public ReEncryptionClientProvider(URI uri, Configuration conf) throws IOException { setConf(conf); renUrl = createServiceURL(ProviderUtils.unnestUri(uri)); if ("https".equalsIgnoreCase(new URL(renUrl).getProtocol())) { sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex); } } int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); authToken = new DelegationTokenAuthenticatedURL.Token(); UserGroupInformation.AuthenticationMethod authMethod = UserGroupInformation.getCurrentUser().getAuthenticationMethod(); if (authMethod == UserGroupInformation.AuthenticationMethod.PROXY) { actualUgi = UserGroupInformation.getCurrentUser().getRealUser(); } else if (authMethod == UserGroupInformation.AuthenticationMethod.TOKEN) { actualUgi = UserGroupInformation.getLoginUser(); } else { actualUgi =UserGroupInformation.getCurrentUser(); } }
@SuppressWarnings("unchecked") @Override public Token<TimelineDelegationTokenIdentifier> getDelegationToken( final String renewer) throws IOException, YarnException { PrivilegedExceptionAction<Token<TimelineDelegationTokenIdentifier>> getDTAction = new PrivilegedExceptionAction<Token<TimelineDelegationTokenIdentifier>>() { @Override public Token<TimelineDelegationTokenIdentifier> run() throws Exception { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); return (Token) authUrl.getDelegationToken( resURI.toURL(), token, renewer, doAsUser); } }; return (Token<TimelineDelegationTokenIdentifier>) operateDelegationToken(getDTAction); }
@SuppressWarnings("unchecked") @Override public void cancelDelegationToken( final Token<TimelineDelegationTokenIdentifier> timelineDT) throws IOException, YarnException { final boolean isTokenServiceAddrEmpty = timelineDT.getService().toString().isEmpty(); final String scheme = isTokenServiceAddrEmpty ? null : (YarnConfiguration.useHttps(this.getConfig()) ? "https" : "http"); final InetSocketAddress address = isTokenServiceAddrEmpty ? null : SecurityUtil.getTokenServiceAddr(timelineDT); PrivilegedExceptionAction<Void> cancelDTAction = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { // If the timeline DT to cancel is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; if (!timelineDT.equals(token.getDelegationToken())) { token.setDelegationToken((Token) timelineDT); } DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); // If the token service address is not available, fall back to use // the configured service address. final URI serviceURI = isTokenServiceAddrEmpty ? resURI : new URI(scheme, null, address.getHostName(), address.getPort(), RESOURCE_URI_STR, null, null); authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser); return null; } }; operateDelegationToken(cancelDTAction); }
/** * Called after a new FileSystem instance is constructed. * * @param name a uri whose authority section names the host, port, etc. for this FileSystem * @param conf the configuration */ @Override public void initialize(URI name, Configuration conf) throws IOException { UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); //the real use is the one that has the Kerberos credentials needed for //SPNEGO to work realUser = ugi.getRealUser(); if (realUser == null) { realUser = UserGroupInformation.getLoginUser(); } super.initialize(name, conf); try { uri = new URI(name.getScheme() + "://" + name.getAuthority()); } catch (URISyntaxException ex) { throw new IOException(ex); } Class<? extends DelegationTokenAuthenticator> klass = getConf().getClass("httpfs.authenticator.class", KerberosDelegationTokenAuthenticator.class, DelegationTokenAuthenticator.class); DelegationTokenAuthenticator authenticator = ReflectionUtils.newInstance(klass, getConf()); authURL = new DelegationTokenAuthenticatedURL(authenticator); }
