Java源码示例:org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier
示例1
public DelegationTokenToRenew(Collection<ApplicationId> applicationIds,
Token<?> token,
Configuration conf, long expirationDate, boolean shouldCancelAtEnd,
String user) {
this.token = token;
this.user = user;
if (token.getKind().equals(new Text("HDFS_DELEGATION_TOKEN"))) {
try {
AbstractDelegationTokenIdentifier identifier =
(AbstractDelegationTokenIdentifier) token.decodeIdentifier();
maxDate = identifier.getMaxDate();
} catch (IOException e) {
throw new YarnRuntimeException(e);
}
}
this.referringAppIds = Collections.synchronizedSet(
new HashSet<ApplicationId>(applicationIds));
this.conf = conf;
this.expirationDate = expirationDate;
this.timerTask = null;
this.shouldCancelAtEnd = shouldCancelAtEnd;
}
示例2
/**
* Tests delegation token APIs in FileContext for Hdfs; and renew and cancel
* APIs in Hdfs.
*
* @throws UnsupportedFileSystemException
* @throws IOException
* @throws InterruptedException
*/
@SuppressWarnings({ "unchecked", "deprecation" })
@Test
public void testFcDelegationToken() throws UnsupportedFileSystemException,
IOException, InterruptedException {
FileContext fcHdfs = FileContext.getFileContext(cluster.getFileSystem()
.getUri());
final AbstractFileSystem afs = fcHdfs.getDefaultFileSystem();
final List<Token<?>> tokenList =
afs.getDelegationTokens(UserGroupInformation.getCurrentUser()
.getUserName());
((Hdfs) afs).renewDelegationToken((Token<DelegationTokenIdentifier>) tokenList
.get(0));
((Hdfs) afs).cancelDelegationToken(
(Token<? extends AbstractDelegationTokenIdentifier>) tokenList.get(0));
}
示例3
public static void testEncodeWritable() throws Exception {
String[] values = new String[]{"", "a", "bb", "ccc", "dddd", "eeeee",
"ffffff", "ggggggg", "hhhhhhhh", "iiiiiiiii",
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM" +
"[email protected]#$%^&*()-=_+[]{}|;':,./<>?"};
Token<AbstractDelegationTokenIdentifier> orig;
Token<AbstractDelegationTokenIdentifier> copy =
new Token<AbstractDelegationTokenIdentifier>();
// ensure that for each string the input and output values match
for(int i=0; i< values.length; ++i) {
String val = values[i];
System.out.println("Input = " + val);
orig = new Token<AbstractDelegationTokenIdentifier>(val.getBytes(),
val.getBytes(), new Text(val), new Text(val));
String encode = orig.encodeToUrlString();
copy.decodeFromUrlString(encode);
assertEquals(orig, copy);
checkUrlSafe(encode);
}
}
示例4
public DelegationTokenToRenew(Collection<ApplicationId> applicationIds,
Token<?> token,
Configuration conf, long expirationDate, boolean shouldCancelAtEnd,
String user) {
this.token = token;
this.user = user;
if (token.getKind().equals(new Text("HDFS_DELEGATION_TOKEN"))) {
try {
AbstractDelegationTokenIdentifier identifier =
(AbstractDelegationTokenIdentifier) token.decodeIdentifier();
maxDate = identifier.getMaxDate();
} catch (IOException e) {
throw new YarnRuntimeException(e);
}
}
this.referringAppIds = Collections.synchronizedSet(
new HashSet<ApplicationId>(applicationIds));
this.conf = conf;
this.expirationDate = expirationDate;
this.timerTask = null;
this.shouldCancelAtEnd = shouldCancelAtEnd;
}
示例5
/**
* Tests delegation token APIs in FileContext for Hdfs; and renew and cancel
* APIs in Hdfs.
