Java Code Examples for org.apache.hadoop.security.UserGroupInformation.addTokenIdentifier()

The following are Jave code examples for showing how to use addTokenIdentifier() of the org.apache.hadoop.security.UserGroupInformation class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
+ Save this method
Example 1
Project: hadoop-oss   File: Server.java   View Source Code Vote up 6 votes
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 2
Project: hadoop   File: TestContainerManagerRecovery.java   View Source Code Vote up 6 votes
private StartContainersResponse startContainer(Context context,
    final ContainerManagerImpl cm, ContainerId cid,
    ContainerLaunchContext clc, LogAggregationContext logAggregationContext)
        throws Exception {
  UserGroupInformation user = UserGroupInformation.createRemoteUser(
      cid.getApplicationAttemptId().toString());
  StartContainerRequest scReq = StartContainerRequest.newInstance(
      clc, TestContainerManager.createContainerToken(cid, 0,
          context.getNodeId(), user.getShortUserName(),
          context.getContainerTokenSecretManager(), logAggregationContext));
  final List<StartContainerRequest> scReqList =
      new ArrayList<StartContainerRequest>();
  scReqList.add(scReq);
  NMTokenIdentifier nmToken = new NMTokenIdentifier(
      cid.getApplicationAttemptId(), context.getNodeId(),
      user.getShortUserName(),
      context.getNMTokenSecretManager().getCurrentKey().getKeyId());
  user.addTokenIdentifier(nmToken);
  return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {
    @Override
    public StartContainersResponse run() throws Exception {
      return cm.startContainers(
          StartContainersRequest.newInstance(scReqList));
    }
  });
}
 
Example 3
Project: hadoop   File: Server.java   View Source Code Vote up 6 votes
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 4
Project: ditb   File: RpcServer.java   View Source Code Vote up 6 votes
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws IOException {
  UserGroupInformation authorizedUgi;
  if (authMethod == AuthMethod.DIGEST) {
    TokenIdentifier tokenId = HBaseSaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    authorizedUgi = tokenId.getUser();
    if (authorizedUgi == null) {
      throw new AccessDeniedException(
          "Can't retrieve username from tokenIdentifier.");
    }
    authorizedUgi.addTokenIdentifier(tokenId);
  } else {
    authorizedUgi = UserGroupInformation.createRemoteUser(authorizedId);
  }
  authorizedUgi.setAuthenticationMethod(authMethod.authenticationMethod.getAuthMethod());
  return authorizedUgi;
}
 
Example 5
Project: hadoop   File: TestContainerManager.java   View Source Code Vote up 5 votes
@Override
protected ContainerManagerImpl
    createContainerManager(DeletionService delSrvc) {
  return new ContainerManagerImpl(context, exec, delSrvc, nodeStatusUpdater,
    metrics, new ApplicationACLsManager(conf), dirsHandler) {
    @Override
    public void
        setBlockNewContainerRequests(boolean blockNewContainerRequests) {
      // do nothing
    }

    @Override
    protected UserGroupInformation getRemoteUgi() throws YarnException {
      ApplicationId appId = ApplicationId.newInstance(0, 0);
      ApplicationAttemptId appAttemptId =
          ApplicationAttemptId.newInstance(appId, 1);
      UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
      ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, context
        .getNodeId(), user, context.getNMTokenSecretManager().getCurrentKey()
        .getKeyId()));
      return ugi;
    }

    @Override
    protected void authorizeGetAndStopContainerRequest(ContainerId containerId,
        Container container, boolean stopRequest, NMTokenIdentifier identifier) throws YarnException {
      if(container == null || container.getUser().equals("Fail")){
        throw new YarnException("Reject this container");
      }
    }
  };
}
 
Example 6
Project: hadoop   File: DummyContainerManager.java   View Source Code Vote up 5 votes
@Override
protected UserGroupInformation getRemoteUgi() throws YarnException {
  ApplicationId appId = ApplicationId.newInstance(0, 0);
  ApplicationAttemptId appAttemptId =
      ApplicationAttemptId.newInstance(appId, 1);
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  ugi.addTokenIdentifier(new NMTokenIdentifier(appAttemptId, getContext()
    .getNodeId(), "testuser", getContext().getNMTokenSecretManager().getCurrentKey()
    .getKeyId()));
  return ugi;
}
 
Example 7
Project: hadoop   File: TestAMRMRPCResponseId.java   View Source Code Vote up 5 votes
private AllocateResponse allocate(ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  org.apache.hadoop.security.token.Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 8
Project: hadoop   File: TestAMRMRPCNodeUpdates.java   View Source Code Vote up 5 votes
private AllocateResponse allocate(final ApplicationAttemptId attemptId,
    final AllocateRequest req) throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  return ugi.doAs(new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return amService.allocate(req);
    }
  });
}
 
Example 9
Project: hadoop   File: MockAM.java   View Source Code Vote up 5 votes
public AllocateResponse allocate(AllocateRequest allocateRequest)
          throws Exception {
  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(attemptId.toString());
  Token<AMRMTokenIdentifier> token =
      context.getRMApps().get(attemptId.getApplicationId())
          .getRMAppAttempt(attemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  lastResponse = doAllocateAs(ugi, allocateRequest);
  return lastResponse;
}
 
