Java Code Examples for org.apache.hadoop.security.token.Token#encodeToUrlString()

The following examples show how to use org.apache.hadoop.security.token.Token#encodeToUrlString() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestOzoneTokenIdentifier.java    From hadoop-ozone with Apache License 2.0 6 votes vote down vote up
@Test
public void testTokenSerialization() throws IOException {
  OzoneTokenIdentifier idEncode = getIdentifierInst();
  idEncode.setOmServiceId("defaultServiceId");
  Token<OzoneTokenIdentifier> token = new Token<OzoneTokenIdentifier>(
      idEncode.getBytes(), new byte[0], new Text("OzoneToken"),
      new Text("om1:9862,om2:9852,om3:9852"));
  String encodedStr = token.encodeToUrlString();

  Token<OzoneTokenIdentifier> tokenDecode = new Token<>();
  tokenDecode.decodeFromUrlString(encodedStr);

  ByteArrayInputStream buf = new ByteArrayInputStream(
      tokenDecode.getIdentifier());
  DataInputStream in = new DataInputStream(buf);
  OzoneTokenIdentifier idDecode = new OzoneTokenIdentifier();
  idDecode.readFields(in);
  Assert.assertEquals(idEncode, idDecode);
}
 
Example 2
Source File: ContainerProtocolCalls.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
/**
 * Returns a url encoded block token. Service param should match the service
 * field of token.
 * @param service
 *
 * */
private static String getEncodedBlockToken(Text service)
    throws IOException {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  Token<OzoneBlockTokenIdentifier> token =
      OzoneBlockTokenSelector.selectBlockToken(service, ugi.getTokens());
  if (token != null) {
    return token.encodeToUrlString();
  }
  return null;
}
 
Example 3
Source File: StramWSFilter.java    From Bats with Apache License 2.0 5 votes vote down vote up
private String createClientToken(String username, String service) throws IOException
{
  StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier(new Text(username), new Text(loginUser), new Text());
  //tokenIdentifier.setSequenceNumber(sequenceNumber.getAndAdd(1));
  //byte[] password = tokenManager.addIdentifier(tokenIdentifier);
  //Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(tokenIdentifier.getBytes(), password, tokenIdentifier.getKind(), new Text(service));
  Token<StramDelegationTokenIdentifier> token = new Token<>(tokenIdentifier, tokenManager);
  token.setService(new Text(service));
  return token.encodeToUrlString();
}
 
Example 4
Source File: RMWebServices.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private Response createDelegationToken(DelegationToken tokenData,
    HttpServletRequest hsr, UserGroupInformation callerUGI)
    throws AuthorizationException, IOException, InterruptedException,
    Exception {

  final String renewer = tokenData.getRenewer();
  GetDelegationTokenResponse resp;
  try {
    resp =
        callerUGI
          .doAs(new PrivilegedExceptionAction<GetDelegationTokenResponse>() {
            @Override
            public GetDelegationTokenResponse run() throws IOException,
                YarnException {
              GetDelegationTokenRequest createReq =
                  GetDelegationTokenRequest.newInstance(renewer);
              return rm.getClientRMService().getDelegationToken(createReq);
            }
          });
  } catch (Exception e) {
    LOG.info("Create delegation token request failed", e);
    throw e;
  }

  Token<RMDelegationTokenIdentifier> tk =
      new Token<RMDelegationTokenIdentifier>(resp.getRMDelegationToken()
        .getIdentifier().array(), resp.getRMDelegationToken().getPassword()
        .array(), new Text(resp.getRMDelegationToken().getKind()), new Text(
        resp.getRMDelegationToken().getService()));
  RMDelegationTokenIdentifier identifier = tk.decodeIdentifier();
  long currentExpiration =
      rm.getRMContext().getRMDelegationTokenSecretManager()
        .getRenewDate(identifier);
  DelegationToken respToken =
      new DelegationToken(tk.encodeToUrlString(), renewer, identifier
        .getOwner().toString(), tk.getKind().toString(), currentExpiration,
        identifier.getMaxDate());
  return Response.status(Status.OK).entity(respToken).build();
}
 
Example 5
Source File: NamenodeJspHelper.java    From hadoop with Apache License 2.0 5 votes vote down vote up
static String getDelegationToken(final NamenodeProtocols nn,
    HttpServletRequest request, Configuration conf,
    final UserGroupInformation ugi) throws IOException, InterruptedException {
  Token<DelegationTokenIdentifier> token = ugi
      .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
        @Override
        public Token<DelegationTokenIdentifier> run() throws IOException {
          return nn.getDelegationToken(new Text(ugi.getUserName()));
        }
      });
  return token == null ? null : token.encodeToUrlString();
}
 
