security/authentication/PreExecutionAuthenticator.java
@ -19,7 +19,6 @@ package org.apache.doris.common.security.authentication;

 import org.apache.hadoop.conf.Configuration;

-import java.security.PrivilegedExceptionAction;
 import java.util.concurrent.Callable;

 /**
@ -69,14 +68,26 @@ public class PreExecutionAuthenticator {
    public <T> T execute(Callable<T> task) throws Exception {
        if (hadoopAuthenticator != null) {
            // Adapts Callable to PrivilegedExceptionAction for use with Hadoop authentication
-            PrivilegedExceptionAction<T> action = new CallableToPrivilegedExceptionActionAdapter<>(task);
-            return hadoopAuthenticator.doAs(action);
+            return hadoopAuthenticator.doAs(task::call);
        } else {
            // Executes the task directly if no authentication is needed
            return task.call();
        }
    }

+    public void execute(Runnable task) throws Exception {
+        if (hadoopAuthenticator != null) {
+            // Adapts Runnable to PrivilegedExceptionAction for use with Hadoop authentication
+            hadoopAuthenticator.doAs(() -> {
+                task.run();
+                return null;
+            });
+        } else {
+            // Executes the task directly if no authentication is needed
+            task.run();
+        }
+    }
+
    /**
     * Retrieves the current HadoopAuthenticator.
     * <p>This allows checking if a HadoopAuthenticator is configured or
@ -97,35 +108,4 @@ public class PreExecutionAuthenticator {
    public void setHadoopAuthenticator(HadoopAuthenticator hadoopAuthenticator) {
        this.hadoopAuthenticator = hadoopAuthenticator;
    }
-
-    /**
-     * Adapter class to convert a Callable into a PrivilegedExceptionAction.
-     * <p>This is necessary to run the task within a privileged context,
-     * particularly for Hadoop operations with Kerberos.
-     *
-     * @param <T> The type of result returned by the action
-     */
-    public class CallableToPrivilegedExceptionActionAdapter<T> implements PrivilegedExceptionAction<T> {
-        private final Callable<T> callable;
-
-        /**
-         * Constructs an adapter that wraps a Callable into a PrivilegedExceptionAction.
-         *
-         * @param callable The Callable to be adapted
-         */
-        public CallableToPrivilegedExceptionActionAdapter(Callable<T> callable) {
-            this.callable = callable;
-        }
-
-        /**
-         * Executes the wrapped Callable as a PrivilegedExceptionAction.
-         *
-         * @return The result of the callable's call method
-         * @throws Exception If an exception occurs during callable execution
-         */
-        @Override
-        public T run() throws Exception {
-            return callable.call();
-        }
-    }
 }