Example 10
Project: hadoop   File: TestRMContainerAllocator.java   View Source Code Vote up 5 votes
@Override
protected void register() {
  ApplicationAttemptId attemptId = getContext().getApplicationAttemptId();
  Token<AMRMTokenIdentifier> token =
      rm.getRMContext().getRMApps().get(attemptId.getApplicationId())
        .getRMAppAttempt(attemptId).getAMRMToken();
  try {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    ugi.addTokenIdentifier(token.decodeIdentifier());
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  super.register();
}
 
Example 11
Project: hadoop   File: AMSimulator.java   View Source Code Vote up 5 votes
private void registerAM()
        throws YarnException, IOException, InterruptedException {
  // register application master
  final RegisterApplicationMasterRequest amRegisterRequest =
          Records.newRecord(RegisterApplicationMasterRequest.class);
  amRegisterRequest.setHost("localhost");
  amRegisterRequest.setRpcPort(1000);
  amRegisterRequest.setTrackingUrl("localhost:1000");

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());

  ugi.doAs(
          new PrivilegedExceptionAction<RegisterApplicationMasterResponse>() {
    @Override
    public RegisterApplicationMasterResponse run() throws Exception {
      return rm.getApplicationMasterService()
              .registerApplicationMaster(amRegisterRequest);
    }
  });

  LOG.info(MessageFormat.format(
          "Register the application master for application {0}", appId));
}
 
Example 12
Project: hadoop   File: MRAMSimulator.java   View Source Code Vote up 5 votes
/**
 * send out request for AM container
 */
protected void requestAMContainer()
        throws YarnException, IOException, InterruptedException {
  List<ResourceRequest> ask = new ArrayList<ResourceRequest>();
  ResourceRequest amRequest = createResourceRequest(
          BuilderUtils.newResource(MR_AM_CONTAINER_RESOURCE_MEMORY_MB,
                  MR_AM_CONTAINER_RESOURCE_VCORES),
          ResourceRequest.ANY, 1, 1);
  ask.add(amRequest);
  LOG.debug(MessageFormat.format("Application {0} sends out allocate " +
          "request for its AM", appId));
  final AllocateRequest request = this.createAllocateRequest(ask);

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}
 
Example 13
Project: hadoop   File: AMSimulator.java   View Source Code Vote up 4 votes
@Override
public void lastStep() throws Exception {
  LOG.info(MessageFormat.format("Application {0} is shutting down.", appId));
  // unregister tracking
  if (isTracked) {
    untrackApp();
  }
  // unregister application master
  final FinishApplicationMasterRequest finishAMRequest = recordFactory
                .newRecordInstance(FinishApplicationMasterRequest.class);
  finishAMRequest.setFinalApplicationStatus(FinalApplicationStatus.SUCCEEDED);

  UserGroupInformation ugi =
      UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps().get(appId)
      .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  ugi.doAs(new PrivilegedExceptionAction<Object>() {
    @Override
    public Object run() throws Exception {
      rm.getApplicationMasterService()
          .finishApplicationMaster(finishAMRequest);
      return null;
    }
  });

  simulateFinishTimeMS = System.currentTimeMillis() -
      SLSRunner.getRunner().getStartTimeMS();
  // record job running information
  ((ResourceSchedulerWrapper)rm.getResourceScheduler())
       .addAMRuntime(appId, 
                    traceStartTimeMS, traceFinishTimeMS, 
                    simulateStartTimeMS, simulateFinishTimeMS);
}
 
Example 14
Project: hadoop   File: MRAMSimulator.java   View Source Code Vote up 4 votes
@Override
protected void sendContainerRequest()
        throws YarnException, IOException, InterruptedException {
  if (isFinished) {
    return;
  }

  // send out request
  List<ResourceRequest> ask = null;
  if (isAMContainerRunning) {
    if (mapFinished != mapTotal) {
      // map phase
      if (! pendingMaps.isEmpty()) {
        ask = packageRequests(pendingMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} mappers.", appId, pendingMaps.size()));
        scheduledMaps.addAll(pendingMaps);
        pendingMaps.clear();
      } else if (! pendingFailedMaps.isEmpty() && scheduledMaps.isEmpty()) {
        ask = packageRequests(pendingFailedMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} failed mappers.", appId,
                pendingFailedMaps.size()));
        scheduledMaps.addAll(pendingFailedMaps);
        pendingFailedMaps.clear();
      }
    } else if (reduceFinished != reduceTotal) {
      // reduce phase
      if (! pendingReduces.isEmpty()) {
        ask = packageRequests(pendingReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} reducers.", appId, pendingReduces.size()));
        scheduledReduces.addAll(pendingReduces);
        pendingReduces.clear();
      } else if (! pendingFailedReduces.isEmpty()
              && scheduledReduces.isEmpty()) {
        ask = packageRequests(pendingFailedReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} failed reducers.", appId,
                pendingFailedReduces.size()));
        scheduledReduces.addAll(pendingFailedReduces);
        pendingFailedReduces.clear();
      }
    }
  }
  if (ask == null) {
    ask = new ArrayList<ResourceRequest>();
  }
  
  final AllocateRequest request = createAllocateRequest(ask);
  if (totalContainers == 0) {
    request.setProgress(1.0f);
  } else {
    request.setProgress((float) finishedContainers / totalContainers);
  }

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}