You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by vi...@apache.org on 2017/11/29 21:58:20 UTC
hive git commit: HIVE-16708 : Exception while renewing a Delegation
Token (Vihang Karajgaonkar, reviewed by Aihua Xu)
Repository: hive
Updated Branches:
refs/heads/master b6760b017 -> 73ea9f595
HIVE-16708 : Exception while renewing a Delegation Token (Vihang Karajgaonkar, reviewed by Aihua Xu)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/73ea9f59
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/73ea9f59
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/73ea9f59
Branch: refs/heads/master
Commit: 73ea9f59596dc9e329dce2b07a031916d00a6c77
Parents: b6760b0
Author: Vihang Karajgaonkar <vi...@cloudera.com>
Authored: Wed Nov 22 20:13:50 2017 -0800
Committer: Vihang Karajgaonkar <vi...@cloudera.com>
Committed: Wed Nov 29 13:48:16 2017 -0800
----------------------------------------------------------------------
.../apache/hive/minikdc/TestJdbcWithMiniKdc.java | 16 ++++++++++++++++
.../security/DelegationTokenSecretManager.java | 8 +++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/73ea9f59/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
----------------------------------------------------------------------
diff --git a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
index 1ab698f..eb8f1c9 100644
--- a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
+++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
@@ -175,6 +175,22 @@ public class TestJdbcWithMiniKdc {
}
@Test
+ public void testRenewDelegationToken() throws Exception {
+ UserGroupInformation currentUGI = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
+ hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
+ String currentUser = currentUGI.getUserName();
+ // retrieve token and store in the cache
+ String token = ((HiveConnection) hs2Conn)
+ .getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1,
+ miniHiveKdc.getFullyQualifiedServicePrincipal(MiniHiveKdc.HIVE_TEST_SUPER_USER));
+ assertTrue(token != null && !token.isEmpty());
+
+ ((HiveConnection) hs2Conn).renewDelegationToken(token);
+
+ hs2Conn.close();
+ }
+
+ @Test
public void testCancelRenewTokenFlow() throws Exception {
miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER);
hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL());
http://git-wip-us.apache.org/repos/asf/hive/blob/73ea9f59/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
----------------------------------------------------------------------
diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
index a719f06..af88107 100644
--- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
+++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java
@@ -93,7 +93,13 @@ public class DelegationTokenSecretManager
public synchronized long renewDelegationToken(String tokenStrForm) throws IOException {
Token<DelegationTokenIdentifier> t= new Token<>();
t.decodeFromUrlString(tokenStrForm);
- String user = UserGroupInformation.getCurrentUser().getUserName();
+ //when a token is created the renewer of the token is stored
+ //as shortName in AbstractDelegationTokenIdentifier.setRenewer()
+ //this seems like an inconsistency because while cancelling the token
+ //it uses the shortname to compare the renewer while it does not use
+ //shortname during token renewal. Use getShortUserName() until its fixed
+ //in HADOOP-15068
+ String user = UserGroupInformation.getCurrentUser().getShortUserName();
return renewToken(t, user);
}