Java Code Examples for org.apache.hadoop.security.token.SecretManager.InvalidToken

The following examples show how to use org.apache.hadoop.security.token.SecretManager.InvalidToken. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: ContainerManagerImpl.java    License: Apache License 2.0 6 votes vote down vote up
protected ContainerTokenIdentifier verifyAndGetContainerTokenIdentifier(
    org.apache.hadoop.yarn.api.records.Token token,
    ContainerTokenIdentifier containerTokenIdentifier) throws YarnException,
    InvalidToken {
  byte[] password =
      context.getContainerTokenSecretManager().retrievePassword(
        containerTokenIdentifier);
  byte[] tokenPass = token.getPassword().array();
  if (password == null || tokenPass == null
      || !Arrays.equals(password, tokenPass)) {
    throw new InvalidToken(
      "Invalid container token used for starting container on : "
          + context.getNodeId().toString());
  }
  return containerTokenIdentifier;
}
 
Example 2
Source Project: hadoop   Source File: TestDelegationTokenRenewer.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public long renew(Token<?> t, Configuration conf) throws IOException {
  if ( !(t instanceof MyToken)) {
    // renew in 3 seconds
    return System.currentTimeMillis() + 3000;
  }
  MyToken token = (MyToken)t;
  if(token.isCanceled()) {
    throw new InvalidToken("token has been canceled");
  }
  lastRenewed = token;
  counter ++;
  LOG.info("Called MYDFS.renewdelegationtoken " + token + 
      ";this dfs=" + this.hashCode() + ";c=" + counter);
  if(tokenToRenewIn2Sec == token) { 
    // this token first renewal in 2 seconds
    LOG.info("RENEW in 2 seconds");
    tokenToRenewIn2Sec=null;
    return 2*1000 + System.currentTimeMillis();
  } else {
    return 86400*1000 + System.currentTimeMillis();
  }
}
 
Example 3
Source Project: hadoop   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 6 votes vote down vote up
private void assertTokenCancelled(String encodedToken) throws Exception {
  Token<RMDelegationTokenIdentifier> realToken =
      new Token<RMDelegationTokenIdentifier>();
  realToken.decodeFromUrlString(encodedToken);
  RMDelegationTokenIdentifier ident = rm.getRMContext()
    .getRMDelegationTokenSecretManager().decodeTokenIdentifier(realToken);
  boolean exceptionCaught = false;
  try {
    rm.getRMContext().getRMDelegationTokenSecretManager()
      .verifyToken(ident, realToken.getPassword());
  } catch (InvalidToken it) {
    exceptionCaught = true;
  }
  assertTrue("InvalidToken exception not thrown", exceptionCaught);
  assertFalse(rm.getRMContext().getRMDelegationTokenSecretManager()
    .getAllTokens().containsKey(ident));
}
 
Example 4
Source Project: hadoop   Source File: ContainerManagementProtocolProxy.java    License: Apache License 2.0 6 votes vote down vote up
@Private
@VisibleForTesting
protected ContainerManagementProtocol newProxy(final YarnRPC rpc,
    String containerManagerBindAddr, ContainerId containerId, Token token)
    throws InvalidToken {

  if (token == null) {
    throw new InvalidToken("No NMToken sent for "
        + containerManagerBindAddr);
  }
  
  final InetSocketAddress cmAddr =
      NetUtils.createSocketAddr(containerManagerBindAddr);
  LOG.info("Opening proxy : " + containerManagerBindAddr);
  // the user in createRemoteUser in this context has to be ContainerID
  UserGroupInformation user =
      UserGroupInformation.createRemoteUser(containerId
          .getApplicationAttemptId().toString());

  org.apache.hadoop.security.token.Token<NMTokenIdentifier> nmToken =
      ConverterUtils.convertFromYarn(token, cmAddr);
  user.addToken(nmToken);

  return NMProxy.createNMProxy(conf, ContainerManagementProtocol.class,
    user, rpc, cmAddr);
}
 
Example 5
Source Project: big-c   Source File: TestDelegationToken.java    License: Apache License 2.0 6 votes vote down vote up
@Test 
public void testCancelDelegationToken() throws Exception {
  Token<DelegationTokenIdentifier> token = generateDelegationToken(
      "SomeUser", "JobTracker");
  //Fake renewer should not be able to renew
  try {
    dtSecretManager.cancelToken(token, "FakeCanceller");
    Assert.fail("should have failed");
  } catch (AccessControlException ace) {
    // PASS
  }
  dtSecretManager.cancelToken(token, "JobTracker");
  try {
    dtSecretManager.renewToken(token, "JobTracker");
    Assert.fail("should have failed");
  } catch (InvalidToken it) {
    // PASS
  }
}
 