Example 6
Source File: TestParameterParser.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@Test
public void testDeserializeHAToken() throws IOException {
  Configuration conf = DFSTestUtil.newHAConfiguration(LOGICAL_NAME);
  final Token<DelegationTokenIdentifier> token = new
      Token<DelegationTokenIdentifier>();
  QueryStringDecoder decoder = new QueryStringDecoder(
    WebHdfsHandler.WEBHDFS_PREFIX + "/?"
    + NamenodeAddressParam.NAME + "=" + LOGICAL_NAME + "&"
    + DelegationParam.NAME + "=" + token.encodeToUrlString());
  ParameterParser testParser = new ParameterParser(decoder, conf);
  final Token<DelegationTokenIdentifier> tok2 = testParser.delegationToken();
  Assert.assertTrue(HAUtil.isTokenForLogicalUri(tok2));
}
 
Example 7
Source File: RMWebServices.java    From big-c with Apache License 2.0 5 votes vote down vote up
private Response createDelegationToken(DelegationToken tokenData,
    HttpServletRequest hsr, UserGroupInformation callerUGI)
    throws AuthorizationException, IOException, InterruptedException,
    Exception {

  final String renewer = tokenData.getRenewer();
  GetDelegationTokenResponse resp;
  try {
    resp =
        callerUGI
          .doAs(new PrivilegedExceptionAction<GetDelegationTokenResponse>() {
            @Override
            public GetDelegationTokenResponse run() throws IOException,
                YarnException {
              GetDelegationTokenRequest createReq =
                  GetDelegationTokenRequest.newInstance(renewer);
              return rm.getClientRMService().getDelegationToken(createReq);
            }
          });
  } catch (Exception e) {
    LOG.info("Create delegation token request failed", e);
    throw e;
  }

  Token<RMDelegationTokenIdentifier> tk =
      new Token<RMDelegationTokenIdentifier>(resp.getRMDelegationToken()
        .getIdentifier().array(), resp.getRMDelegationToken().getPassword()
        .array(), new Text(resp.getRMDelegationToken().getKind()), new Text(
        resp.getRMDelegationToken().getService()));
  RMDelegationTokenIdentifier identifier = tk.decodeIdentifier();
  long currentExpiration =
      rm.getRMContext().getRMDelegationTokenSecretManager()
        .getRenewDate(identifier);
  DelegationToken respToken =
      new DelegationToken(tk.encodeToUrlString(), renewer, identifier
        .getOwner().toString(), tk.getKind().toString(), currentExpiration,
        identifier.getMaxDate());
  return Response.status(Status.OK).entity(respToken).build();
}
 
Example 8
Source File: NamenodeJspHelper.java    From big-c with Apache License 2.0 5 votes vote down vote up
static String getDelegationToken(final NamenodeProtocols nn,
    HttpServletRequest request, Configuration conf,
    final UserGroupInformation ugi) throws IOException, InterruptedException {
  Token<DelegationTokenIdentifier> token = ugi
      .doAs(new PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
        @Override
        public Token<DelegationTokenIdentifier> run() throws IOException {
          return nn.getDelegationToken(new Text(ugi.getUserName()));
        }
      });
  return token == null ? null : token.encodeToUrlString();
}
 
Example 9
Source File: TestParameterParser.java    From big-c with Apache License 2.0 5 votes vote down vote up
@Test
public void testDeserializeHAToken() throws IOException {
  Configuration conf = DFSTestUtil.newHAConfiguration(LOGICAL_NAME);
  final Token<DelegationTokenIdentifier> token = new
      Token<DelegationTokenIdentifier>();
  QueryStringDecoder decoder = new QueryStringDecoder(
    WebHdfsHandler.WEBHDFS_PREFIX + "/?"
    + NamenodeAddressParam.NAME + "=" + LOGICAL_NAME + "&"
    + DelegationParam.NAME + "=" + token.encodeToUrlString());
  ParameterParser testParser = new ParameterParser(decoder, conf);
  final Token<DelegationTokenIdentifier> tok2 = testParser.delegationToken();
  Assert.assertTrue(HAUtil.isTokenForLogicalUri(tok2));
}
 
Example 10
Source File: StramWSFilter.java    From attic-apex-core with Apache License 2.0 5 votes vote down vote up
private String createClientToken(String username, String service) throws IOException
{
  StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier(new Text(username), new Text(loginUser), new Text());
  //tokenIdentifier.setSequenceNumber(sequenceNumber.getAndAdd(1));
  //byte[] password = tokenManager.addIdentifier(tokenIdentifier);
  //Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(tokenIdentifier.getBytes(), password, tokenIdentifier.getKind(), new Text(service));
  Token<StramDelegationTokenIdentifier> token = new Token<>(tokenIdentifier, tokenManager);
  token.setService(new Text(service));
  return token.encodeToUrlString();
}
 