@SuppressWarnings("unchecked") @Override public Token<TimelineDelegationTokenIdentifier> getDelegationToken( final String renewer) throws IOException, YarnException { boolean isProxyAccess = UserGroupInformation.getCurrentUser().getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY; final String doAsUser = isProxyAccess ? UserGroupInformation.getCurrentUser().getShortUserName() : null; PrivilegedExceptionAction<Token<TimelineDelegationTokenIdentifier>> getDTAction = new PrivilegedExceptionAction<Token<TimelineDelegationTokenIdentifier>>() { @Override public Token<TimelineDelegationTokenIdentifier> run() throws Exception { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); return (Token) authUrl.getDelegationToken( resURI.toURL(), token, renewer, doAsUser); } }; return (Token<TimelineDelegationTokenIdentifier>) operateDelegationToken(getDTAction); }
@SuppressWarnings("unchecked") @Override public long renewDelegationToken( final Token<TimelineDelegationTokenIdentifier> timelineDT) throws IOException, YarnException { final boolean isTokenServiceAddrEmpty = timelineDT.getService().toString().isEmpty(); final String scheme = isTokenServiceAddrEmpty ? null : (YarnConfiguration.useHttps(this.getConfig()) ? "https" : "http"); final InetSocketAddress address = isTokenServiceAddrEmpty ? null : SecurityUtil.getTokenServiceAddr(timelineDT); PrivilegedExceptionAction<Long> renewDTAction = new PrivilegedExceptionAction<Long>() { @Override public Long run() throws Exception { // If the timeline DT to renew is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; if (!timelineDT.equals(token.getDelegationToken())) { token.setDelegationToken((Token) timelineDT); } DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); // If the token service address is not available, fall back to use // the configured service address. final URI serviceURI = isTokenServiceAddrEmpty ? resURI : new URI(scheme, null, address.getHostName(), address.getPort(), RESOURCE_URI_STR, null, null); return authUrl .renewDelegationToken(serviceURI.toURL(), token, doAsUser); } }; return (Long) operateDelegationToken(renewDTAction); }
@Override public HttpURLConnection getHttpURLConnection(final URL url) throws IOException { authUgi.checkTGTAndReloginFromKeytab(); try { return new DelegationTokenAuthenticatedURL( authenticator, connConfigurator).openConnection(url, token, doAsUser); } catch (UndeclaredThrowableException e) { throw new IOException(e.getCause()); } catch (AuthenticationException ae) { throw new IOException(ae); } }
@SuppressWarnings("unchecked") @Override public long renewDelegationToken( final Token<TimelineDelegationTokenIdentifier> timelineDT) throws IOException, YarnException { boolean isProxyAccess = UserGroupInformation.getCurrentUser().getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY; final String doAsUser = isProxyAccess ? UserGroupInformation.getCurrentUser().getShortUserName() : null; PrivilegedExceptionAction<Long> renewDTAction = new PrivilegedExceptionAction<Long>() { @Override public Long run() throws Exception { // If the timeline DT to renew is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; if (!timelineDT.equals(token.getDelegationToken())) { token.setDelegationToken((Token) timelineDT); } DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); return authUrl .renewDelegationToken(resURI.toURL(), token, doAsUser); } }; return (Long) operateDelegationToken(renewDTAction); }
@SuppressWarnings("unchecked") @Override public void cancelDelegationToken( final Token<TimelineDelegationTokenIdentifier> timelineDT) throws IOException, YarnException { boolean isProxyAccess = UserGroupInformation.getCurrentUser().getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY; final String doAsUser = isProxyAccess ? UserGroupInformation.getCurrentUser().getShortUserName() : null; PrivilegedExceptionAction<Void> cancelDTAction = new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { // If the timeline DT to cancel is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; if (!timelineDT.equals(token.getDelegationToken())) { token.setDelegationToken((Token) timelineDT); } DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); authUrl.cancelDelegationToken(resURI.toURL(), token, doAsUser); return null; } }; operateDelegationToken(cancelDTAction); }