*
* @throws UnsupportedFileSystemException
* @throws IOException
* @throws InterruptedException
*/
@SuppressWarnings({ "unchecked", "deprecation" })
@Test
public void testFcDelegationToken() throws UnsupportedFileSystemException,
IOException, InterruptedException {
FileContext fcHdfs = FileContext.getFileContext(cluster.getFileSystem()
.getUri());
final AbstractFileSystem afs = fcHdfs.getDefaultFileSystem();
final List<Token<?>> tokenList =
afs.getDelegationTokens(UserGroupInformation.getCurrentUser()
.getUserName());
((Hdfs) afs).renewDelegationToken((Token<DelegationTokenIdentifier>) tokenList
.get(0));
((Hdfs) afs).cancelDelegationToken(
(Token<? extends AbstractDelegationTokenIdentifier>) tokenList.get(0));
}
示例6
public static void testEncodeWritable() throws Exception {
String[] values = new String[]{"", "a", "bb", "ccc", "dddd", "eeeee",
"ffffff", "ggggggg", "hhhhhhhh", "iiiiiiiii",
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM" +
"[email protected]#$%^&*()-=_+[]{}|;':,./<>?"};
Token<AbstractDelegationTokenIdentifier> orig;
Token<AbstractDelegationTokenIdentifier> copy =
new Token<AbstractDelegationTokenIdentifier>();
// ensure that for each string the input and output values match
for(int i=0; i< values.length; ++i) {
String val = values[i];
System.out.println("Input = " + val);
orig = new Token<AbstractDelegationTokenIdentifier>(val.getBytes(),
val.getBytes(), new Text(val), new Text(val));
String encode = orig.encodeToUrlString();
copy.decodeFromUrlString(encode);
assertEquals(orig, copy);
checkUrlSafe(encode);
}
}
示例7
/**
* Cancels a delegation token from the server end-point. It does not require
* being authenticated by the configured <code>Authenticator</code>.
*
* @param url the URL to cancel the delegation token from. Only HTTP/S URLs
* are supported.
* @param token the authentication token with the Delegation Token to cancel.
* @param doAsUser the user to do as, which will be the token owner.
* @throws IOException if an IO error occurred.
*/
public void cancelDelegationToken(URL url,
AuthenticatedURL.Token token,
Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser)
throws IOException {
try {
doDelegationTokenOperation(url, token,
DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, dToken, false,
doAsUser);
} catch (AuthenticationException ex) {
throw new IOException("This should not happen: " + ex.getMessage(), ex);
}
}
示例8
@SuppressWarnings("unchecked")
public void cancelToken(
Token<? extends AbstractDelegationTokenIdentifier> token,
String canceler) throws IOException {
canceler = (canceler != null) ? canceler :
verifyToken(token).getShortUserName();
secretManager.cancelToken(token, canceler);
}
示例9
@SuppressWarnings("unchecked")
public UserGroupInformation verifyToken(
Token<? extends AbstractDelegationTokenIdentifier> token)
throws IOException {
AbstractDelegationTokenIdentifier id = secretManager.decodeTokenIdentifier(token);
secretManager.verifyToken(id, token.getPassword());
return id.getUser();
}
示例10
/**
* Cancels a delegation token from the server end-point. It does not require
* being authenticated by the configured <code>Authenticator</code>.
*
* @param url the URL to cancel the delegation token from. Only HTTP/S URLs
* are supported.
* @param token the authentication token with the Delegation Token to cancel.
* @param doAsUser the user to do as, which will be the token owner.
* @throws IOException if an IO error occurred.
*/
public void cancelDelegationToken(URL url,
AuthenticatedURL.Token token,
Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser)
throws IOException {
try {
doDelegationTokenOperation(url, token,
DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, dToken, false,
doAsUser);
} catch (AuthenticationException ex) {
throw new IOException("This should not happen: " + ex.getMessage(), ex);
}
}
示例11
@SuppressWarnings("unchecked")
public void cancelToken(
Token<? extends AbstractDelegationTokenIdentifier> token,
String canceler) throws IOException {
canceler = (canceler != null) ? canceler :
verifyToken(token).getShortUserName();
secretManager.cancelToken(token, canceler);
}
示例12
@SuppressWarnings("unchecked")
public UserGroupInformation verifyToken(
Token<? extends AbstractDelegationTokenIdentifier> token)
throws IOException {
AbstractDelegationTokenIdentifier id = secretManager.decodeTokenIdentifier(token);
secretManager.verifyToken(id, token.getPassword());
return id.getUser();
}
示例13
public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier>
getDelegationToken() {
return delegationToken;
}
示例14
public void setDelegationToken(
org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> delegationToken) {
this.delegationToken = delegationToken;
}
示例15
/**
* Returns an authenticated {@link HttpURLConnection}. If the Delegation
* Token is present, it will be used taking precedence over the configured
* <code>Authenticator</code>. If the <code>doAs</code> parameter is not NULL,
* the request will be done on behalf of the specified <code>doAs</code> user.
*
* @param url the URL to connect to. Only HTTP/S URLs are supported.
* @param token the authentication token being used for the user.
* @param doAs user to do the the request on behalf of, if NULL the request is
* as self.
* @return an authenticated {@link HttpURLConnection}.
* @throws IOException if an IO error occurred.
* @throws AuthenticationException if an authentication exception occurred.
*/
@SuppressWarnings("unchecked")
public HttpURLConnection openConnection(URL url, Token token, String doAs)
throws IOException, AuthenticationException {
Preconditions.checkNotNull(url, "url");
Preconditions.checkNotNull(token, "token");
Map<String, String> extraParams = new HashMap<String, String>();
org.apache.hadoop.security.token.Token<? extends TokenIdentifier> dToken
= null;
// if we have valid auth token, it takes precedence over a delegation token
// and we don't even look for one.
if (!token.isSet()) {
// delegation token
Credentials creds = UserGroupInformation.getCurrentUser().
getCredentials();
if (!creds.getAllTokens().isEmpty()) {
InetSocketAddress serviceAddr = new InetSocketAddress(url.getHost(),
url.getPort());
Text service = SecurityUtil.buildTokenService(serviceAddr);
dToken = creds.getToken(service);
if (dToken != null) {
if (useQueryStringForDelegationToken()) {
// delegation token will go in the query string, injecting it
extraParams.put(
KerberosDelegationTokenAuthenticator.DELEGATION_PARAM,
dToken.encodeToUrlString());
} else {
// delegation token will go as request header, setting it in the
// auth-token to ensure no authentication handshake is triggered
// (if we have a delegation token, we are authenticated)
// the delegation token header is injected in the connection request
// at the end of this method.
token.delegationToken = (org.apache.hadoop.security.token.Token
<AbstractDelegationTokenIdentifier>) dToken;
}
}
}
}
// proxyuser
if (doAs != null) {
extraParams.put(DO_AS, URLEncoder.encode(doAs, "UTF-8"));
}
url = augmentURL(url, extraParams);
HttpURLConnection conn = super.openConnection(url, token);
if (!token.isSet() && !useQueryStringForDelegationToken() && dToken != null) {
// injecting the delegation token header in the connection request
conn.setRequestProperty(
DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER,
dToken.encodeToUrlString());
}
return conn;
}
示例16
@SuppressWarnings("unchecked")
public long renewToken(
Token<? extends AbstractDelegationTokenIdentifier> token, String renewer)
throws IOException {
return secretManager.renewToken(token, renewer);
}
示例17
/**
* testing -fileCache option
* @throws IOException
*/
public void testTokenCacheOption() throws IOException {
FileSystem localFs = FileSystem.getLocal(conf);
File tmpFile = new File(testDir, "tokenCacheFile");
if(tmpFile.exists()) {
tmpFile.delete();
}
String[] args = new String[2];
// pass a files option
args[0] = "-tokenCacheFile";
args[1] = tmpFile.toURI().toString();
// test non existing file
Throwable th = null;
try {
new GenericOptionsParser(conf, args);
} catch (Exception e) {
th = e;
}
assertNotNull(th);
assertTrue("FileNotFoundException is not thrown",
th instanceof FileNotFoundException);
// create file
Path tmpPath = localFs.makeQualified(new Path(tmpFile.toString()));
Token<?> token = new Token<AbstractDelegationTokenIdentifier>(
"identifier".getBytes(), "password".getBytes(),
new Text("token-kind"), new Text("token-service"));
Credentials creds = new Credentials();
creds.addToken(new Text("token-alias"), token);
creds.writeTokenStorageFile(tmpPath, conf);
new GenericOptionsParser(conf, args);
String fileName = conf.get("mapreduce.job.credentials.binary");
assertNotNull("files is null", fileName);
assertEquals("files option does not match", tmpPath.toString(), fileName);
Credentials ugiCreds =
UserGroupInformation.getCurrentUser().getCredentials();
assertEquals(1, ugiCreds.numberOfTokens());
Token<?> ugiToken = ugiCreds.getToken(new Text("token-alias"));
assertNotNull(ugiToken);
assertEquals(token, ugiToken);
localFs.delete(new Path(testDir.getAbsolutePath()), true);
}
示例18
public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier>
getDelegationToken() {
return delegationToken;
}
示例19
public void setDelegationToken(
org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> delegationToken) {
this.delegationToken = delegationToken;
}
示例20
/**
* Returns an authenticated {@link HttpURLConnection}. If the Delegation
* Token is present, it will be used taking precedence over the configured
* <code>Authenticator</code>. If the <code>doAs</code> parameter is not NULL,
* the request will be done on behalf of the specified <code>doAs</code> user.
