You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ma...@apache.org on 2011/12/15 09:49:46 UTC
svn commit: r1214658 - in /hadoop/common/branches/branch-1.0: CHANGES.txt
src/mapred/org/apache/hadoop/mapred/JobClient.java
src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java
Author: mattf
Date: Thu Dec 15 08:49:46 2011
New Revision: 1214658
URL: http://svn.apache.org/viewvc?rev=1214658&view=rev
Log:
MAPREDUCE-3475. JT can't renew its own tokens. Contributed by Daryn Sharp.
Modified:
hadoop/common/branches/branch-1.0/CHANGES.txt
hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java
hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java
Modified: hadoop/common/branches/branch-1.0/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.0/CHANGES.txt?rev=1214658&r1=1214657&r2=1214658&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.0/CHANGES.txt (original)
+++ hadoop/common/branches/branch-1.0/CHANGES.txt Thu Dec 15 08:49:46 2011
@@ -61,6 +61,8 @@ Release 1.0.0 - 2011.11.27
BUG FIXES
+ MAPREDUCE-3475. JT can't renew its own tokens. (Daryn Sharp via mattf)
+
HADOOP-7869. HADOOP_HOME warning happens all of the time (Owen O'Malley
via mattf)
Modified: hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java?rev=1214658&r1=1214657&r2=1214658&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java (original)
+++ hadoop/common/branches/branch-1.0/src/mapred/org/apache/hadoop/mapred/JobClient.java Thu Dec 15 08:49:46 2011
@@ -19,6 +19,8 @@ package org.apache.hadoop.mapred;
import java.io.BufferedReader;
import java.io.BufferedWriter;
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
@@ -509,7 +511,13 @@ public class JobClient extends Configure
@Override
public boolean isManaged(Token<?> token) throws IOException {
- return true;
+ ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
+ DelegationTokenIdentifier id = new DelegationTokenIdentifier();
+ id.readFields(new DataInputStream(buf));
+ // AbstractDelegationToken converts given renewer to a short name, but
+ // AbstractDelegationTokenSecretManager does not, so we have to do it
+ String loginUser = UserGroupInformation.getLoginUser().getShortUserName();
+ return loginUser.equals(id.getRenewer().toString());
}
}
Modified: hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java?rev=1214658&r1=1214657&r2=1214658&view=diff
==============================================================================
--- hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java (original)
+++ hadoop/common/branches/branch-1.0/src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java Thu Dec 15 08:49:46 2011
@@ -20,7 +20,9 @@ package org.apache.hadoop.mapreduce.secu
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import java.io.IOException;
import java.net.InetAddress;
@@ -40,6 +42,7 @@ import org.apache.hadoop.hdfs.server.nam
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapreduce.JobID;
import org.apache.hadoop.security.Credentials;
+import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
import org.apache.hadoop.security.token.TokenRenewer;
@@ -102,10 +105,12 @@ public class TestDelegationTokenRenewal
}
private static Configuration conf;
+ private static String trackerService = "localhost:0";
@BeforeClass
public static void setUp() throws Exception {
conf = new Configuration();
+ conf.set("mapred.job.tracker", trackerService);
// create a fake FileSystem (MyFS) and assosiate it
// with "hdfs" schema.
@@ -220,6 +225,30 @@ public class TestDelegationTokenRenewal
return token1;
}
+ @Test
+ public void testLocalMRTokenRenewal() throws IOException {
+ String user = UserGroupInformation.getLoginUser().getUserName();
+
+ DelegationTokenIdentifier ident = new DelegationTokenIdentifier(
+ new Text(user), new Text(user), null);
+ Token<?> t = new Token<DelegationTokenIdentifier>(
+ ident.getBytes(),
+ new byte[]{},
+ org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
+ new Text("service"));
+ assertTrue(t.isManaged());
+
+ ident = new DelegationTokenIdentifier(
+ new Text(user), new Text(user+"-is-not-me"), null);
+ t = new Token<DelegationTokenIdentifier>(
+ ident.getBytes(),
+ new byte[]{},
+ org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
+ new Text("service"));
+
+ assertFalse(t.isManaged());
+
+ }
/**
* Basic idea of the test: