You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by su...@apache.org on 2016/10/08 00:20:45 UTC
[02/50] [abbrv] hadoop git commit: HDFS-10683. Make class
Token$PrivateToken private. Contributed by John Zhuge.
HDFS-10683. Make class Token$PrivateToken private. Contributed by John Zhuge.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/c5ca2169
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/c5ca2169
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/c5ca2169
Branch: refs/heads/YARN-2915
Commit: c5ca2169151a5eec57152775789b6f53664e102c
Parents: e68c7b9
Author: Wei-Chiu Chuang <we...@apache.org>
Authored: Wed Oct 5 17:35:43 2016 -0700
Committer: Wei-Chiu Chuang <we...@apache.org>
Committed: Wed Oct 5 17:36:50 2016 -0700
----------------------------------------------------------------------
.../org/apache/hadoop/security/Credentials.java | 8 +--
.../hadoop/security/UserGroupInformation.java | 2 +-
.../org/apache/hadoop/security/token/Token.java | 60 +++++++++++++++++---
.../security/TestUserGroupInformation.java | 6 +-
.../java/org/apache/hadoop/hdfs/HAUtil.java | 5 +-
5 files changed, 61 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c5ca2169/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
index 5a8e81f..8e12ef1 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
@@ -104,12 +104,8 @@ public class Credentials implements Writable {
for (Map.Entry<Text, Token<? extends TokenIdentifier>> e :
tokenMap.entrySet()) {
Token<? extends TokenIdentifier> token = e.getValue();
- if (token instanceof Token.PrivateToken &&
- ((Token.PrivateToken) token).getPublicService().equals(alias)) {
- Token<? extends TokenIdentifier> privateToken =
- new Token.PrivateToken<>(t);
- privateToken.setService(token.getService());
- tokensToAdd.put(e.getKey(), privateToken);
+ if (token.isPrivateCloneOf(alias)) {
+ tokensToAdd.put(e.getKey(), t.privateClone(token.getService()));
}
}
tokenMap.putAll(tokensToAdd);
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c5ca2169/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
index bcdfd53..637e3fa 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -1584,7 +1584,7 @@ public class UserGroupInformation {
Credentials creds = new Credentials(getCredentialsInternal());
Iterator<Token<?>> iter = creds.getAllTokens().iterator();
while (iter.hasNext()) {
- if (iter.next() instanceof Token.PrivateToken) {
+ if (iter.next().isPrivate()) {
iter.remove();
}
}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c5ca2169/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
index 784e797..713fb20 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/Token.java
@@ -223,22 +223,66 @@ public class Token<T extends TokenIdentifier> implements Writable {
}
/**
+ * Whether this is a private token.
+ * @return false always for non-private tokens
+ */
+ public boolean isPrivate() {
+ return false;
+ }
+
+ /**
+ * Whether this is a private clone of a public token.
+ * @param thePublicService the public service name
+ * @return false always for non-private tokens
+ */
+ public boolean isPrivateCloneOf(Text thePublicService) {
+ return false;
+ }
+
+ /**
+ * Create a private clone of a public token.
+ * @param newService the new service name
+ * @return a private token
+ */
+ public Token<T> privateClone(Text newService) {
+ return new PrivateToken<>(this, newService);
+ }
+
+ /**
* Indicates whether the token is a clone. Used by HA failover proxy
* to indicate a token should not be visible to the user via
* UGI.getCredentials()
*/
- @InterfaceAudience.Private
- @InterfaceStability.Unstable
- public static class PrivateToken<T extends TokenIdentifier> extends Token<T> {
+ static class PrivateToken<T extends TokenIdentifier> extends Token<T> {
final private Text publicService;
- public PrivateToken(Token<T> token) {
- super(token);
- publicService = new Text(token.getService());
+ PrivateToken(Token<T> publicToken, Text newService) {
+ super(publicToken.identifier, publicToken.password, publicToken.kind,
+ newService);
+ assert !publicToken.isPrivate();
+ publicService = publicToken.service;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Cloned private token " + this + " from " + publicToken);
+ }
}
- public Text getPublicService() {
- return publicService;
+ /**
+ * Whether this is a private token.
+ * @return true always for private tokens
+ */
+ @Override
+ public boolean isPrivate() {
+ return true;
+ }
+
+ /**
+ * Whether this is a private clone of a public token.
+ * @param thePublicService the public service name
+ * @return true when the public service is the same as specified
+ */
+ @Override
+ public boolean isPrivateCloneOf(Text thePublicService) {
+ return publicService.equals(thePublicService);
}
@Override
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c5ca2169/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
index 09a5807..a52cd46 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUserGroupInformation.java
@@ -890,8 +890,10 @@ public class TestUserGroupInformation {
ugi.addToken(new Text("regular-token"), token);
// Now add cloned private token
- ugi.addToken(new Text("private-token"), new Token.PrivateToken<TestTokenIdentifier>(token));
- ugi.addToken(new Text("private-token1"), new Token.PrivateToken<TestTokenIdentifier>(token));
+ Text service = new Text("private-token");
+ ugi.addToken(service, token.privateClone(service));
+ Text service1 = new Text("private-token1");
+ ugi.addToken(service1, token.privateClone(service1));
// Ensure only non-private tokens are returned
Collection<Token<? extends TokenIdentifier>> tokens = ugi.getCredentials().getAllTokens();
http://git-wip-us.apache.org/repos/asf/hadoop/blob/c5ca2169/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HAUtil.java
----------------------------------------------------------------------
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HAUtil.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HAUtil.java
index 7b65abf..ea535e9 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HAUtil.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/HAUtil.java
@@ -29,6 +29,7 @@ import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_RPC_BIND_HOST_KE
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_SERVICE_RPC_ADDRESS_KEY;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_SERVICE_RPC_BIND_HOST_KEY;
import static org.apache.hadoop.hdfs.DFSConfigKeys.DFS_NAMENODE_SHARED_EDITS_DIR_KEY;
+import static org.apache.hadoop.security.SecurityUtil.buildTokenService;
import java.io.IOException;
import java.net.InetSocketAddress;
@@ -56,7 +57,6 @@ import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.ipc.StandbyException;
-import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
@@ -281,8 +281,7 @@ public class HAUtil {
// exposed to the user via UGI.getCredentials(), otherwise these
// cloned tokens may be inadvertently propagated to jobs
Token<DelegationTokenIdentifier> specificToken =
- new Token.PrivateToken<DelegationTokenIdentifier>(haToken);
- SecurityUtil.setTokenService(specificToken, singleNNAddr);
+ haToken.privateClone(buildTokenService(singleNNAddr));
Text alias = new Text(
HAUtilClient.buildTokenServicePrefixForLogicalUri(
HdfsConstants.HDFS_URI_SCHEME)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org