public static Token<? extends AbstractDelegationTokenIdentifier> extractThriftToken(
     String tokenStrForm, String tokenSignature) throws MetaException, TException, IOException {
   // LOG.info("extractThriftToken("+tokenStrForm+","+tokenSignature+")");
   Token<? extends AbstractDelegationTokenIdentifier> t = new Token<DelegationTokenIdentifier>();
   t.decodeFromUrlString(tokenStrForm);
   t.setService(new Text(tokenSignature));
   // LOG.info("returning "+t);
   return t;
 }
 public Token<AuthenticationTokenIdentifier> generateToken(String username) {
   AuthenticationTokenIdentifier ident = new AuthenticationTokenIdentifier(username);
   Token<AuthenticationTokenIdentifier> token =
       new Token<AuthenticationTokenIdentifier>(ident, this);
   if (clusterId.hasId()) {
     token.setService(new Text(clusterId.getId()));
   }
   return token;
 }
Exemple #3
0
 /**
  * Get a delegation token for the user from the JobTracker.
  *
  * @param renewer the user who can renew the token
  * @return the new token
  * @throws IOException
  */
 public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
     throws IOException, InterruptedException {
   Token<DelegationTokenIdentifier> result = client.getDelegationToken(renewer);
   InetSocketAddress addr = Master.getMasterAddress(conf);
   StringBuilder service = new StringBuilder();
   service.append(NetUtils.normalizeHostName(addr.getAddress().getHostAddress()));
   service.append(':');
   service.append(addr.getPort());
   result.setService(new Text(service.toString()));
   return result;
 }
 private void updateAMRMToken(Token token) throws IOException {
   org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> amrmToken =
       new org.apache.hadoop.security.token.Token<AMRMTokenIdentifier>(
           token.getIdentifier().array(),
           token.getPassword().array(),
           new Text(token.getKind()),
           new Text(token.getService()));
   // Preserve the token service sent by the RM when adding the token
   // to ensure we replace the previous token setup by the RM.
   // Afterwards we can update the service address for the RPC layer.
   UserGroupInformation currentUGI = UserGroupInformation.getCurrentUser();
   currentUGI.addToken(amrmToken);
   amrmToken.setService(ClientRMProxy.getAMRMTokenService(getConfig()));
 }
  public static Credentials getDTfromRemote(String nnAddr, String renewer) throws IOException {
    DataInputStream dis = null;

    try {
      StringBuffer url = new StringBuffer();
      if (renewer != null) {
        url.append(nnAddr)
            .append(GetDelegationTokenServlet.PATH_SPEC)
            .append("?")
            .append(GetDelegationTokenServlet.RENEWER)
            .append("=")
            .append(renewer);
      } else {
        url.append(nnAddr).append(GetDelegationTokenServlet.PATH_SPEC);
      }

      if (LOG.isDebugEnabled()) {
        LOG.debug("Retrieving token from: " + url);
      }

      URL remoteURL = new URL(url.toString());
      SecurityUtil.fetchServiceTicket(remoteURL);
      URLConnection connection = remoteURL.openConnection();

      InputStream in = connection.getInputStream();
      Credentials ts = new Credentials();
      dis = new DataInputStream(in);
      ts.readFields(dis);
      for (Token<?> token : ts.getAllTokens()) {
        token.setKind(HftpFileSystem.TOKEN_KIND);
        token.setService(
            new Text(
                SecurityUtil.buildDTServiceName(
                    remoteURL.toURI(), DFSConfigKeys.DFS_HTTPS_PORT_DEFAULT)));
      }
      return ts;
    } catch (Exception e) {
      throw new IOException("Unable to obtain remote token", e);
    } finally {
      if (dis != null) dis.close();
    }
  }
  @Test
  public void testGetUgi() throws IOException {
    conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
    HttpServletRequest request = mock(HttpServletRequest.class);
    ServletContext context = mock(ServletContext.class);
    String user = "******";
    Text userText = new Text(user);
    DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText, userText, null);
    Token<DelegationTokenIdentifier> token =
        new Token<DelegationTokenIdentifier>(dtId, new DummySecretManager(0, 0, 0, 0));
    String tokenString = token.encodeToUrlString();
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    when(request.getRemoteUser()).thenReturn(user);

