public DelegationTokenToRenew(Collection<ApplicationId> applicationIds, Token<?> token, Configuration conf, long expirationDate, boolean shouldCancelAtEnd, String user) { this.token = token; this.user = user; if (token.getKind().equals(new Text("HDFS_DELEGATION_TOKEN"))) { try { AbstractDelegationTokenIdentifier identifier = (AbstractDelegationTokenIdentifier) token.decodeIdentifier(); maxDate = identifier.getMaxDate(); } catch (IOException e) { throw new YarnRuntimeException(e); } } this.referringAppIds = Collections.synchronizedSet( new HashSet<ApplicationId>(applicationIds)); this.conf = conf; this.expirationDate = expirationDate; this.timerTask = null; this.shouldCancelAtEnd = shouldCancelAtEnd; }
/** * Tests delegation token APIs in FileContext for Hdfs; and renew and cancel * APIs in Hdfs. * * @throws UnsupportedFileSystemException * @throws IOException * @throws InterruptedException */ @SuppressWarnings({ "unchecked", "deprecation" }) @Test public void testFcDelegationToken() throws UnsupportedFileSystemException, IOException, InterruptedException { FileContext fcHdfs = FileContext.getFileContext(cluster.getFileSystem() .getUri()); final AbstractFileSystem afs = fcHdfs.getDefaultFileSystem(); final List<Token<?>> tokenList = afs.getDelegationTokens(UserGroupInformation.getCurrentUser() .getUserName()); ((Hdfs) afs).renewDelegationToken((Token<DelegationTokenIdentifier>) tokenList .get(0)); ((Hdfs) afs).cancelDelegationToken( (Token<? extends AbstractDelegationTokenIdentifier>) tokenList.get(0)); }
public DelegationTokenToRenew(Collection<ApplicationId> applicationIds, Token<?> token, Configuration conf, long expirationDate, boolean shouldCancelAtEnd, String user) { this.token = token; this.user = user; if (token.getKind().equals(HDFS_DELEGATION_KIND)) { try { AbstractDelegationTokenIdentifier identifier = (AbstractDelegationTokenIdentifier) token.decodeIdentifier(); maxDate = identifier.getMaxDate(); } catch (IOException e) { throw new YarnRuntimeException(e); } } this.referringAppIds = Collections.synchronizedSet( new HashSet<ApplicationId>(applicationIds)); this.conf = conf; this.expirationDate = expirationDate; this.timerTask = null; this.shouldCancelAtEnd = shouldCancelAtEnd; }
/** * Requests a delegation token using the configured <code>Authenticator</code> * for authentication. * * @param url the URL to get the delegation token from. Only HTTP/S URLs are * supported. * @param token the authentication token being used for the user where the * Delegation token will be stored. * @param renewer the renewer user. * @param doAsUser the user to do as, which will be the token owner. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, AuthenticatedURL.Token token, String renewer, String doAsUser) throws IOException, AuthenticationException { Map json = doDelegationTokenOperation(url, token, DelegationTokenOperation.GETDELEGATIONTOKEN, renewer, null, true, doAsUser); json = (Map) json.get(DELEGATION_TOKEN_JSON); String tokenStr = (String) json.get(DELEGATION_TOKEN_URL_STRING_JSON); Token<AbstractDelegationTokenIdentifier> dToken = new Token<AbstractDelegationTokenIdentifier>(); dToken.decodeFromUrlString(tokenStr); InetSocketAddress service = new InetSocketAddress(url.getHost(), url.getPort()); SecurityUtil.setTokenService(dToken, service); return dToken; }
@SuppressWarnings("unchecked") public Token<? extends AbstractDelegationTokenIdentifier> createToken( UserGroupInformation ugi, String renewer) { renewer = (renewer == null) ? ugi.getShortUserName() : renewer; String user = ugi.getUserName(); Text owner = new Text(user); Text realUser = null; if (ugi.getRealUser() != null) { realUser = new Text(ugi.getRealUser().getUserName()); } AbstractDelegationTokenIdentifier tokenIdentifier = (AbstractDelegationTokenIdentifier) secretManager.createIdentifier(); tokenIdentifier.setOwner(owner); tokenIdentifier.setRenewer(new Text(renewer)); tokenIdentifier.setRealUser(realUser); return new Token(tokenIdentifier, secretManager); }
