branch-2.1: [Fix](Iceberg-hadoop-catalog)Fix Kerberos-authenticated HadoopCatalog insert failures due to missing kerberos credentials #51245 (#51337)
Cherry-picked from #51245 --------- Co-authored-by: Calvin Kirs <guoqiang@selectdb.com>
This commit is contained in:
committed by
GitHub
parent
2e8ec1850f
commit
f58b3204ca
@ -19,7 +19,6 @@ package org.apache.doris.common.security.authentication;
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.util.concurrent.Callable;
|
||||
|
||||
/**
|
||||
@ -69,14 +68,26 @@ public class PreExecutionAuthenticator {
|
||||
public <T> T execute(Callable<T> task) throws Exception {
|
||||
if (hadoopAuthenticator != null) {
|
||||
// Adapts Callable to PrivilegedExceptionAction for use with Hadoop authentication
|
||||
PrivilegedExceptionAction<T> action = new CallableToPrivilegedExceptionActionAdapter<>(task);
|
||||
return hadoopAuthenticator.doAs(action);
|
||||
return hadoopAuthenticator.doAs(task::call);
|
||||
} else {
|
||||
// Executes the task directly if no authentication is needed
|
||||
return task.call();
|
||||
}
|
||||
}
|
||||
|
||||
public void execute(Runnable task) throws Exception {
|
||||
if (hadoopAuthenticator != null) {
|
||||
// Adapts Runnable to PrivilegedExceptionAction for use with Hadoop authentication
|
||||
hadoopAuthenticator.doAs(() -> {
|
||||
task.run();
|
||||
return null;
|
||||
});
|
||||
} else {
|
||||
// Executes the task directly if no authentication is needed
|
||||
task.run();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the current HadoopAuthenticator.
|
||||
* <p>This allows checking if a HadoopAuthenticator is configured or
|
||||
@ -97,35 +108,4 @@ public class PreExecutionAuthenticator {
|
||||
public void setHadoopAuthenticator(HadoopAuthenticator hadoopAuthenticator) {
|
||||
this.hadoopAuthenticator = hadoopAuthenticator;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adapter class to convert a Callable into a PrivilegedExceptionAction.
|
||||
* <p>This is necessary to run the task within a privileged context,
|
||||
* particularly for Hadoop operations with Kerberos.
|
||||
*
|
||||
* @param <T> The type of result returned by the action
|
||||
*/
|
||||
public class CallableToPrivilegedExceptionActionAdapter<T> implements PrivilegedExceptionAction<T> {
|
||||
private final Callable<T> callable;
|
||||
|
||||
/**
|
||||
* Constructs an adapter that wraps a Callable into a PrivilegedExceptionAction.
|
||||
*
|
||||
* @param callable The Callable to be adapted
|
||||
*/
|
||||
public CallableToPrivilegedExceptionActionAdapter(Callable<T> callable) {
|
||||
this.callable = callable;
|
||||
}
|
||||
|
||||
/**
|
||||
* Executes the wrapped Callable as a PrivilegedExceptionAction.
|
||||
*
|
||||
* @return The result of the callable's call method
|
||||
* @throws Exception If an exception occurs during callable execution
|
||||
*/
|
||||
@Override
|
||||
public T run() throws Exception {
|
||||
return callable.call();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user