org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier Java Examples

The following examples show how to use org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TokenUtils.java    From incubator-gobblin with Apache License 2.0 6 votes vote down vote up
private static void getJtToken(Credentials cred) throws IOException {
  try {
    JobConf jobConf = new JobConf();
    JobClient jobClient = new JobClient(jobConf);
    LOG.info("Pre-fetching JT token from JobTracker");

    Token<DelegationTokenIdentifier> mrdt = jobClient.getDelegationToken(getMRTokenRenewerInternal(jobConf));
    if (mrdt == null) {
      LOG.error("Failed to fetch JT token");
      throw new IOException("Failed to fetch JT token.");
    }
    LOG.info("Created JT token: " + mrdt.toString());
    LOG.info("Token kind: " + mrdt.getKind());
    LOG.info("Token id: " + Arrays.toString(mrdt.getIdentifier()));
    LOG.info("Token service: " + mrdt.getService());
    cred.addToken(mrdt.getService(), mrdt);
  } catch (InterruptedException ie) {
    throw new IOException(ie);
  }
}
 
Example #2
Source File: HadoopSecurityManager_H_2_0.java    From azkaban-plugins with Apache License 2.0 6 votes vote down vote up
private void cancelMRJobTrackerToken(
    final Token<? extends TokenIdentifier> t, String userToProxy)
    throws HadoopSecurityManagerException {
  try {
    getProxiedUser(userToProxy).doAs(new PrivilegedExceptionAction<Void>() {
      @SuppressWarnings("unchecked")
      @Override
      public Void run() throws Exception {
        cancelToken((Token<DelegationTokenIdentifier>) t);
        return null;
      }

      private void cancelToken(Token<DelegationTokenIdentifier> jt)
          throws IOException, InterruptedException {
        JobConf jc = new JobConf(conf);
        JobClient jobClient = new JobClient(jc);
        jobClient.cancelDelegationToken(jt);
      }
    });
  } catch (Exception e) {
    throw new HadoopSecurityManagerException("Failed to cancel token. "
        + e.getMessage() + e.getCause(), e);
  }
}
 
Example #3
Source File: HadoopSecurityManager_H_1_0.java    From azkaban-plugins with Apache License 2.0 6 votes vote down vote up
private void cancelMRJobTrackerToken(
    final Token<? extends TokenIdentifier> t, String userToProxy)
    throws HadoopSecurityManagerException {
  try {
    getProxiedUser(userToProxy).doAs(new PrivilegedExceptionAction<Void>() {
      @SuppressWarnings("unchecked")
      @Override
      public Void run() throws Exception {
        cancelToken((Token<DelegationTokenIdentifier>) t);
        return null;
      }

      private void cancelToken(Token<DelegationTokenIdentifier> jt)
          throws IOException, InterruptedException {
        JobConf jc = new JobConf(conf);
        JobClient jobClient = new JobClient(jc);
        jobClient.cancelDelegationToken(jt);
      }
    });
  } catch (Exception e) {
    e.printStackTrace();
    throw new HadoopSecurityManagerException("Failed to cancel Token. "
        + e.getMessage() + e.getCause());
  }
}
 
Example #4
Source File: YARNRunner.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
    throws IOException, InterruptedException {
  // The token is only used for serialization. So the type information
  // mismatch should be fine.
  return resMgrDelegate.getDelegationToken(renewer);
}
 
Example #5
Source File: JobClient.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Get a delegation token for the user from the JobTracker.
 * @param renewer the user who can renew the token
 * @return the new token
 * @throws IOException
 */
public Token<DelegationTokenIdentifier> 
  getDelegationToken(final Text renewer) throws IOException, InterruptedException {
  return clientUgi.doAs(new 
      PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
    public Token<DelegationTokenIdentifier> run() throws IOException, 
    InterruptedException {
      return cluster.getDelegationToken(renewer);
    }
  });
}
 
Example #6
Source File: YARNRunner.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
    throws IOException, InterruptedException {
  // The token is only used for serialization. So the type information
  // mismatch should be fine.
  return resMgrDelegate.getDelegationToken(renewer);
}
 