public Token<?>[] addDelegationTokens(String strURL, String renewer, Credentials credentials) throws IOException { Token<?>[] tokens = null; Text dtService = getDelegationTokenService(strURL); Token<?> token = credentials.getToken(dtService); if (token == null) { URL url = new URL(strURL); DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { return conn; } }); try { token = authUrl.getDelegationToken(url, authToken, renewer); if (token != null) { credentials.addToken(token.getService(), token); tokens = new Token<?>[]{token}; } else { throw new IOException("Got NULL as delegation token"); } } catch (AuthenticationException ex) { throw new IOException(ex); } } return tokens; }
public KMSClientProvider(URI uri, Configuration conf) throws IOException { super(conf); kmsUrl = createServiceURL(extractKMSPath(uri)); if ("https".equalsIgnoreCase(new URL(kmsUrl).getProtocol())) { sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex); } } int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); encKeyVersionQueue = new ValueQueue<KeyProviderCryptoExtension.EncryptedKeyVersion>( conf.getInt( CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_SIZE_DEFAULT), conf.getFloat( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_MS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT), new EncryptedQueueRefiller()); authToken = new DelegationTokenAuthenticatedURL.Token(); }
@Override public long renewDelegationToken(final Token<?> dToken) throws IOException { try { final String doAsUser = getDoAsUser(); final DelegationTokenAuthenticatedURL.Token token = generateDelegationToken(dToken); final URL url = createURL(null, null, null, null); LOG.debug("Renewing delegation token {} with url:{}, as:{}", token, url, doAsUser); final DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator); return getActualUgi().doAs( new PrivilegedExceptionAction<Long>() { @Override public Long run() throws Exception { return authUrl.renewDelegationToken(url, token, doAsUser); } } ); } catch (Exception ex) { if (ex instanceof IOException) { throw (IOException) ex; } else { throw new IOException(ex); } } }
@Override public Void cancelDelegationToken(final Token<?> dToken) throws IOException { try { final String doAsUser = getDoAsUser(); final DelegationTokenAuthenticatedURL.Token token = generateDelegationToken(dToken); return getActualUgi().doAs( new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { final URL url = createURL(null, null, null, null); LOG.debug("Cancelling delegation token {} with url:{}, as:{}", dToken, url, doAsUser); final DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator); authUrl.cancelDelegationToken(url, token, doAsUser); return null; } } ); } catch (Exception ex) { if (ex instanceof IOException) { throw (IOException) ex; } else { throw new IOException(ex); } } }
/** * Generate a DelegationTokenAuthenticatedURL.Token from the given generic * typed delegation token. * * @param dToken The delegation token. * @return The DelegationTokenAuthenticatedURL.Token, with its delegation * token set to the delegation token passed in. */ private DelegationTokenAuthenticatedURL.Token generateDelegationToken( final Token<?> dToken) { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token(); Token<AbstractDelegationTokenIdentifier> dt = new Token<>(dToken.getIdentifier(), dToken.getPassword(), dToken.getKind(), dToken.getService()); token.setDelegationToken(dt); return token; }
public KMSClientProvider(URI uri, Configuration conf) throws IOException { super(conf); kmsUrl = createServiceURL(extractKMSPath(uri)); if ("https".equalsIgnoreCase(new URL(kmsUrl).getProtocol())) { sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex); } } int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); encKeyVersionQueue = new ValueQueue<KeyProviderCryptoExtension.EncryptedKeyVersion>( conf.getInt( CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_SIZE_DEFAULT), conf.getFloat( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_MS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT), new EncryptedQueueRefiller()); authToken = new DelegationTokenAuthenticatedURL.Token(); UserGroupInformation.AuthenticationMethod authMethod = UserGroupInformation.getCurrentUser().getAuthenticationMethod(); if (authMethod == UserGroupInformation.AuthenticationMethod.PROXY) { actualUgi = UserGroupInformation.getCurrentUser().getRealUser(); } else if (authMethod == UserGroupInformation.AuthenticationMethod.TOKEN) { actualUgi = UserGroupInformation.getLoginUser(); } else { actualUgi =UserGroupInformation.getCurrentUser(); } }
