public static Token<? extends AbstractDelegationTokenIdentifier> extractThriftToken(
String tokenStrForm, String tokenSignature) throws MetaException, TException, IOException {
// LOG.info("extractThriftToken("+tokenStrForm+","+tokenSignature+")");
Token<? extends AbstractDelegationTokenIdentifier> t = new Token<DelegationTokenIdentifier>();
t.decodeFromUrlString(tokenStrForm);
t.setService(new Text(tokenSignature));
// LOG.info("returning "+t);
return t;
}
public Token<AuthenticationTokenIdentifier> generateToken(String username) {
AuthenticationTokenIdentifier ident = new AuthenticationTokenIdentifier(username);
Token<AuthenticationTokenIdentifier> token =
new Token<AuthenticationTokenIdentifier>(ident, this);
if (clusterId.hasId()) {
token.setService(new Text(clusterId.getId()));
}
return token;
}
/**
* Get a delegation token for the user from the JobTracker.
*
* @param renewer the user who can renew the token
* @return the new token
* @throws IOException
*/
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
throws IOException, InterruptedException {
Token<DelegationTokenIdentifier> result = client.getDelegationToken(renewer);
InetSocketAddress addr = Master.getMasterAddress(conf);
StringBuilder service = new StringBuilder();
service.append(NetUtils.normalizeHostName(addr.getAddress().getHostAddress()));
service.append(':');
service.append(addr.getPort());
result.setService(new Text(service.toString()));
return result;
}
private void updateAMRMToken(Token token) throws IOException {
org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> amrmToken =
new org.apache.hadoop.security.token.Token<AMRMTokenIdentifier>(
token.getIdentifier().array(),
token.getPassword().array(),
new Text(token.getKind()),
new Text(token.getService()));
// Preserve the token service sent by the RM when adding the token
// to ensure we replace the previous token setup by the RM.
// Afterwards we can update the service address for the RPC layer.
UserGroupInformation currentUGI = UserGroupInformation.getCurrentUser();
currentUGI.addToken(amrmToken);
amrmToken.setService(ClientRMProxy.getAMRMTokenService(getConfig()));
}
public static Credentials getDTfromRemote(String nnAddr, String renewer) throws IOException {
DataInputStream dis = null;
try {
StringBuffer url = new StringBuffer();
if (renewer != null) {
url.append(nnAddr)
.append(GetDelegationTokenServlet.PATH_SPEC)
.append("?")
.append(GetDelegationTokenServlet.RENEWER)
.append("=")
.append(renewer);
} else {
url.append(nnAddr).append(GetDelegationTokenServlet.PATH_SPEC);
}
if (LOG.isDebugEnabled()) {
LOG.debug("Retrieving token from: " + url);
}
URL remoteURL = new URL(url.toString());
SecurityUtil.fetchServiceTicket(remoteURL);
URLConnection connection = remoteURL.openConnection();
InputStream in = connection.getInputStream();
Credentials ts = new Credentials();
dis = new DataInputStream(in);
ts.readFields(dis);
for (Token<?> token : ts.getAllTokens()) {
token.setKind(HftpFileSystem.TOKEN_KIND);
token.setService(
new Text(
SecurityUtil.buildDTServiceName(
remoteURL.toURI(), DFSConfigKeys.DFS_HTTPS_PORT_DEFAULT)));
}
return ts;
} catch (Exception e) {
throw new IOException("Unable to obtain remote token", e);
} finally {
if (dis != null) dis.close();
}
}
@Test
public void testGetUgi() throws IOException {
conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
HttpServletRequest request = mock(HttpServletRequest.class);
ServletContext context = mock(ServletContext.class);
String user = "******";
Text userText = new Text(user);
DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText, userText, null);
Token<DelegationTokenIdentifier> token =
new Token<DelegationTokenIdentifier>(dtId, new DummySecretManager(0, 0, 0, 0));
String tokenString = token.encodeToUrlString();
when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
when(request.getRemoteUser()).thenReturn(user);
// Test attribute in the url to be used as service in the token.