    // Test attribute in the url to be used as service in the token.
    when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn("1.1.1.1:1111");

    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);

    verifyServiceInToken(context, request, "1.1.1.1:1111");

    // Test attribute name.node.address
    // Set the nnaddr url parameter to null.
    when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(null);
    InetSocketAddress addr = new InetSocketAddress("localhost", 2222);
    when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY)).thenReturn(addr);
    verifyServiceInToken(context, request, addr.getAddress().getHostAddress() + ":2222");

    // Test service already set in the token
    token.setService(new Text("3.3.3.3:3333"));
    tokenString = token.encodeToUrlString();
    // Set the name.node.address attribute in Servlet context to null
    when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY)).thenReturn(null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    verifyServiceInToken(context, request, "3.3.3.3:3333");
  }
  @Test
  public void testGetTokensForHftpFS() throws IOException, URISyntaxException {
    HftpFileSystem hfs = mock(HftpFileSystem.class);

    DelegationTokenSecretManager dtSecretManager =
        NameNodeAdapter.getDtSecretManager(dfsCluster.getNamesystem());
    String renewer = "renewer";
    jConf.set(JTConfig.JT_USER_NAME, renewer);
    DelegationTokenIdentifier dtId =
        new DelegationTokenIdentifier(new Text("user"), new Text(renewer), null);
    final Token<DelegationTokenIdentifier> t =
        new Token<DelegationTokenIdentifier>(dtId, dtSecretManager);

    final URI uri = new URI("hftp://host:2222/file1");
    final String fs_addr = SecurityUtil.buildDTServiceName(uri, NameNode.DEFAULT_PORT);
    t.setService(new Text(fs_addr));

    // when(hfs.getUri()).thenReturn(uri);
    Mockito.doAnswer(
            new Answer<URI>() {
              @Override
              public URI answer(InvocationOnMock invocation) throws Throwable {
                return uri;
              }
            })
        .when(hfs)
        .getUri();

    // when(hfs.getDelegationToken()).thenReturn((Token<? extends TokenIdentifier>) t);
    Mockito.doAnswer(
            new Answer<Token<DelegationTokenIdentifier>>() {
              @Override
              public Token<DelegationTokenIdentifier> answer(InvocationOnMock invocation)
                  throws Throwable {
                return t;
              }
            })
        .when(hfs)
        .getDelegationToken(renewer);

    // when(hfs.getDelegationTokens()).thenReturn((Token<? extends TokenIdentifier>) t);
    Mockito.doAnswer(
            new Answer<List<Token<DelegationTokenIdentifier>>>() {
              @Override
              public List<Token<DelegationTokenIdentifier>> answer(InvocationOnMock invocation)
                  throws Throwable {
                return Collections.singletonList(t);
              }
            })
        .when(hfs)
        .getDelegationTokens(renewer);

    // when(hfs.getCanonicalServiceName).thenReturn(fs_addr);
    Mockito.doAnswer(
            new Answer<String>() {
              @Override
              public String answer(InvocationOnMock invocation) throws Throwable {
                return fs_addr;
              }
            })
        .when(hfs)
        .getCanonicalServiceName();

    Credentials credentials = new Credentials();
    Path p = new Path(uri.toString());
    System.out.println("Path for hftp=" + p + "; fs_addr=" + fs_addr + "; rn=" + renewer);
    TokenCache.obtainTokensForNamenodesInternal(hfs, credentials, jConf);

    Collection<Token<? extends TokenIdentifier>> tns = credentials.getAllTokens();
    assertEquals("number of tokens is not 1", 1, tns.size());

    boolean found = false;
    for (Token<? extends TokenIdentifier> tt : tns) {
      System.out.println("token=" + tt);
      if (tt.getKind().equals(DelegationTokenIdentifier.HDFS_DELEGATION_KIND)
          && tt.getService().equals(new Text(fs_addr))) {
        found = true;
        assertEquals("different token", tt, t);
      }
      assertTrue("didn't find token for " + p, found);
    }
  }