Search in sources :

Example 11 with DelegationTokenImpl

use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.

the class ConfiguratorBase method setConnectorInfo.

/**
 * Sets the connector information needed to communicate with Accumulo in this job.
 *
 * <p>
 * <b>WARNING:</b> The serialized token is stored in the configuration and shared with all
 * MapReduce tasks. It is BASE64 encoded to provide a charset safe conversion to a string, and is
 * not intended to be secure.
 *
 * @param implementingClass
 *          the class whose name will be used as a prefix for the property configuration key
 * @param conf
 *          the Hadoop configuration object to configure
 * @param principal
 *          a valid Accumulo user name
 * @param token
 *          the user's password
 * @since 1.6.0
 */
public static void setConnectorInfo(Class<?> implementingClass, Configuration conf, String principal, AuthenticationToken token) {
    if (isConnectorInfoSet(implementingClass, conf)) {
        throw new IllegalStateException("Connector info for " + implementingClass.getSimpleName() + " can only be set once per job");
    }
    checkArgument(principal != null, "principal is null");
    checkArgument(token != null, "token is null");
    conf.setBoolean(enumToConfKey(implementingClass, ConnectorInfo.IS_CONFIGURED), true);
    conf.set(enumToConfKey(implementingClass, ConnectorInfo.PRINCIPAL), principal);
    if (token instanceof DelegationTokenImpl) {
        // Avoid serializing the DelegationToken secret in the configuration -- the Job will do that
        // work for us securely
        DelegationTokenImpl delToken = (DelegationTokenImpl) token;
        conf.set(enumToConfKey(implementingClass, ConnectorInfo.TOKEN), TokenSource.JOB.prefix() + token.getClass().getName() + ":" + delToken.getServiceName().toString());
    } else {
        conf.set(enumToConfKey(implementingClass, ConnectorInfo.TOKEN), TokenSource.INLINE.prefix() + token.getClass().getName() + ":" + Base64.getEncoder().encodeToString(AuthenticationTokenSerializer.serialize(token)));
    }
}
Also used : DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl)

Example 12 with DelegationTokenImpl

use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.

the class ConfiguratorBase method unwrapAuthenticationToken.

/**
 * Unwraps the provided {@link AuthenticationToken} if it is an instance of DelegationTokenStub,
 * reconstituting it from the provided {@link JobConf}.
 *
 * @param job
 *          The job
 * @param token
 *          The authentication token
 */
public static AuthenticationToken unwrapAuthenticationToken(JobContext job, AuthenticationToken token) {
    requireNonNull(job);
    requireNonNull(token);
    if (token instanceof org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) {
        org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub delTokenStub = (org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) token;
        Token<? extends TokenIdentifier> hadoopToken = job.getCredentials().getToken(new Text(delTokenStub.getServiceName()));
        AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier();
        try {
            identifier.readFields(new DataInputStream(new ByteArrayInputStream(hadoopToken.getIdentifier())));
            return new DelegationTokenImpl(hadoopToken.getPassword(), identifier);
        } catch (IOException e) {
            throw new RuntimeException("Could not construct DelegationToken from JobConf Credentials", e);
        }
    }
    return token;
}
Also used : Text(org.apache.hadoop.io.Text) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl) AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)

Example 13 with DelegationTokenImpl

use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.

the class ConfiguratorBase method unwrapAuthenticationToken.

/**
 * Unwraps the provided {@link AuthenticationToken} if it is an instance of DelegationTokenStub,
 * reconstituting it from the provided {@link JobConf}.
 *
 * @param job
 *          The job
 * @param token
 *          The authentication token
 */
public static AuthenticationToken unwrapAuthenticationToken(JobConf job, AuthenticationToken token) {
    requireNonNull(job);
    requireNonNull(token);
    if (token instanceof org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) {
        org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub delTokenStub = (org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) token;
        Token<? extends TokenIdentifier> hadoopToken = job.getCredentials().getToken(new Text(delTokenStub.getServiceName()));
        AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier();
        try {
            identifier.readFields(new DataInputStream(new ByteArrayInputStream(hadoopToken.getIdentifier())));
            return new DelegationTokenImpl(hadoopToken.getPassword(), identifier);
        } catch (IOException e) {
            throw new RuntimeException("Could not construct DelegationToken from JobConf Credentials", e);
        }
    }
    return token;
}
Also used : Text(org.apache.hadoop.io.Text) IOException(java.io.IOException) DataInputStream(java.io.DataInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl) AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)

Example 14 with DelegationTokenImpl

use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.

the class DelegationTokenImplTest method testSerialization.

@Test
public void testSerialization() throws IOException {
    byte[] passBytes = new byte[] { 'f', 'a', 'k', 'e' };
    AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier(createTAuthIdentifier("user", 1, 1000L, 2000L, "instanceid"));
    DelegationTokenImpl token = new DelegationTokenImpl(passBytes, identifier);
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    token.write(new DataOutputStream(baos));
    DelegationTokenImpl copy = new DelegationTokenImpl();
    copy.readFields(new DataInputStream(new ByteArrayInputStream(baos.toByteArray())));
    assertEquals(token.getServiceName(), copy.getServiceName());
    assertEquals(token, copy);
    assertEquals(token.hashCode(), copy.hashCode());
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) DelegationTokenImpl(org.apache.accumulo.core.clientImpl.DelegationTokenImpl) DataOutputStream(java.io.DataOutputStream) AuthenticationTokenIdentifier(org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier) ByteArrayOutputStream(java.io.ByteArrayOutputStream) DataInputStream(java.io.DataInputStream) Test(org.junit.jupiter.api.Test)

Aggregations

DelegationTokenImpl (org.apache.accumulo.core.clientImpl.DelegationTokenImpl)14 AuthenticationTokenIdentifier (org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier)11 KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)8 IOException (java.io.IOException)6 DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)6 AuthenticationToken (org.apache.accumulo.core.client.security.tokens.AuthenticationToken)6 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)5 AccumuloException (org.apache.accumulo.core.client.AccumuloException)4 TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)4 DelegationToken (org.apache.accumulo.core.client.security.tokens.DelegationToken)4 PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)4 ClientContext (org.apache.accumulo.core.clientImpl.ClientContext)4 Token (org.apache.hadoop.security.token.Token)4 Test (org.junit.jupiter.api.Test)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 DataInputStream (java.io.DataInputStream)3 AccumuloClient (org.apache.accumulo.core.client.AccumuloClient)2 MutationsRejectedException (org.apache.accumulo.core.client.MutationsRejectedException)2 TableExistsException (org.apache.accumulo.core.client.TableExistsException)2 Text (org.apache.hadoop.io.Text)2