public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) { if (owner == null) { this.owner = new Text(); } else { this.owner = owner; } if (renewer == null) { this.renewer = new Text(); } else { KerberosName renewerKrbName = new KerberosName(renewer.toString()); try { this.renewer = new Text(renewerKrbName.getShortName()); } catch (IOException e) { throw new RuntimeException(e); } } if (realUser == null) { this.realUser = new Text(); } else { this.realUser = realUser; } issueDate = 0; maxDate = 0; }
/** * Expected user name should be a short name. */ private static void checkUsername(final String expected, final String name ) throws IOException { if (expected == null && name != null) { throw new IOException("Usernames not matched: expecting null but name=" + name); } if (name == null) { //name is optional, null is okay return; } KerberosName u = new KerberosName(name); String shortName = u.getShortName(); if (!shortName.equals(expected)) { throw new IOException("Usernames not matched: name=" + shortName + " != expected=" + expected); } }
static void obtainTokensForNamenodesInternal(Credentials credentials, Path [] ps, Configuration conf ) throws IOException { // get jobtracker principal id (for the renewer) KerberosName jtKrbName = new KerberosName(conf.get(JobTracker.JT_USER_NAME, "")); String delegTokenRenewer = jtKrbName.getShortName(); boolean readFile = true; for(Path p: ps) { FileSystem fs = FileSystem.get(p.toUri(), conf); String fsName = fs.getCanonicalServiceName(); if (fsName == null) { continue; } if (TokenCache.getDelegationToken(credentials, fsName) == null) { //TODO: Need to come up with a better place to put //this block of code to do with reading the file if (readFile) { readFile = false; String binaryTokenFilename = conf.get("mapreduce.job.credentials.binary"); if (binaryTokenFilename != null) { Credentials binary; try { binary = Credentials.readTokenStorageFile(new Path("file:///" + binaryTokenFilename), conf); } catch (IOException e) { throw new RuntimeException(e); } credentials.addAll(binary); } if (TokenCache.getDelegationToken(credentials, fsName) != null) { LOG.debug("DT for " + fsName + " is already present"); continue; } } Token<?> token = fs.getDelegationToken(delegTokenRenewer); if (token != null) { Text fsNameText = new Text(fsName); credentials.addToken(fsNameText, token); LOG.info("Got dt for " + p + ";uri="+ fsName + ";t.service="+token.getService()); } } } }
/** * get delegation token for a specific FS * @param fs * @param credentials * @param p * @param conf * @throws IOException */ static void obtainTokensForNamenodesInternal(FileSystem fs, Credentials credentials, Configuration conf) throws IOException { // get jobtracker principal id (for the renewer) KerberosName jtKrbName = new KerberosName(conf.get(JTConfig.JT_USER_NAME,"")); String delegTokenRenewer = jtKrbName.getShortName(); boolean readFile = true; String fsName = fs.getCanonicalServiceName(); if (TokenCache.getDelegationToken(credentials, fsName) == null) { //TODO: Need to come up with a better place to put //this block of code to do with reading the file if (readFile) { readFile = false; String binaryTokenFilename = conf.get("mapreduce.job.credentials.binary"); if (binaryTokenFilename != null) { Credentials binary; try { binary = Credentials.readTokenStorageFile( new Path("file:///" + binaryTokenFilename), conf); } catch (IOException e) { throw new RuntimeException(e); } credentials.addAll(binary); } if (TokenCache.getDelegationToken(credentials, fsName) != null) { LOG.debug("DT for " + fsName + " is already present"); return; } } Token<?> token = fs.getDelegationToken(delegTokenRenewer); if (token != null) { Text fsNameText = new Text(fsName); token.setService(fsNameText); credentials.addToken(fsNameText, token); LOG.info("Got dt for " + fs.getUri() + ";uri="+ fsName + ";t.service="+token.getService()); } } }