Example #7
Source File: TokenUtils.java    From incubator-gobblin with Apache License 2.0 5 votes vote down vote up
/**
 * function to fetch hcat token as per the specified hive configuration and then store the token
 * in to the credential store specified .
 *
 * @param userToProxy String value indicating the name of the user the token will be fetched for.
 * @param hiveConf the configuration based off which the hive client will be initialized.
 */
private static Token<DelegationTokenIdentifier> fetchHcatToken(final String userToProxy, final HiveConf hiveConf,
    final String tokenSignatureOverwrite, final IMetaStoreClient hiveClient)
    throws IOException, TException, InterruptedException {

  LOG.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": " + hiveConf.get(
      HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname));

  LOG.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": " + hiveConf.get(
      HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname));

  final Token<DelegationTokenIdentifier> hcatToken = new Token<>();

  hcatToken.decodeFromUrlString(
      hiveClient.getDelegationToken(userToProxy, UserGroupInformation.getLoginUser().getShortUserName()));

  // overwrite the value of the service property of the token if the signature
  // override is specified.
  // If the service field is set, do not overwrite that
  if (hcatToken.getService().getLength() <= 0 && tokenSignatureOverwrite != null
      && tokenSignatureOverwrite.trim().length() > 0) {
    hcatToken.setService(new Text(tokenSignatureOverwrite.trim().toLowerCase()));

    LOG.info(HIVE_TOKEN_SIGNATURE_KEY + ":" + tokenSignatureOverwrite);
  }

  LOG.info("Created hive metastore token for user:" + userToProxy + " with kind[" + hcatToken.getKind() + "]"
      + " and service[" + hcatToken.getService() + "]");
  return hcatToken;
}
 
Example #8
Source File: HadoopSecurityManager_H_2_0.java    From azkaban-plugins with Apache License 2.0 5 votes vote down vote up
/**
 * function to fetch hcat token as per the specified hive configuration and
 * then store the token in to the credential store specified .
 *
 * @param userToProxy String value indicating the name of the user the token
 *          will be fetched for.
 * @param hiveConf the configuration based off which the hive client will be
 *          initialized.
 * @param logger the logger instance which writes the logging content to the
 *          job logs.
 *
 * @throws IOException
 * @throws TException
 * @throws MetaException
 *
 * */
private Token<DelegationTokenIdentifier> fetchHcatToken(String userToProxy,
    HiveConf hiveConf, String tokenSignatureOverwrite, final Logger logger)
    throws IOException, MetaException, TException {

  logger.info(HiveConf.ConfVars.METASTOREURIS.varname + ": "
      + hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname));

  logger.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": "
      + hiveConf.get(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname));

  logger.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": "
      + hiveConf.get(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname));

  HiveMetaStoreClient hiveClient = new HiveMetaStoreClient(hiveConf);
  String hcatTokenStr =
      hiveClient.getDelegationToken(userToProxy, UserGroupInformation
          .getLoginUser().getShortUserName());
  Token<DelegationTokenIdentifier> hcatToken =
      new Token<DelegationTokenIdentifier>();
  hcatToken.decodeFromUrlString(hcatTokenStr);

  // overwrite the value of the service property of the token if the signature
  // override is specified.
  if (tokenSignatureOverwrite != null
      && tokenSignatureOverwrite.trim().length() > 0) {
    hcatToken.setService(new Text(tokenSignatureOverwrite.trim()
        .toLowerCase()));

    logger.info(HIVE_TOKEN_SIGNATURE_KEY + ":"
        + (tokenSignatureOverwrite == null ? "" : tokenSignatureOverwrite));
  }

  logger.info("Created hive metastore token: " + hcatTokenStr);
  logger.info("Token kind: " + hcatToken.getKind());
  logger.info("Token id: " + hcatToken.getIdentifier());
  logger.info("Token service: " + hcatToken.getService());
  return hcatToken;
}
 
Example #9
Source File: YARNRunner.java    From incubator-tez with Apache License 2.0 5 votes vote down vote up
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
    throws IOException, InterruptedException {
  // The token is only used for serialization. So the type information
  // mismatch should be fine.
  return resMgrDelegate.getDelegationToken(renewer);
}
 