private <T> T call(HttpURLConnection conn, Map jsonOutput, int expectedResponse, Class<T> klass, int authRetryCount) throws IOException { T ret = null; try { if (jsonOutput != null) { writeJson(jsonOutput, conn.getOutputStream()); } } catch (IOException ex) { IOUtils.closeStream(conn.getInputStream()); throw ex; } if ((conn.getResponseCode() == HttpURLConnection.HTTP_FORBIDDEN && (conn.getResponseMessage().equals(ANONYMOUS_REQUESTS_DISALLOWED) || conn.getResponseMessage().contains(INVALID_SIGNATURE))) || conn.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) { // Ideally, this should happen only when there is an Authentication // failure. Unfortunately, the AuthenticationFilter returns 403 when it // cannot authenticate (Since a 401 requires Server to send // WWW-Authenticate header as well).. KMSClientProvider.this.authToken = new DelegationTokenAuthenticatedURL.Token(); if (authRetryCount > 0) { String contentType = conn.getRequestProperty(CONTENT_TYPE); String requestMethod = conn.getRequestMethod(); URL url = conn.getURL(); conn = createConnection(url, requestMethod); conn.setRequestProperty(CONTENT_TYPE, contentType); return call(conn, jsonOutput, expectedResponse, klass, authRetryCount - 1); } } try { AuthenticatedURL.extractToken(conn, authToken); } catch (AuthenticationException e) { // Ignore the AuthExceptions.. since we are just using the method to // extract and set the authToken.. (Workaround till we actually fix // AuthenticatedURL properly to set authToken post initialization) } HttpExceptionUtils.validateResponse(conn, expectedResponse); if (conn.getContentType() != null && conn.getContentType().trim().toLowerCase() .startsWith(APPLICATION_JSON_MIME) && klass != null) { ObjectMapper mapper = new ObjectMapper(); InputStream is = null; try { is = conn.getInputStream(); ret = mapper.readValue(is, klass); } finally { IOUtils.closeStream(is); } } return ret; }
public KMSPREClientProvider(URI uri, Configuration conf) throws IOException { super(conf); kmsUrl = createServiceURL(extractKMSPath(uri)); if ("https".equalsIgnoreCase(new URL(kmsUrl).getProtocol())) { sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex); } } int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); encKeyVersionQueue = new ValueQueue<EncryptedKeyVersion>( conf.getInt( CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_SIZE_DEFAULT), conf.getFloat( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_MS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT), new EncryptedQueueRefiller()); authToken = new DelegationTokenAuthenticatedURL.Token(); UserGroupInformation.AuthenticationMethod authMethod = UserGroupInformation.getCurrentUser().getAuthenticationMethod(); if (authMethod == UserGroupInformation.AuthenticationMethod.PROXY) { actualUgi = UserGroupInformation.getCurrentUser().getRealUser(); } else if (authMethod == UserGroupInformation.AuthenticationMethod.TOKEN) { actualUgi = UserGroupInformation.getLoginUser(); } else { actualUgi =UserGroupInformation.getCurrentUser(); } }
private <T> T call(HttpURLConnection conn, Map jsonOutput, int expectedResponse, Class<T> klass, int authRetryCount) throws IOException { T ret = null; try { if (jsonOutput != null) { writeJson(jsonOutput, conn.getOutputStream()); } } catch (IOException ex) { IOUtils.closeStream(conn.getInputStream()); throw ex; } if ((conn.getResponseCode() == HttpURLConnection.HTTP_FORBIDDEN && (conn.getResponseMessage().equals(ANONYMOUS_REQUESTS_DISALLOWED) || conn.getResponseMessage().contains(INVALID_SIGNATURE))) || conn.