*
* @param url the URL to connect to. Only HTTP/S URLs are supported.
* @param token the authentication token being used for the user.
* @param doAs user to do the the request on behalf of, if NULL the request is
* as self.
* @return an authenticated {@link HttpURLConnection}.
* @throws IOException if an IO error occurred.
* @throws AuthenticationException if an authentication exception occurred.
*/
@SuppressWarnings("unchecked")
public HttpURLConnection openConnection(URL url, Token token, String doAs)
throws IOException, AuthenticationException {
Preconditions.checkNotNull(url, "url");
Preconditions.checkNotNull(token, "token");
Map<String, String> extraParams = new HashMap<String, String>();
org.apache.hadoop.security.token.Token<? extends TokenIdentifier> dToken
= null;
// if we have valid auth token, it takes precedence over a delegation token
// and we don't even look for one.
if (!token.isSet()) {
// delegation token
Credentials creds = UserGroupInformation.getCurrentUser().
getCredentials();
if (!creds.getAllTokens().isEmpty()) {
InetSocketAddress serviceAddr = new InetSocketAddress(url.getHost(),
url.getPort());
Text service = SecurityUtil.buildTokenService(serviceAddr);
dToken = creds.getToken(service);
if (dToken != null) {
if (useQueryStringForDelegationToken()) {
// delegation token will go in the query string, injecting it
extraParams.put(
KerberosDelegationTokenAuthenticator.DELEGATION_PARAM,
dToken.encodeToUrlString());
} else {
// delegation token will go as request header, setting it in the
// auth-token to ensure no authentication handshake is triggered
// (if we have a delegation token, we are authenticated)
// the delegation token header is injected in the connection request
// at the end of this method.
token.delegationToken = (org.apache.hadoop.security.token.Token
<AbstractDelegationTokenIdentifier>) dToken;
}
}
}
}
// proxyuser
if (doAs != null) {
extraParams.put(DO_AS, URLEncoder.encode(doAs, "UTF-8"));
}
url = augmentURL(url, extraParams);
HttpURLConnection conn = super.openConnection(url, token);
if (!token.isSet() && !useQueryStringForDelegationToken() && dToken != null) {
// injecting the delegation token header in the connection request
conn.setRequestProperty(
DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER,
dToken.encodeToUrlString());
}
return conn;
}
示例21
@SuppressWarnings("unchecked")
public long renewToken(
Token<? extends AbstractDelegationTokenIdentifier> token, String renewer)
throws IOException {
return secretManager.renewToken(token, renewer);
}
示例22
/**
* testing -fileCache option
* @throws IOException
*/
public void testTokenCacheOption() throws IOException {
FileSystem localFs = FileSystem.getLocal(conf);
File tmpFile = new File(testDir, "tokenCacheFile");
if(tmpFile.exists()) {
tmpFile.delete();
}
String[] args = new String[2];
// pass a files option
args[0] = "-tokenCacheFile";
args[1] = tmpFile.toURI().toString();
// test non existing file
Throwable th = null;
try {
new GenericOptionsParser(conf, args);
} catch (Exception e) {
th = e;
}
assertNotNull(th);
assertTrue("FileNotFoundException is not thrown",
th instanceof FileNotFoundException);
// create file
Path tmpPath = localFs.makeQualified(new Path(tmpFile.toString()));
Token<?> token = new Token<AbstractDelegationTokenIdentifier>(
"identifier".getBytes(), "password".getBytes(),
new Text("token-kind"), new Text("token-service"));
Credentials creds = new Credentials();
creds.addToken(new Text("token-alias"), token);
creds.writeTokenStorageFile(tmpPath, conf);
new GenericOptionsParser(conf, args);
String fileName = conf.get("mapreduce.job.credentials.binary");
assertNotNull("files is null", fileName);
assertEquals("files option does not match", tmpPath.toString(), fileName);
Credentials ugiCreds =
UserGroupInformation.getCurrentUser().getCredentials();
assertEquals(1, ugiCreds.numberOfTokens());
Token<?> ugiToken = ugiCreds.getToken(new Text("token-alias"));
assertNotNull(ugiToken);
assertEquals(token, ugiToken);
localFs.delete(new Path(testDir.getAbsolutePath()), true);
}
示例23
/**
* Renew an existing delegation token.
