From 1ddc7257073f18a3ddeeee9e00955e230f285b5d Mon Sep 17 00:00:00 2001
From: Bill Slacum <bill@minerkasch.com>
Date: Tue, 21 Jun 2016 15:26:07 -0400
Subject: [PATCH] ACCUMULO-4348 Deprecate KerberosToken constructor with side
 effects

`KerberosToken(String, File, boolean)` is deprecated in favor of `KerberosToken(String, File)`.

The boolean flag would log in the requested user with Hadoop's `UserGroupInformation` class. This
changed global state about who the active user was. In a multi-user environment, this potentially
made little sense as other users could overwrite eachother.

This patch includes a convenience constructor that doesn't have any side effects, but has the same
semantics as logging in a user with a keytab.
---
 .../client/security/tokens/KerberosToken.java    | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/core/src/main/java/org/apache/accumulo/core/client/security/tokens/KerberosToken.java b/core/src/main/java/org/apache/accumulo/core/client/security/tokens/KerberosToken.java
index 284a8386829..1a4869d8d30 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/security/tokens/KerberosToken.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/security/tokens/KerberosToken.java
@@ -58,6 +58,20 @@ public KerberosToken(String principal) throws IOException {
     this.principal = ugi.getUserName();
   }
 
+  /**
+   * Creates a Kerberos token for the specified principal using the provided keytab. The principal and keytab combination are verified by attempting a log in.
+   * <p>
+   * This constructor does not have any side effects.
+   *
+   * @param principal
+   *          The Kerberos principal
+   * @param keytab
+   *          A keytab file containing the principal's credentials.
+   */
+  public KerberosToken(String principal, File keytab) throws IOException {
+    this(principal, keytab, false);
+  }
+
   /**
    * Creates a token and logs in via {@link UserGroupInformation} using the provided principal and keytab. A key for the principal must exist in the keytab,
    * otherwise login will fail.
@@ -68,7 +82,9 @@ public KerberosToken(String principal) throws IOException {
    *          A keytab file
    * @param replaceCurrentUser
    *          Should the current Hadoop user be replaced with this user
+   * @deprecated since 1.8.0, @see #KerberosToken(String, File)
    */
+  @Deprecated
   public KerberosToken(String principal, File keytab, boolean replaceCurrentUser) throws IOException {
     requireNonNull(principal, "Principal was null");
     requireNonNull(keytab, "Keytab was null");