Example 6
Source Project: hadoop   Source File: DFSInputStream.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Should the block access token be refetched on an exception
 * 
 * @param ex Exception received
 * @param targetAddr Target datanode address from where exception was received
 * @return true if block access token has expired or invalid and it should be
 *         refetched
 */
private static boolean tokenRefetchNeeded(IOException ex,
    InetSocketAddress targetAddr) {
  /*
   * Get a new access token and retry. Retry is needed in 2 cases. 1)
   * When both NN and DN re-started while DFSClient holding a cached
   * access token. 2) In the case that NN fails to update its
   * access key at pre-set interval (by a wide margin) and
   * subsequently restarts. In this case, DN re-registers itself with
   * NN and receives a new access key, but DN will delete the old
   * access key from its memory since it's considered expired based on
   * the estimated expiration date.
   */
  if (ex instanceof InvalidBlockTokenException || ex instanceof InvalidToken) {
    DFSClient.LOG.info("Access token was invalid when connecting to "
        + targetAddr + " : " + ex);
    return true;
  }
  return false;
}
 
Example 7
Source Project: big-c   Source File: TestEnhancedByteBufferAccess.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void visit(int numOutstandingMmaps,
    Map<ExtendedBlockId, ShortCircuitReplica> replicas,
    Map<ExtendedBlockId, InvalidToken> failedLoads,
    Map<Long, ShortCircuitReplica> evictable,
    Map<Long, ShortCircuitReplica> evictableMmapped) {
  if (expectedNumOutstandingMmaps >= 0) {
    Assert.assertEquals(expectedNumOutstandingMmaps, numOutstandingMmaps);
  }
  if (expectedNumReplicas >= 0) {
    Assert.assertEquals(expectedNumReplicas, replicas.size());
  }
  if (expectedNumEvictable >= 0) {
    Assert.assertEquals(expectedNumEvictable, evictable.size());
  }
  if (expectedNumMmapedEvictable >= 0) {
    Assert.assertEquals(expectedNumMmapedEvictable, evictableMmapped.size());
  }
}
 
Example 8
Source Project: hadoop   Source File: TestDelegationToken.java    License: Apache License 2.0 6 votes vote down vote up
@Test 
public void testCancelDelegationToken() throws Exception {
  Token<DelegationTokenIdentifier> token = generateDelegationToken(
      "SomeUser", "JobTracker");
  //Fake renewer should not be able to renew
  try {
    dtSecretManager.cancelToken(token, "FakeCanceller");
    Assert.fail("should have failed");
  } catch (AccessControlException ace) {
    // PASS
  }
  dtSecretManager.cancelToken(token, "JobTracker");
  try {
    dtSecretManager.renewToken(token, "JobTracker");
    Assert.fail("should have failed");
  } catch (InvalidToken it) {
    // PASS
  }
}
 
Example 9
Source Project: hadoop   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 10
Source Project: hadoop   Source File: Server.java    License: Apache License 2.0 6 votes vote down vote up
private Throwable getCauseForInvalidToken(IOException e) {
  Throwable cause = e;
  while (cause != null) {
    if (cause instanceof RetriableException) {
      return cause;
    } else if (cause instanceof StandbyException) {
      return cause;
    } else if (cause instanceof InvalidToken) {
      // FIXME: hadoop method signatures are restricting the SASL
      // callbacks to only returning InvalidToken, but some services
      // need to throw other exceptions (ex. NN + StandyException),
      // so for now we'll tunnel the real exceptions via an
      // InvalidToken's cause which normally is not set 
      if (cause.getCause() != null) {
        cause = cause.getCause();
      }
      return cause;
    }
    cause = cause.getCause();
  }
  return e;
}
 
Example 11
Source Project: hadoop   Source File: TestSaslRPC.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testErrorMessage() throws Exception {
  BadTokenSecretManager sm = new BadTokenSecretManager();
  final Server server = new RPC.Builder(conf)
      .setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl())
      .setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true)
      .setSecretManager(sm).build();

  boolean succeeded = false;
  try {
    doDigestRpc(server, sm);
  } catch (RemoteException e) {
    LOG.info("LOGGING MESSAGE: " + e.getLocalizedMessage());
    assertEquals(ERROR_MESSAGE, e.getLocalizedMessage());
    assertTrue(e.unwrapRemoteException() instanceof InvalidToken);
    succeeded = true;
  }
  assertTrue(succeeded);
}
 