Example 11
Source File: TestOzoneBlockTokenIdentifier.java    From hadoop-ozone with Apache License 2.0 4 votes vote down vote up
@Test
public void testTokenSerialization() throws GeneralSecurityException,
    IOException {
  String keystore = new File(KEYSTORES_DIR, "keystore.jks")
      .getAbsolutePath();
  String truststore = new File(KEYSTORES_DIR, "truststore.jks")
      .getAbsolutePath();
  String trustPassword = "trustPass";
  String keyStorePassword = "keyStorePass";
  String keyPassword = "keyPass";
  long maxLength = 128L;

  KeyStoreTestUtil.createKeyStore(keystore, keyStorePassword, keyPassword,
      "OzoneMaster", keyPair.getPrivate(), cert);

  // Create trust store and put the certificate in the trust store
  Map<String, X509Certificate> certs = Collections.singletonMap("server",
      cert);
  KeyStoreTestUtil.createTrustStore(truststore, trustPassword, certs);

  // Sign the OzoneMaster Token with Ozone Master private key
  PrivateKey privateKey = keyPair.getPrivate();
  OzoneBlockTokenIdentifier tokenId = new OzoneBlockTokenIdentifier(
      "testUser", "84940",
      EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class),
      expiryTime, cert.getSerialNumber().toString(), maxLength);
  byte[] signedToken = signTokenAsymmetric(tokenId, privateKey);


  Token<OzoneBlockTokenIdentifier> token = new Token(tokenId.getBytes(),
      signedToken, tokenId.getKind(), new Text("host:port"));

  String encodeToUrlString = token.encodeToUrlString();

  Token<OzoneBlockTokenIdentifier>decodedToken = new Token();
  decodedToken.decodeFromUrlString(encodeToUrlString);

  OzoneBlockTokenIdentifier decodedTokenId = new OzoneBlockTokenIdentifier();
  decodedTokenId.readFields(new DataInputStream(
      new ByteArrayInputStream(decodedToken.getIdentifier())));

  Assert.assertEquals(decodedTokenId, tokenId);
  Assert.assertEquals(decodedTokenId.getMaxLength(), maxLength);

  // Verify a decoded signed Token with public key(certificate)
  boolean isValidToken = verifyTokenAsymmetric(decodedTokenId, decodedToken
      .getPassword(), cert);
  LOG.info("{} is {}", tokenId, isValidToken ? "valid." : "invalid.");
}
 
Example 12
Source File: NamenodeWebHdfsMethods.java    From hadoop with Apache License 2.0 4 votes vote down vote up
private URI redirectURI(final NameNode namenode,
    final UserGroupInformation ugi, final DelegationParam delegation,
    final UserParam username, final DoAsParam doAsUser,
    final String path, final HttpOpParam.Op op, final long openOffset,
    final long blocksize, final String excludeDatanodes,
    final Param<?, ?>... parameters) throws URISyntaxException, IOException {
  final DatanodeInfo dn;
  try {
    dn = chooseDatanode(namenode, path, op, openOffset, blocksize,
        excludeDatanodes);
  } catch (InvalidTopologyException ite) {
    throw new IOException("Failed to find datanode, suggest to check cluster health.", ite);
  }

  final String delegationQuery;
  if (!UserGroupInformation.isSecurityEnabled()) {
    //security disabled
    delegationQuery = Param.toSortedString("&", doAsUser, username);
  } else if (delegation.getValue() != null) {
    //client has provided a token
    delegationQuery = "&" + delegation;
  } else {
    //generate a token
    final Token<? extends TokenIdentifier> t = generateDelegationToken(
        namenode, ugi, request.getUserPrincipal().getName());
    delegationQuery = "&" + new DelegationParam(t.encodeToUrlString());
  }
  final String query = op.toQueryString() + delegationQuery
      + "&" + new NamenodeAddressParam(namenode)
      + Param.toSortedString("&", parameters);
  final String uripath = WebHdfsFileSystem.PATH_PREFIX + path;

  final String scheme = request.getScheme();
  int port = "http".equals(scheme) ? dn.getInfoPort() : dn
      .getInfoSecurePort();
  final URI uri = new URI(scheme, null, dn.getHostName(), port, uripath,
      query, null);

  if (LOG.isTraceEnabled()) {
    LOG.trace("redirectURI=" + uri);
  }
  return uri;
}
 
