You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by vi...@apache.org on 2017/11/29 21:58:20 UTC

hive git commit: HIVE-16708 : Exception while renewing a Delegation Token (Vihang Karajgaonkar, reviewed by Aihua Xu)

Repository: hive
Updated Branches:
  refs/heads/master b6760b017 -> 73ea9f595


HIVE-16708 : Exception while renewing a Delegation Token (Vihang Karajgaonkar, reviewed by Aihua Xu)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/73ea9f59
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/73ea9f59
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/73ea9f59

Branch: refs/heads/master
Commit: 73ea9f59596dc9e329dce2b07a031916d00a6c77
Parents: b6760b0
Author: Vihang Karajgaonkar <vi...@cloudera.com>
Authored: Wed Nov 22 20:13:50 2017 -0800
Committer: Vihang Karajgaonkar <vi...@cloudera.com>
Committed: Wed Nov 29 13:48:16 2017 -0800

----------------------------------------------------------------------
 .../apache/hive/minikdc/TestJdbcWithMiniKdc.java    | 16 ++++++++++++++++
 .../security/DelegationTokenSecretManager.java      |  8 +++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/73ea9f59/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
----------------------------------------------------------------------
diff --git a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
index 1ab698f..eb8f1c9 100644
--- a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
+++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
@@ -175,6 +175,22 @@ public class TestJdbcWithMiniKdc {
   }
 
   @Test
+  public void testRenewDelegationToken() throws Exception {
+    UserGroupInformation currentUGI = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
+    hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
+    String currentUser = currentUGI.getUserName();
+    // retrieve token and store in the cache
+    String token = ((HiveConnection) hs2Conn)
+        .getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1,
+            miniHiveKdc.getFullyQualifiedServicePrincipal(MiniHiveKdc.HIVE_TEST_SUPER_USER));
+    assertTrue(token != null && !token.isEmpty());
+
+    ((HiveConnection) hs2Conn).renewDelegationToken(token);
+
+    hs2Conn.close();
+  }
+
+  @Test
   public void testCancelRenewTokenFlow() throws Exception {
     miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
     hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());

http://git-wip-us.apache.org/repos/asf/hive/blob/73ea9f59/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
index a719f06..af88107 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
@@ -93,7 +93,13 @@ public class DelegationTokenSecretManager
   public synchronized long renewDelegationToken(String tokenStrForm) throws IOException {
     Token<DelegationTokenIdentifier> t= new Token<>();
     t.decodeFromUrlString(tokenStrForm);
-    String user = UserGroupInformation.getCurrentUser().getUserName();
+    //when a token is created the renewer of the token is stored
+    //as shortName in AbstractDelegationTokenIdentifier.setRenewer()
+    //this seems like an inconsistency because while cancelling the token
+    //it uses the shortname to compare the renewer while it does not use
+    //shortname during token renewal. Use getShortUserName() until its fixed
+    //in HADOOP-15068
+    String user = UserGroupInformation.getCurrentUser().getShortUserName();
     return renewToken(t, user);
   }