Example 12
Source Project: big-c   Source File: ContainerManagerImpl.java    License: Apache License 2.0 6 votes vote down vote up
protected ContainerTokenIdentifier verifyAndGetContainerTokenIdentifier(
    org.apache.hadoop.yarn.api.records.Token token,
    ContainerTokenIdentifier containerTokenIdentifier) throws YarnException,
    InvalidToken {
  byte[] password =
      context.getContainerTokenSecretManager().retrievePassword(
        containerTokenIdentifier);
  byte[] tokenPass = token.getPassword().array();
  if (password == null || tokenPass == null
      || !Arrays.equals(password, tokenPass)) {
    throw new InvalidToken(
      "Invalid container token used for starting container on : "
          + context.getNodeId().toString());
  }
  return containerTokenIdentifier;
}
 
Example 13
Source Project: big-c   Source File: TestRMWebServicesDelegationTokens.java    License: Apache License 2.0 6 votes vote down vote up
private void assertTokenCancelled(String encodedToken) throws Exception {
  Token<RMDelegationTokenIdentifier> realToken =
      new Token<RMDelegationTokenIdentifier>();
  realToken.decodeFromUrlString(encodedToken);
  RMDelegationTokenIdentifier ident = rm.getRMContext()
    .getRMDelegationTokenSecretManager().decodeTokenIdentifier(realToken);
  boolean exceptionCaught = false;
  try {
    rm.getRMContext().getRMDelegationTokenSecretManager()
      .verifyToken(ident, realToken.getPassword());
  } catch (InvalidToken it) {
    exceptionCaught = true;
  }
  assertTrue("InvalidToken exception not thrown", exceptionCaught);
  assertFalse(rm.getRMContext().getRMDelegationTokenSecretManager()
    .getAllTokens().containsKey(ident));
}
 
Example 14
Source Project: big-c   Source File: TestSaslRPC.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testErrorMessage() throws Exception {
  BadTokenSecretManager sm = new BadTokenSecretManager();
  final Server server = new RPC.Builder(conf)
      .setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl())
      .setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true)
      .setSecretManager(sm).build();

  boolean succeeded = false;
  try {
    doDigestRpc(server, sm);
  } catch (RemoteException e) {
    LOG.info("LOGGING MESSAGE: " + e.getLocalizedMessage());
    assertEquals(ERROR_MESSAGE, e.getLocalizedMessage());
    assertTrue(e.unwrapRemoteException() instanceof InvalidToken);
    succeeded = true;
  }
  assertTrue(succeeded);
}
 
Example 15
Source Project: big-c   Source File: DFSInputStream.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Should the block access token be refetched on an exception
 * 
 * @param ex Exception received
 * @param targetAddr Target datanode address from where exception was received
 * @return true if block access token has expired or invalid and it should be
 *         refetched
 */
private static boolean tokenRefetchNeeded(IOException ex,
    InetSocketAddress targetAddr) {
  /*
   * Get a new access token and retry. Retry is needed in 2 cases. 1)
   * When both NN and DN re-started while DFSClient holding a cached
   * access token. 2) In the case that NN fails to update its
   * access key at pre-set interval (by a wide margin) and
   * subsequently restarts. In this case, DN re-registers itself with
   * NN and receives a new access key, but DN will delete the old
   * access key from its memory since it's considered expired based on
   * the estimated expiration date.
   */
  if (ex instanceof InvalidBlockTokenException || ex instanceof InvalidToken) {
    DFSClient.LOG.info("Access token was invalid when connecting to "
        + targetAddr + " : " + ex);
    return true;
  }
  return false;
}
 
Example 16
Source Project: hadoop   Source File: TestContainerManagerSecurity.java    License: Apache License 2.0 5 votes vote down vote up
private void parseAndThrowException(Throwable t) throws YarnException,
    IOException {
  if (t instanceof YarnException) {
    throw (YarnException) t;
  } else if (t instanceof InvalidToken) {
    throw (InvalidToken) t;
  } else {
    throw (IOException) t;
  }
}
 
