You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2018/02/08 18:16:10 UTC
hadoop git commit: HADOOP-14920. KMSClientProvider won't work with
KMS delegation token retrieved from non-Java client. Contributed by Xiaoyu
Yao.
Repository: hadoop
Updated Branches:
refs/heads/branch-2.8 8f10d0209 -> 5f6806d90
HADOOP-14920. KMSClientProvider won't work with KMS delegation token retrieved from non-Java client. Contributed by Xiaoyu Yao.
(cherry picked from commit 2b08a1fc644904a37545107666efc25b3552542d)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5f6806d9
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5f6806d9
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5f6806d9
Branch: refs/heads/branch-2.8
Commit: 5f6806d906659900e0a9cdaa307aa50e96220538
Parents: 8f10d02
Author: Xiaoyu Yao <xy...@apache.org>
Authored: Fri Oct 6 10:12:24 2017 -0700
Committer: Xiaoyu Yao <xy...@apache.org>
Committed: Thu Feb 8 09:23:56 2018 -0800
----------------------------------------------------------------------
.../DelegationTokenAuthenticationHandler.java | 5 +-
.../web/DelegationTokenAuthenticator.java | 1 +
.../delegation/web/DelegationTokenManager.java | 15 +++-
...tionTokenAuthenticationHandlerWithMocks.java | 72 ++++++++++++++------
4 files changed, 70 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5f6806d9/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java
index c23a94f..caf3172 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java
@@ -236,8 +236,11 @@ public abstract class DelegationTokenAuthenticationHandler
}
String renewer = ServletUtils.getParameter(request,
KerberosDelegationTokenAuthenticator.RENEWER_PARAM);
+ String service = ServletUtils.getParameter(request,
+ KerberosDelegationTokenAuthenticator.SERVICE_PARAM);
try {
- Token<?> dToken = tokenManager.createToken(requestUgi, renewer);
+ Token<?> dToken = tokenManager.createToken(requestUgi, renewer,
+ service);
map = delegationTokenToJSON(dToken);
} catch (IOException ex) {
throw new AuthenticationException(ex.toString(), ex);
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5f6806d9/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java
index 2d60d4a..509c6ef 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java
@@ -66,6 +66,7 @@ public abstract class DelegationTokenAuthenticator implements Authenticator {
public static final String DELEGATION_PARAM = "delegation";
public static final String TOKEN_PARAM = "token";
public static final String RENEWER_PARAM = "renewer";
+ public static final String SERVICE_PARAM = "service";
public static final String DELEGATION_TOKEN_JSON = "Token";
public static final String DELEGATION_TOKEN_URL_STRING_JSON = "urlString";
public static final String RENEW_DELEGATION_TOKEN_JSON = "long";
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5f6806d9/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java
index b1a8d48..fd19b67 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java
@@ -160,7 +160,14 @@ public class DelegationTokenManager {
@SuppressWarnings("unchecked")
public Token<? extends AbstractDelegationTokenIdentifier> createToken(
UserGroupInformation ugi, String renewer) {
- LOG.debug("Creating token with ugi:{}, renewer:{}.", ugi, renewer);
+ return createToken(ugi, renewer, null);
+ }
+
+ @SuppressWarnings("unchecked")
+ public Token<? extends AbstractDelegationTokenIdentifier> createToken(
+ UserGroupInformation ugi, String renewer, String service) {
+ LOG.debug("Creating token with ugi:{}, renewer:{}, service:{}.",
+ ugi, renewer, service !=null ? service : "");
renewer = (renewer == null) ? ugi.getShortUserName() : renewer;
String user = ugi.getUserName();
Text owner = new Text(user);
@@ -173,7 +180,11 @@ public class DelegationTokenManager {
tokenIdentifier.setOwner(owner);
tokenIdentifier.setRenewer(new Text(renewer));
tokenIdentifier.setRealUser(realUser);
- return new Token(tokenIdentifier, secretManager);
+ Token token = new Token(tokenIdentifier, secretManager);
+ if (service != null) {
+ token.setService(new Text(service));
+ }
+ return token;
}
@SuppressWarnings("unchecked")
http://git-wip-us.apache.org/repos/asf/hadoop/blob/5f6806d9/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java
index d9c4f02..678e1ee 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java
@@ -107,12 +107,21 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
@Test
public void testManagementOperations() throws Exception {
- testNonManagementOperation();
- testManagementOperationErrors();
- testGetToken(null, new Text("foo"));
- testGetToken("bar", new Text("foo"));
- testCancelToken();
- testRenewToken();
+ final Text testTokenKind = new Text("foo");
+ final String testRenewer = "bar";
+ final String testService = "192.168.64.101:8888";
+ testNonManagementOperation();
+ testManagementOperationErrors();
+ testGetToken(null, null, testTokenKind);
+ testGetToken(testRenewer, null, testTokenKind);
+ testCancelToken();
+ testRenewToken(testRenewer);
+
+ // Management operations against token requested with service parameter
+ Token<DelegationTokenIdentifier> testToken =
+ testGetToken(testRenewer, testService, testTokenKind);
+ testRenewToken(testToken, testRenewer);
+ testCancelToken(testToken);
}
private void testNonManagementOperation() throws Exception {
@@ -152,8 +161,8 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
Mockito.eq("mock"));
}
- private void testGetToken(String renewer, Text expectedTokenKind)
- throws Exception {
+ private Token<DelegationTokenIdentifier> testGetToken(String renewer,
+ String service, Text expectedTokenKind) throws Exception {
DelegationTokenAuthenticator.DelegationTokenOperation op =
DelegationTokenAuthenticator.DelegationTokenOperation.