public DelegationTokenToRenew(ApplicationId jId, Token<?> token, Configuration conf, long expirationDate, boolean shouldCancelAtEnd, String user) { this.token = token; this.user = user; if (token.getKind().equals(HDFS_DELEGATION_KIND)) { try { AbstractDelegationTokenIdentifier identifier = (AbstractDelegationTokenIdentifier) token.decodeIdentifier(); maxDate = identifier.getMaxDate(); } catch (IOException e) { throw new YarnRuntimeException(e); } } this.applicationId = jId; this.conf = conf; this.expirationDate = expirationDate; this.timerTask = null; this.shouldCancelAtEnd = shouldCancelAtEnd; }
public static Token<?> getDelegationToken(URI fsURI, InetSocketAddress httpFSAddr, AuthenticatedURL.Token token, String renewer) throws IOException { DelegationTokenOperation op = DelegationTokenOperation.GETDELEGATIONTOKEN; Map<String, String> params = new HashMap<>(); params.put(OP_PARAM, op.toString()); params.put(RENEWER_PARAM, renewer); URL url = HttpFSUtils.createHttpURL(new Path(fsURI), params); AuthenticatedURL aUrl = new AuthenticatedURL(new HttpFSKerberosAuthenticator()); try { HttpURLConnection conn = aUrl.openConnection(url, token); conn.setRequestMethod(op.getHttpMethod()); HttpFSUtils.validateResponse(conn, HttpURLConnection.HTTP_OK); JSONObject json = (JSONObject) ((JSONObject) HttpFSUtils.jsonParse(conn)) .get(DELEGATION_TOKEN_JSON); String tokenStr = (String) json.get(DELEGATION_TOKEN_URL_STRING_JSON); Token<AbstractDelegationTokenIdentifier> dToken = new Token<>(); dToken.decodeFromUrlString(tokenStr); SecurityUtil.setTokenService(dToken, httpFSAddr); return dToken; } catch (AuthenticationException ex) { throw new IOException(ex.toString(), ex); } }
@SuppressWarnings("unchecked") public Token<? extends AbstractDelegationTokenIdentifier> createToken( UserGroupInformation ugi, String renewer) { LOG.debug("Creating token with ugi:{}, renewer:{}.", ugi, renewer); renewer = (renewer == null) ? ugi.getShortUserName() : renewer; String user = ugi.getUserName(); Text owner = new Text(user); Text realUser = null; if (ugi.getRealUser() != null) { realUser = new Text(ugi.getRealUser().getUserName()); } AbstractDelegationTokenIdentifier tokenIdentifier = (AbstractDelegationTokenIdentifier) secretManager.createIdentifier(); tokenIdentifier.setOwner(owner); tokenIdentifier.setRenewer(new Text(renewer)); tokenIdentifier.setRealUser(realUser); return new Token(tokenIdentifier, secretManager); }
/** * Cancels a delegation token from the server end-point. It does not require * being authenticated by the configured <code>Authenticator</code>. * * @param url the URL to cancel the delegation token from. Only HTTP/S URLs * are supported. * @param token the authentication token with the Delegation Token to cancel. * @param doAsUser the user to do as, which will be the token owner. * @throws IOException if an IO error occurred. */ public void cancelDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser) throws IOException { try { doDelegationTokenOperation(url, token, DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, dToken, false, doAsUser); } catch (AuthenticationException ex) { throw new IOException("This should not happen: " + ex.getMessage(), ex); } }
@SuppressWarnings("unchecked") public void cancelToken( Token<? extends AbstractDelegationTokenIdentifier> token, String canceler) throws IOException { canceler = (canceler != null) ? canceler : verifyToken(token).getShortUserName(); secretManager.cancelToken(token, canceler); }
@SuppressWarnings("unchecked") public UserGroupInformation verifyToken( Token<? extends AbstractDelegationTokenIdentifier> token) throws IOException { AbstractDelegationTokenIdentifier id = secretManager.decodeTokenIdentifier(token); secretManager.verifyToken(id, token.getPassword()); return id.getUser(); }
