/** * Load Hadoop Job Token into secret manager. * * @param conf Configuration * @throws IOException */ private void setupSecretManager(Configuration conf) throws IOException { secretManager = new JobTokenSecretManager(); String localJobTokenFile = System.getenv().get(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION); if (localJobTokenFile == null) { throw new IOException( "Could not find job credentials: environment " + "variable: " + UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION + " was not defined."); } JobConf jobConf = new JobConf(conf); // Find the JobTokenIdentifiers among all the tokens available in the // jobTokenFile and store them in the secretManager. Credentials credentials = TokenCache.loadTokens(localJobTokenFile, jobConf); Collection<Token<? extends TokenIdentifier>> collection = credentials.getAllTokens(); for (Token<? extends TokenIdentifier> token : collection) { TokenIdentifier tokenIdentifier = decodeIdentifier(token, JobTokenIdentifier.class); if (tokenIdentifier instanceof JobTokenIdentifier) { Token<JobTokenIdentifier> theToken = (Token<JobTokenIdentifier>) token; JobTokenIdentifier jobTokenIdentifier = (JobTokenIdentifier) tokenIdentifier; secretManager.addTokenForJob(jobTokenIdentifier.getJobId().toString(), theToken); } } if (LOG.isDebugEnabled()) { LOG.debug( "loaded JobToken credentials: " + credentials + " from " + "localJobTokenFile: " + localJobTokenFile); } }
/** {@inheritDoc} */ @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { NameCallback nc = null; PasswordCallback pc = null; AuthorizeCallback ac = null; for (Callback callback : callbacks) { if (callback instanceof AuthorizeCallback) { ac = (AuthorizeCallback) callback; } else if (callback instanceof NameCallback) { nc = (NameCallback) callback; } else if (callback instanceof PasswordCallback) { pc = (PasswordCallback) callback; } else if (callback instanceof RealmCallback) { continue; // realm is ignored } else { throw new UnsupportedCallbackException( callback, "handle: Unrecognized SASL DIGEST-MD5 Callback"); } } if (pc != null) { JobTokenIdentifier tokenIdentifier = getIdentifier(nc.getDefaultName(), secretManager); char[] password = encodePassword(secretManager.retrievePassword(tokenIdentifier)); if (LOG.isDebugEnabled()) { LOG.debug( "handle: SASL server DIGEST-MD5 callback: setting " + "password for client: " + tokenIdentifier.getUser()); } pc.setPassword(password); } if (ac != null) { String authid = ac.getAuthenticationID(); String authzid = ac.getAuthorizationID(); if (authid.equals(authzid)) { ac.setAuthorized(true); } else { ac.setAuthorized(false); } if (ac.isAuthorized()) { if (LOG.isDebugEnabled()) { String username = getIdentifier(authzid, secretManager).getUser().getUserName(); if (LOG.isDebugEnabled()) { LOG.debug( "handle: SASL server DIGEST-MD5 callback: setting " + "canonicalized client ID: " + username); } } ac.setAuthorizedID(authzid); } } }