when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn("1.1.1.1:1111");
conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
verifyServiceInToken(context, request, "1.1.1.1:1111");
// Test attribute name.node.address
// Set the nnaddr url parameter to null.
when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(null);
InetSocketAddress addr = new InetSocketAddress("localhost", 2222);
when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY)).thenReturn(addr);
verifyServiceInToken(context, request, addr.getAddress().getHostAddress() + ":2222");
// Test service already set in the token
token.setService(new Text("3.3.3.3:3333"));
tokenString = token.encodeToUrlString();
// Set the name.node.address attribute in Servlet context to null
when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY)).thenReturn(null);
when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
verifyServiceInToken(context, request, "3.3.3.3:3333");
}
@Test
public void testGetTokensForHftpFS() throws IOException, URISyntaxException {
HftpFileSystem hfs = mock(HftpFileSystem.class);
DelegationTokenSecretManager dtSecretManager =
NameNodeAdapter.getDtSecretManager(dfsCluster.getNamesystem());
String renewer = "renewer";
jConf.set(JTConfig.JT_USER_NAME, renewer);
DelegationTokenIdentifier dtId =
new DelegationTokenIdentifier(new Text("user"), new Text(renewer), null);
final Token<DelegationTokenIdentifier> t =
new Token<DelegationTokenIdentifier>(dtId, dtSecretManager);
final URI uri = new URI("hftp://host:2222/file1");
final String fs_addr = SecurityUtil.buildDTServiceName(uri, NameNode.DEFAULT_PORT);
t.setService(new Text(fs_addr));
// when(hfs.getUri()).thenReturn(uri);
Mockito.doAnswer(
new Answer<URI>() {
@Override
public URI answer(InvocationOnMock invocation) throws Throwable {
return uri;
}
})
.when(hfs)
.getUri();
// when(hfs.getDelegationToken()).thenReturn((Token<? extends TokenIdentifier>) t);
Mockito.doAnswer(
new Answer<Token<DelegationTokenIdentifier>>() {
@Override
public Token<DelegationTokenIdentifier> answer(InvocationOnMock invocation)
throws Throwable {
return t;
}
})
.when(hfs)
.getDelegationToken(renewer);
// when(hfs.getDelegationTokens()).thenReturn((Token<? extends TokenIdentifier>) t);
Mockito.doAnswer(
new Answer<List<Token<DelegationTokenIdentifier>>>() {
@Override
public List<Token<DelegationTokenIdentifier>> answer(InvocationOnMock invocation)
throws Throwable {
return Collections.singletonList(t);
}
})
.when(hfs)
.getDelegationTokens(renewer);
// when(hfs.getCanonicalServiceName).thenReturn(fs_addr);
Mockito.doAnswer(
new Answer<String>() {
@Override
public String answer(InvocationOnMock invocation) throws Throwable {
return fs_addr;
}
})
.when(hfs)
.getCanonicalServiceName();
Credentials credentials = new Credentials();
Path p = new Path(uri.toString());
System.out.println("Path for hftp=" + p + "; fs_addr=" + fs_addr + "; rn=" + renewer);
TokenCache.obtainTokensForNamenodesInternal(hfs, credentials, jConf);
Collection<Token<? extends TokenIdentifier>> tns = credentials.getAllTokens();
assertEquals("number of tokens is not 1", 1, tns.size());
boolean found = false;
for (Token<? extends TokenIdentifier> tt : tns) {
System.out.println("token=" + tt);
if (tt.getKind().equals(DelegationTokenIdentifier.HDFS_DELEGATION_KIND)
&& tt.getService().equals(new Text(fs_addr))) {
found = true;
assertEquals("different token", tt, t);
}
assertTrue("didn't find token for " + p, found);
}
}