Example 13
Source File: TestJspHelper.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetUgi() throws IOException {
  conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
  HttpServletRequest request = mock(HttpServletRequest.class);
  ServletContext context = mock(ServletContext.class);
  String user = "TheDoctor";
  Text userText = new Text(user);
  DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText,
      userText, null);
  Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(
      dtId, new DummySecretManager(0, 0, 0, 0));
  String tokenString = token.encodeToUrlString();
  when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
      tokenString);
  when(request.getRemoteUser()).thenReturn(user);

  //Test attribute in the url to be used as service in the token.
  when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(
      "1.1.1.1:1111");

  conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
  UserGroupInformation.setConfiguration(conf);

  verifyServiceInToken(context, request, "1.1.1.1:1111");
  
  //Test attribute name.node.address 
  //Set the nnaddr url parameter to null.
  when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(null);
  InetSocketAddress addr = new InetSocketAddress("localhost", 2222);
  when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
      .thenReturn(addr);
  verifyServiceInToken(context, request, addr.getAddress().getHostAddress()
      + ":2222");
  
  //Test service already set in the token
  token.setService(new Text("3.3.3.3:3333"));
  tokenString = token.encodeToUrlString();
  //Set the name.node.address attribute in Servlet context to null
  when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
      .thenReturn(null);
  when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
      tokenString);
  verifyServiceInToken(context, request, "3.3.3.3:3333");
}
 
Example 14
Source File: NamenodeWebHdfsMethods.java    From big-c with Apache License 2.0 4 votes vote down vote up
private URI redirectURI(final NameNode namenode,
    final UserGroupInformation ugi, final DelegationParam delegation,
    final UserParam username, final DoAsParam doAsUser,
    final String path, final HttpOpParam.Op op, final long openOffset,
    final long blocksize, final String excludeDatanodes,
    final Param<?, ?>... parameters) throws URISyntaxException, IOException {
  final DatanodeInfo dn;
  try {
    dn = chooseDatanode(namenode, path, op, openOffset, blocksize,
        excludeDatanodes);
  } catch (InvalidTopologyException ite) {
    throw new IOException("Failed to find datanode, suggest to check cluster health.", ite);
  }

  final String delegationQuery;
  if (!UserGroupInformation.isSecurityEnabled()) {
    //security disabled
    delegationQuery = Param.toSortedString("&", doAsUser, username);
  } else if (delegation.getValue() != null) {
    //client has provided a token
    delegationQuery = "&" + delegation;
  } else {
    //generate a token
    final Token<? extends TokenIdentifier> t = generateDelegationToken(
        namenode, ugi, request.getUserPrincipal().getName());
    delegationQuery = "&" + new DelegationParam(t.encodeToUrlString());
  }
  final String query = op.toQueryString() + delegationQuery
      + "&" + new NamenodeAddressParam(namenode)
      + Param.toSortedString("&", parameters);
  final String uripath = WebHdfsFileSystem.PATH_PREFIX + path;

  final String scheme = request.getScheme();
  int port = "http".equals(scheme) ? dn.getInfoPort() : dn
      .getInfoSecurePort();
  final URI uri = new URI(scheme, null, dn.getHostName(), port, uripath,
      query, null);

  if (LOG.isTraceEnabled()) {
    LOG.trace("redirectURI=" + uri);
  }
  return uri;
}
 
Example 15
Source File: TestJspHelper.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetUgi() throws IOException {
  conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
  HttpServletRequest request = mock(HttpServletRequest.class);
  ServletContext context = mock(ServletContext.class);
  String user = "TheDoctor";
  Text userText = new Text(user);
  DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText,
      userText, null);
  Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(
      dtId, new DummySecretManager(0, 0, 0, 0));
  String tokenString = token.encodeToUrlString();
  when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
      tokenString);
  when(request.getRemoteUser()).thenReturn(user);

  //Test attribute in the url to be used as service in the token.
  when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(
      "1.1.1.1:1111");

  conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
  UserGroupInformation.setConfiguration(conf);

  verifyServiceInToken(context, request, "1.1.1.1:1111");
  
  //Test attribute name.node.address 
  //Set the nnaddr url parameter to null.
  when(request.getParameter(JspHelper.NAMENODE_ADDRESS)).thenReturn(null);
  InetSocketAddress addr = new InetSocketAddress("localhost", 2222);
  when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
      .thenReturn(addr);
  verifyServiceInToken(context, request, addr.getAddress().getHostAddress()
      + ":2222");
  
  //Test service already set in the token
  token.setService(new Text("3.3.3.3:3333"));
  tokenString = token.encodeToUrlString();
  //Set the name.node.address attribute in Servlet context to null
  when(context.getAttribute(NameNodeHttpServer.NAMENODE_ADDRESS_ATTRIBUTE_KEY))
      .thenReturn(null);
  when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(
      tokenString);
  verifyServiceInToken(context, request, "3.3.3.3:3333");
}