@Override
public void getAuthenticationToken(
RpcController controller,
AuthenticationProtos.GetAuthenticationTokenRequest request,
RpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> done) {
AuthenticationProtos.GetAuthenticationTokenResponse.Builder response =
AuthenticationProtos.GetAuthenticationTokenResponse.newBuilder();
try {
if (secretManager == null) {
throw new IOException("No secret manager configured for token authentication");
}
User currentUser = RequestContext.getRequestUser();
UserGroupInformation ugi = null;
if (currentUser != null) {
ugi = currentUser.getUGI();
}
if (currentUser == null) {
throw new AccessDeniedException("No authenticated user for request!");
} else if (!isAllowedDelegationTokenOp(ugi)) {
LOG.warn(
"Token generation denied for user="******", authMethod="
+ ugi.getAuthenticationMethod());
throw new AccessDeniedException(
"Token generation only allowed for Kerberos authenticated clients");
}
Token<AuthenticationTokenIdentifier> token =
secretManager.generateToken(currentUser.getName());
response.setToken(ProtobufUtil.toToken(token)).build();
} catch (IOException ioe) {
ResponseConverter.setControllerException(controller, ioe);
}
done.run(response.build());
}
