/** * Cancel a token by removing it from cache. * * @return Identifier of the canceled token * @throws InvalidToken for invalid token * @throws AccessControlException if the user isn't allowed to cancel */ public synchronized TokenIdent cancelToken(Token<TokenIdent> token, String canceller) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); TokenIdent id = createIdentifier(); id.readFields(in); LOG.info("Token cancelation requested for identifier: " + id); if (id.getUser() == null) { throw new InvalidToken("Token with no owner"); } String owner = id.getUser().getUserName(); Text renewer = id.getRenewer(); KerberosName cancelerKrbName = new KerberosName(canceller); String cancelerShortName = cancelerKrbName.getShortName(); if (!canceller.equals(owner) && (renewer == null || "".equals(renewer.toString()) || !cancelerShortName.equals(renewer.toString()))) { throw new AccessControlException(canceller + " is not authorized to cancel the token"); } DelegationTokenInformation info = null; info = currentTokens.remove(id); if (info == null) { throw new InvalidToken("Token not found"); } return id; }