*
* @param token delegation token obtained earlier
* @return the new expiration time
* @throws InvalidToken
* @throws IOException
* @deprecated Use Token.renew instead.
*/
@SuppressWarnings("unchecked")
public long renewDelegationToken(
Token<? extends AbstractDelegationTokenIdentifier> token)
throws InvalidToken, IOException {
return dfs.renewDelegationToken((Token<DelegationTokenIdentifier>) token);
}
示例24
/**
* Cancel an existing delegation token.
*
* @param token delegation token
* @throws InvalidToken
* @throws IOException
* @deprecated Use Token.cancel instead.
*/
@SuppressWarnings("unchecked")
public void cancelDelegationToken(
Token<? extends AbstractDelegationTokenIdentifier> token)
throws InvalidToken, IOException {
dfs.cancelDelegationToken((Token<DelegationTokenIdentifier>) token);
}
示例25
/**
* Renews a delegation token from the server end-point using the
* configured <code>Authenticator</code> for authentication.
*
* @param url the URL to renew the delegation token from. Only HTTP/S URLs are
* supported.
* @param token the authentication token with the Delegation Token to renew.
* @throws IOException if an IO error occurred.
* @throws AuthenticationException if an authentication exception occurred.
*/
public long renewDelegationToken(URL url,
AuthenticatedURL.Token token,
Token<AbstractDelegationTokenIdentifier> dToken)
throws IOException, AuthenticationException {
return renewDelegationToken(url, token, dToken, null);
}
示例26
/**
* Renews a delegation token from the server end-point using the
* configured <code>Authenticator</code> for authentication.
*
* @param url the URL to renew the delegation token from. Only HTTP/S URLs are
* supported.
* @param token the authentication token with the Delegation Token to renew.
* @param doAsUser the user to do as, which will be the token owner.
* @throws IOException if an IO error occurred.
* @throws AuthenticationException if an authentication exception occurred.
*/
public long renewDelegationToken(URL url,
AuthenticatedURL.Token token,
Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser)
throws IOException, AuthenticationException {
Map json = doDelegationTokenOperation(url, token,
DelegationTokenOperation.RENEWDELEGATIONTOKEN, null, dToken, true,
doAsUser);
return (Long) json.get(RENEW_DELEGATION_TOKEN_JSON);
}
示例27
/**
* Cancels a delegation token from the server end-point. It does not require
* being authenticated by the configured <code>Authenticator</code>.
*
* @param url the URL to cancel the delegation token from. Only HTTP/S URLs
* are supported.
* @param token the authentication token with the Delegation Token to cancel.
* @throws IOException if an IO error occurred.
*/
public void cancelDelegationToken(URL url,
AuthenticatedURL.Token token,
Token<AbstractDelegationTokenIdentifier> dToken)
throws IOException {
cancelDelegationToken(url, token, dToken, null);
}
示例28
/**
* Renew an existing delegation token.
*
* @param token delegation token obtained earlier
* @return the new expiration time
* @throws InvalidToken
* @throws IOException
* @deprecated Use Token.renew instead.
*/
@SuppressWarnings("unchecked")
public long renewDelegationToken(
Token<? extends AbstractDelegationTokenIdentifier> token)
throws InvalidToken, IOException {
return dfs.renewDelegationToken((Token<DelegationTokenIdentifier>) token);
}
示例29
/**
* Cancel an existing delegation token.
*
* @param token delegation token
* @throws InvalidToken
* @throws IOException
* @deprecated Use Token.cancel instead.
*/
@SuppressWarnings("unchecked")
public void cancelDelegationToken(
Token<? extends AbstractDelegationTokenIdentifier> token)
throws InvalidToken, IOException {
dfs.cancelDelegationToken((Token<DelegationTokenIdentifier>) token);
}
示例30
/**
* Renews a delegation token from the server end-point using the
* configured <code>Authenticator</code> for authentication.
*
* @param url the URL to renew the delegation token from. Only HTTP/S URLs are
* supported.
* @param token the authentication token with the Delegation Token to renew.
* @throws IOException if an IO error occurred.
* @throws AuthenticationException if an authentication exception occurred.
*/
public long renewDelegationToken(URL url,
AuthenticatedURL.Token token,
Token<AbstractDelegationTokenIdentifier> dToken)
throws IOException, AuthenticationException {
return renewDelegationToken(url, token, dToken, null);
}