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) { // Ideally, this should happen only when there is an Authentication // failure. Unfortunately, the AuthenticationFilter returns 403 when it // cannot authenticate (Since a 401 requires Server to send // WWW-Authenticate header as well).. KMSPREClientProvider.this.authToken = new DelegationTokenAuthenticatedURL.Token(); if (authRetryCount > 0) { String contentType = conn.getRequestProperty(CONTENT_TYPE); String requestMethod = conn.getRequestMethod(); URL url = conn.getURL(); conn = createConnection(url, requestMethod); conn.setRequestProperty(CONTENT_TYPE, contentType); return call(conn, jsonOutput, expectedResponse, klass, authRetryCount - 1); } } try { AuthenticatedURL.extractToken(conn, authToken); } catch (AuthenticationException e) { // Ignore the AuthExceptions.. since we are just using the method to // extract and set the authToken.. (Workaround till we actually fix // AuthenticatedURL properly to set authToken post initialization) } HttpExceptionUtils.validateResponse(conn, expectedResponse); if (conn.getContentType() != null && conn.getContentType().trim().toLowerCase() .startsWith(APPLICATION_JSON_MIME) && klass != null) { ObjectMapper mapper = new ObjectMapper(); InputStream is = null; try { is = conn.getInputStream(); ret = mapper.readValue(is, klass); } finally { IOUtils.closeStream(is); } } return ret; }
private <T> T call(HttpURLConnection conn, Map jsonOutput, int expectedResponse, Class<T> klass, int authRetryCount) throws IOException { T ret = null; try { if (jsonOutput != null) { writeJson(jsonOutput, conn.getOutputStream()); } } catch (IOException ex) { IOUtils.closeStream(conn.getInputStream()); throw ex; } if ((conn.getResponseCode() == HttpURLConnection.HTTP_FORBIDDEN && (conn.getResponseMessage().equals(ANONYMOUS_REQUESTS_DISALLOWED) || conn.getResponseMessage().contains(INVALID_SIGNATURE))) || conn.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) { // Ideally, this should happen only when there is an Authentication // failure. Unfortunately, the AuthenticationFilter returns 403 when it // cannot authenticate (Since a 401 requires Server to send // WWW-Authenticate header as well).. ReEncryptionClientProvider.this.authToken = new DelegationTokenAuthenticatedURL.Token(); if (authRetryCount > 0) { String contentType = conn.getRequestProperty(CONTENT_TYPE); String requestMethod = conn.getRequestMethod(); URL url = conn.getURL(); conn = createConnection(url, requestMethod); conn.setRequestProperty(CONTENT_TYPE, contentType); return call(conn, jsonOutput, expectedResponse, klass, authRetryCount - 1); } } try { AuthenticatedURL.extractToken(conn, authToken); } catch (AuthenticationException e) { // Ignore the AuthExceptions.. since we are just using the method to // extract and set the authToken.. (Workaround till we actually fix // AuthenticatedURL properly to set authToken post initialization) } HttpExceptionUtils.validateResponse(conn, expectedResponse); if (conn.getContentType() != null && conn.getContentType().trim().toLowerCase() .startsWith(APPLICATION_JSON_MIME) && klass != null) { ObjectMapper mapper = new ObjectMapper(); InputStream is = null; try { is = conn.getInputStream(); ret = mapper.readValue(is, klass); } finally { IOUtils.closeStream(is); } } return ret; }
public KMSClientProvider(URI uri, Configuration conf) throws IOException { super(conf); kmsUrl = createServiceURL(extractKMSPath(uri)); if ("https".equalsIgnoreCase(new URL(kmsUrl).getProtocol())) { sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex); } } int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); encKeyVersionQueue = new ValueQueue<KeyProviderCryptoExtension.EncryptedKeyVersion>( conf.getInt( CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_SIZE_DEFAULT), conf.getFloat( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_MS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT), new EncryptedQueueRefiller()); authToken = new DelegationTokenAuthenticatedURL.Token(); actualUgi = (UserGroupInformation.getCurrentUser().getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) ? UserGroupInformation .getCurrentUser().getRealUser() : UserGroupInformation .getCurrentUser(); }
public ConnectorResourceRequest(DelegationTokenAuthenticatedURL.Token token){ super(token); }
public DriverResourceRequest(DelegationTokenAuthenticatedURL.Token token){ super(token); }
