You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-commits@hadoop.apache.org by ji...@apache.org on 2013/08/17 00:39:27 UTC
svn commit: r1514915 -
/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java
Author: jing9
Date: Fri Aug 16 22:39:26 2013
New Revision: 1514915
URL: http://svn.apache.org/r1514915
Log:
HADOOP-9880. Merge change r1514913 from trunk.
Modified:
hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java
Modified: hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java?rev=1514915&r1=1514914&r2=1514915&view=diff
==============================================================================
--- hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java (original)
+++ hadoop/common/branches/branch-2/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.java Fri Aug 16 22:39:26 2013
@@ -81,6 +81,28 @@ public class DelegationTokenSecretManage
return new DelegationTokenIdentifier();
}
+ @Override
+ public synchronized byte[] retrievePassword(
+ DelegationTokenIdentifier identifier) throws InvalidToken {
+ try {
+ // this check introduces inconsistency in the authentication to a
+ // HA standby NN. non-token auths are allowed into the namespace which
+ // decides whether to throw a StandbyException. tokens are a bit
+ // different in that a standby may be behind and thus not yet know
+ // of all tokens issued by the active NN. the following check does
+ // not allow ANY token auth, however it should allow known tokens in
+ checkAvailableForRead();
+ } catch (StandbyException se) {
+ // FIXME: this is a hack to get around changing method signatures by
+ // tunneling a non-InvalidToken exception as the cause which the
+ // RPC server will unwrap before returning to the client
+ InvalidToken wrappedStandby = new InvalidToken("StandbyException");
+ wrappedStandby.initCause(se);
+ throw wrappedStandby;
+ }
+ return super.retrievePassword(identifier);
+ }
+
@Override //SecretManager
public void checkAvailableForRead() throws StandbyException {
namesystem.checkOperation(OperationCategory.READ);