Example 17
Source Project: big-c   Source File: DataXceiver.java    License: Apache License 2.0 5 votes vote down vote up
private void checkAccess(OutputStream out, final boolean reply, 
    final ExtendedBlock blk,
    final Token<BlockTokenIdentifier> t,
    final Op op,
    final BlockTokenSecretManager.AccessMode mode) throws IOException {
  if (datanode.isBlockTokenEnabled) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Checking block access token for block '" + blk.getBlockId()
          + "' with mode '" + mode + "'");
    }
    try {
      datanode.blockPoolTokenSecretManager.checkAccess(t, null, blk, mode);
    } catch(InvalidToken e) {
      try {
        if (reply) {
          BlockOpResponseProto.Builder resp = BlockOpResponseProto.newBuilder()
            .setStatus(ERROR_ACCESS_TOKEN);
          if (mode == BlockTokenSecretManager.AccessMode.WRITE) {
            DatanodeRegistration dnR = 
              datanode.getDNRegistrationForBP(blk.getBlockPoolId());
            // NB: Unconditionally using the xfer addr w/o hostname
            resp.setFirstBadLink(dnR.getXferAddr());
          }
          resp.build().writeDelimitedTo(out);
          out.flush();
        }
        LOG.warn("Block token verification failed: op=" + op
            + ", remoteAddress=" + remoteAddress
            + ", message=" + e.getLocalizedMessage());
        throw e;
      } finally {
        IOUtils.closeStream(out);
      }
    }
  }
}
 
Example 18
Source Project: hadoop   Source File: TestContainerLaunch.java    License: Apache License 2.0 5 votes vote down vote up
protected Token createContainerToken(ContainerId cId, Priority priority,
    long createTime) throws InvalidToken {
  Resource r = BuilderUtils.newResource(1024, 1);
  ContainerTokenIdentifier containerTokenIdentifier =
      new ContainerTokenIdentifier(cId, context.getNodeId().toString(), user,
        r, System.currentTimeMillis() + 10000L, 123, DUMMY_RM_IDENTIFIER,
        priority, createTime);
  Token containerToken =
      BuilderUtils.newContainerToken(
        context.getNodeId(),
        context.getContainerTokenSecretManager().retrievePassword(
          containerTokenIdentifier), containerTokenIdentifier);
  return containerToken;
}
 
Example 19
Source Project: big-c   Source File: TestEnhancedByteBufferAccess.java    License: Apache License 2.0 5 votes vote down vote up
private void waitForReplicaAnchorStatus(final ShortCircuitCache cache,
    final ExtendedBlock block, final boolean expectedIsAnchorable,
      final boolean expectedIsAnchored, final int expectedOutstandingMmaps)
        throws Exception {
  GenericTestUtils.waitFor(new Supplier<Boolean>() {
    @Override
    public Boolean get() {
      final MutableBoolean result = new MutableBoolean(false);
      cache.accept(new CacheVisitor() {
        @Override
        public void visit(int numOutstandingMmaps,
            Map<ExtendedBlockId, ShortCircuitReplica> replicas,
            Map<ExtendedBlockId, InvalidToken> failedLoads,
            Map<Long, ShortCircuitReplica> evictable,
            Map<Long, ShortCircuitReplica> evictableMmapped) {
          Assert.assertEquals(expectedOutstandingMmaps, numOutstandingMmaps);
          ShortCircuitReplica replica =
              replicas.get(ExtendedBlockId.fromExtendedBlock(block));
          Assert.assertNotNull(replica);
          Slot slot = replica.getSlot();
          if ((expectedIsAnchorable != slot.isAnchorable()) ||
              (expectedIsAnchored != slot.isAnchored())) {
            LOG.info("replica " + replica + " has isAnchorable = " +
              slot.isAnchorable() + ", isAnchored = " + slot.isAnchored() + 
              ".  Waiting for isAnchorable = " + expectedIsAnchorable + 
              ", isAnchored = " + expectedIsAnchored);
            return;
          }
          result.setValue(true);
        }
      });
      return result.toBoolean();
    }
  }, 10, 60000);
}
 
Example 20
Source Project: hadoop   Source File: AMLauncher.java    License: Apache License 2.0 5 votes vote down vote up
private void parseAndThrowException(Throwable t) throws YarnException,
    IOException {
  if (t instanceof YarnException) {
    throw (YarnException) t;
  } else if (t instanceof InvalidToken) {
    throw (InvalidToken) t;
  } else {
    throw (IOException) t;
  }
}
 