Example #10
Source File: JobClient.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Get a delegation token for the user from the JobTracker.
 * @param renewer the user who can renew the token
 * @return the new token
 * @throws IOException
 */
public Token<DelegationTokenIdentifier> 
  getDelegationToken(final Text renewer) throws IOException, InterruptedException {
  return clientUgi.doAs(new 
      PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
    public Token<DelegationTokenIdentifier> run() throws IOException, 
    InterruptedException {
      return cluster.getDelegationToken(renewer);
    }
  });
}
 
Example #11
Source File: YARNRunner.java    From tez with Apache License 2.0 5 votes vote down vote up
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
    throws IOException, InterruptedException {
  // The token is only used for serialization. So the type information
  // mismatch should be fine.
  return resMgrDelegate.getDelegationToken(renewer);
}
 
Example #12
Source File: YARNRunner.java    From incubator-tez with Apache License 2.0 4 votes vote down vote up
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #13
Source File: YARNRunner.java    From incubator-tez with Apache License 2.0 4 votes vote down vote up
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #14
Source File: YARNRunner.java    From tez with Apache License 2.0 4 votes vote down vote up
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #15
Source File: HadoopClientProtocol.java    From ignite with Apache License 2.0 4 votes vote down vote up
/** {@inheritDoc} */
@Override public void cancelDelegationToken(Token<DelegationTokenIdentifier> token) throws IOException,
    InterruptedException {
    // No-op.
}
 
Example #16
Source File: HadoopClientProtocol.java    From ignite with Apache License 2.0 4 votes vote down vote up
/** {@inheritDoc} */
@Override public long renewDelegationToken(Token<DelegationTokenIdentifier> token) throws IOException,
    InterruptedException {
    return 0;
}
 
Example #17
Source File: YARNRunner.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #18
Source File: HadoopClientProtocol.java    From ignite with Apache License 2.0 4 votes vote down vote up
/** {@inheritDoc} */
@Override public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer) throws IOException,
    InterruptedException {
    return null;
}
 
Example #19
Source File: YARNRunner.java    From tez with Apache License 2.0 4 votes vote down vote up
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #20
Source File: LocalJobRunner.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> token
                                    ) throws IOException,InterruptedException{
  return 0;
}
 
Example #21
Source File: LocalJobRunner.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> token
                                     ) throws IOException,
                                              InterruptedException {
}
 
Example #22
Source File: YARNRunner.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #23
Source File: LocalJobRunner.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> token
                                     ) throws IOException,
                                              InterruptedException {
}
 
Example #24
Source File: LocalJobRunner.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public Token<DelegationTokenIdentifier> 
   getDelegationToken(Text renewer) throws IOException, InterruptedException {
  return null;
}
 
Example #25
Source File: LocalJobRunner.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> token
                                    ) throws IOException,InterruptedException{
  return 0;
}
 
Example #26
Source File: YARNRunner.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #27
Source File: YARNRunner.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
    throws IOException, InterruptedException {
  throw new UnsupportedOperationException("Use Token.renew instead");
}
 
Example #28
Source File: LocalJobRunner.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public Token<DelegationTokenIdentifier> 
   getDelegationToken(Text renewer) throws IOException, InterruptedException {
  return null;
}
 
Example #29
Source File: ClientProtocol.java    From hadoop with Apache License 2.0 2 votes vote down vote up
/**
 * Cancel a delegation token.
 * @param token the token to cancel
 * @throws IOException
 * @throws InterruptedException
 */
public void cancelDelegationToken(Token<DelegationTokenIdentifier> token
                                  ) throws IOException,
                                           InterruptedException;
 
Example #30
Source File: JobClient.java    From big-c with Apache License 2.0 2 votes vote down vote up
/**
 * Renew a delegation token
 * @param token the token to renew
 * @return true if the renewal went well
 * @throws InvalidToken
 * @throws IOException
 * @deprecated Use {@link Token#renew} instead
 */
public long renewDelegationToken(Token<DelegationTokenIdentifier> token
                                 ) throws InvalidToken, IOException, 
                                          InterruptedException {
  return token.renew(getConf());
}