GETDELEGATIONTOKEN;
@@ -169,10 +178,14 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
new StringWriter()));
Assert.assertFalse(handler.managementOperation(token, request, response));
- Mockito.when(request.getQueryString()).
- thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() +
- "&" + DelegationTokenAuthenticator.RENEWER_PARAM + "=" + renewer);
-
+ String queryString =
+ DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() + "&" +
+ DelegationTokenAuthenticator.RENEWER_PARAM + "=" + renewer;
+ if (service != null) {
+ queryString += "&" + DelegationTokenAuthenticator.SERVICE_PARAM + "="
+ + service;
+ }
+ Mockito.when(request.getQueryString()).thenReturn(queryString);
Mockito.reset(response);
Mockito.reset(token);
Mockito.when(token.getUserName()).thenReturn("user");
@@ -204,10 +217,25 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
dt.decodeFromUrlString(tokenStr);
handler.getTokenManager().verifyToken(dt);
Assert.assertEquals(expectedTokenKind, dt.getKind());
+ if (service != null) {
+ Assert.assertEquals(service, dt.getService().toString());
+ } else {
+ Assert.assertEquals(0, dt.getService().getLength());
+ }
+ return dt;
}
@SuppressWarnings("unchecked")
private void testCancelToken() throws Exception {
+ Token<DelegationTokenIdentifier> token =
+ (Token<DelegationTokenIdentifier>) handler.getTokenManager()
+ .createToken(UserGroupInformation.getCurrentUser(), "foo");
+ testCancelToken(token);
+ }
+
+ @SuppressWarnings("unchecked")
+ private void testCancelToken(Token<DelegationTokenIdentifier> token)
+ throws Exception {
DelegationTokenAuthenticator.DelegationTokenOperation op =
DelegationTokenAuthenticator.DelegationTokenOperation.
CANCELDELEGATIONTOKEN;
@@ -224,9 +252,6 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
Mockito.contains("requires the parameter [token]"));
Mockito.reset(response);
- Token<DelegationTokenIdentifier> token =
- (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
- UserGroupInformation.getCurrentUser(), "foo");
Mockito.when(request.getQueryString()).thenReturn(
DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() + "&" +
DelegationTokenAuthenticator.TOKEN_PARAM + "=" +
@@ -245,7 +270,16 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
}
@SuppressWarnings("unchecked")
- private void testRenewToken() throws Exception {
+ private void testRenewToken(String testRenewer) throws Exception {
+ Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>)
+ handler.getTokenManager().createToken(
+ UserGroupInformation.getCurrentUser(), testRenewer);
+ testRenewToken(dToken, testRenewer);
+ }
+
+ @SuppressWarnings("unchecked")
+ private void testRenewToken(Token<DelegationTokenIdentifier> dToken,
+ String testRenewer) throws Exception {
DelegationTokenAuthenticator.DelegationTokenOperation op =
DelegationTokenAuthenticator.DelegationTokenOperation.
RENEWDELEGATIONTOKEN;
@@ -266,7 +300,7 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
Mockito.reset(response);
AuthenticationToken token = Mockito.mock(AuthenticationToken.class);
- Mockito.when(token.getUserName()).thenReturn("user");
+ Mockito.when(token.getUserName()).thenReturn(testRenewer);
Assert.assertFalse(handler.managementOperation(token, request, response));
Mockito.verify(response).sendError(
Mockito.eq(HttpServletResponse.SC_BAD_REQUEST),
@@ -276,9 +310,7 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
StringWriter writer = new StringWriter();
PrintWriter pwriter = new PrintWriter(writer);
Mockito.when(response.getWriter()).thenReturn(pwriter);
- Token<DelegationTokenIdentifier> dToken =
- (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
- UserGroupInformation.getCurrentUser(), "user");
+
Mockito.when(request.getQueryString()).
thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() +
"&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" +
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org