Example 21
Source Project: hadoop   Source File: ContainerManagementProtocolProxy.java    License: Apache License 2.0 5 votes vote down vote up
@Private
@VisibleForTesting
public ContainerManagementProtocolProxyData(YarnRPC rpc,
    String containerManagerBindAddr,
    ContainerId containerId, Token token) throws InvalidToken {
  this.containerManagerBindAddr = containerManagerBindAddr;
  ;
  this.activeCallers = 0;
  this.scheduledForClose = false;
  this.token = token;
  this.proxy = newProxy(rpc, containerManagerBindAddr, containerId, token);
}
 
Example 22
Source Project: hadoop   Source File: NMClientImpl.java    License: Apache License 2.0 5 votes vote down vote up
private void parseAndThrowException(Throwable t) throws YarnException,
    IOException {
  if (t instanceof YarnException) {
    throw (YarnException) t;
  } else if (t instanceof InvalidToken) {
    throw (InvalidToken) t;
  } else {
    throw (IOException) t;
  }
}
 
Example 23
Source Project: big-c   Source File: SaslRpcServer.java    License: Apache License 2.0 5 votes vote down vote up
public static <T extends TokenIdentifier> T getIdentifier(String id,
    SecretManager<T> secretManager) throws InvalidToken {
  byte[] tokenId = decodeIdentifier(id);
  T tokenIdentifier = secretManager.createIdentifier();
  try {
    tokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(
        tokenId)));
  } catch (IOException e) {
    throw (InvalidToken) new InvalidToken(
        "Can't de-serialize tokenIdentifier").initCause(e);
  }
  return tokenIdentifier;
}
 
Example 24
Source Project: hadoop   Source File: DFSClient.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Renew a delegation token
 * @param token the token to renew
 * @return the new expiration time
 * @throws InvalidToken
 * @throws IOException
 * @deprecated Use Token.renew instead.
 */
@Deprecated
public long renewDelegationToken(Token<DelegationTokenIdentifier> token)
    throws InvalidToken, IOException {
  LOG.info("Renewing " + DelegationTokenIdentifier.stringifyToken(token));
  try {
    return token.renew(conf);
  } catch (InterruptedException ie) {                                       
    throw new RuntimeException("caught interrupted", ie);
  } catch (RemoteException re) {
    throw re.unwrapRemoteException(InvalidToken.class,
                                   AccessControlException.class);
  }
}
 
Example 25
Source Project: hadoop   Source File: DFSClient.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Cancel a delegation token
 * @param token the token to cancel
 * @throws InvalidToken
 * @throws IOException
 * @deprecated Use Token.cancel instead.
 */
@Deprecated
public void cancelDelegationToken(Token<DelegationTokenIdentifier> token)
    throws InvalidToken, IOException {
  LOG.info("Cancelling " + DelegationTokenIdentifier.stringifyToken(token));
  try {
    token.cancel(conf);
   } catch (InterruptedException ie) {                                       
    throw new RuntimeException("caught interrupted", ie);
  } catch (RemoteException re) {
    throw re.unwrapRemoteException(InvalidToken.class,
                                   AccessControlException.class);
  }
}
 
Example 26
Source Project: hadoop   Source File: DFSClient.java    License: Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public long renew(Token<?> token, Configuration conf) throws IOException {
  Token<DelegationTokenIdentifier> delToken = 
    (Token<DelegationTokenIdentifier>) token;
  ClientProtocol nn = getNNProxy(delToken, conf);
  try {
    return nn.renewDelegationToken(delToken);
  } catch (RemoteException re) {
    throw re.unwrapRemoteException(InvalidToken.class, 
                                   AccessControlException.class);
  }
}
 
Example 27
Source Project: hadoop   Source File: DFSClient.java    License: Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public void cancel(Token<?> token, Configuration conf) throws IOException {
  Token<DelegationTokenIdentifier> delToken = 
      (Token<DelegationTokenIdentifier>) token;
  LOG.info("Cancelling " + 
           DelegationTokenIdentifier.stringifyToken(delToken));
  ClientProtocol nn = getNNProxy(delToken, conf);
  try {
    nn.cancelDelegationToken(delToken);
  } catch (RemoteException re) {
    throw re.unwrapRemoteException(InvalidToken.class,
        AccessControlException.class);
  }
}
 
Example 28
Source Project: hadoop   Source File: DataXceiver.java    License: Apache License 2.0 5 votes vote down vote up
private void checkAccess(OutputStream out, final boolean reply, 
    final ExtendedBlock blk,
    final Token<BlockTokenIdentifier> t,
    final Op op,
    final BlockTokenSecretManager.AccessMode mode) throws IOException {
  if (datanode.isBlockTokenEnabled) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Checking block access token for block '" + blk.getBlockId()
          + "' with mode '" + mode + "'");
    }
    try {
      datanode.blockPoolTokenSecretManager.checkAccess(t, null, blk, mode);
    } catch(InvalidToken e) {
      try {
        if (reply) {
          BlockOpResponseProto.Builder resp = BlockOpResponseProto.newBuilder()
            .setStatus(ERROR_ACCESS_TOKEN);
          if (mode == BlockTokenSecretManager.AccessMode.WRITE) {
            DatanodeRegistration dnR = 
              datanode.getDNRegistrationForBP(blk.getBlockPoolId());
            // NB: Unconditionally using the xfer addr w/o hostname
            resp.setFirstBadLink(dnR.getXferAddr());
          }
          resp.build().writeDelimitedTo(out);
          out.flush();
        }
        LOG.warn("Block token verification failed: op=" + op
            + ", remoteAddress=" + remoteAddress
            + ", message=" + e.getLocalizedMessage());
        throw e;
      } finally {
        IOUtils.closeStream(out);
      }
    }
  }
}
 
Example 29
Source Project: hadoop   Source File: TestEnhancedByteBufferAccess.java    License: Apache License 2.0 5 votes vote down vote up
private void waitForReplicaAnchorStatus(final ShortCircuitCache cache,
    final ExtendedBlock block, final boolean expectedIsAnchorable,
      final boolean expectedIsAnchored, final int expectedOutstandingMmaps)
        throws Exception {
  GenericTestUtils.waitFor(new Supplier<Boolean>() {
    @Override
    public Boolean get() {
      final MutableBoolean result = new MutableBoolean(false);
      cache.accept(new CacheVisitor() {
        @Override
        public void visit(int numOutstandingMmaps,
            Map<ExtendedBlockId, ShortCircuitReplica> replicas,
            Map<ExtendedBlockId, InvalidToken> failedLoads,
            Map<Long, ShortCircuitReplica> evictable,
            Map<Long, ShortCircuitReplica> evictableMmapped) {
          Assert.assertEquals(expectedOutstandingMmaps, numOutstandingMmaps);
          ShortCircuitReplica replica =
              replicas.get(ExtendedBlockId.fromExtendedBlock(block));
          Assert.assertNotNull(replica);
          Slot slot = replica.getSlot();
          if ((expectedIsAnchorable != slot.isAnchorable()) ||
              (expectedIsAnchored != slot.isAnchored())) {
            LOG.info("replica " + replica + " has isAnchorable = " +
              slot.isAnchorable() + ", isAnchored = " + slot.isAnchored() + 
              ".  Waiting for isAnchorable = " + expectedIsAnchorable + 
              ", isAnchored = " + expectedIsAnchored);
            return;
          }
          result.setValue(true);
        }
      });
      return result.toBoolean();
    }
  }, 10, 60000);
}
 
Example 30
Source Project: hadoop   Source File: TestDelegationToken.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testDelegationTokenSecretManager() throws Exception {
  Token<DelegationTokenIdentifier> token = generateDelegationToken(
      "SomeUser", "JobTracker");
  // Fake renewer should not be able to renew
  try {
	  dtSecretManager.renewToken(token, "FakeRenewer");
	  Assert.fail("should have failed");
  } catch (AccessControlException ace) {
    // PASS
  }
 dtSecretManager.renewToken(token, "JobTracker");
  DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
  byte[] tokenId = token.getIdentifier();
  identifier.readFields(new DataInputStream(
           new ByteArrayInputStream(tokenId)));
  Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
  LOG.info("Sleep to expire the token");
 Thread.sleep(6000);
 //Token should be expired
 try {
   dtSecretManager.retrievePassword(identifier);
   //Should not come here
   Assert.fail("Token should have expired");
 } catch (InvalidToken e) {
   //Success
 }
 dtSecretManager.renewToken(token, "JobTracker");
 LOG.info("Sleep beyond the max lifetime");
 Thread.sleep(5000);
 try {
	  dtSecretManager.renewToken(token, "JobTracker");
	  Assert.fail("should have been expired");
 } catch (InvalidToken it) {
   // PASS
 }
}