use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class ConfiguratorBase method setConnectorInfo.
/**
* Sets the connector information needed to communicate with Accumulo in this job.
*
* <p>
* <b>WARNING:</b> The serialized token is stored in the configuration and shared with all
* MapReduce tasks. It is BASE64 encoded to provide a charset safe conversion to a string, and is
* not intended to be secure.
*
* @param implementingClass
* the class whose name will be used as a prefix for the property configuration key
* @param conf
* the Hadoop configuration object to configure
* @param principal
* a valid Accumulo user name
* @param token
* the user's password
* @since 1.6.0
*/
public static void setConnectorInfo(Class<?> implementingClass, Configuration conf, String principal, AuthenticationToken token) {
if (isConnectorInfoSet(implementingClass, conf)) {
throw new IllegalStateException("Connector info for " + implementingClass.getSimpleName() + " can only be set once per job");
}
checkArgument(principal != null, "principal is null");
checkArgument(token != null, "token is null");
conf.setBoolean(enumToConfKey(implementingClass, ConnectorInfo.IS_CONFIGURED), true);
conf.set(enumToConfKey(implementingClass, ConnectorInfo.PRINCIPAL), principal);
if (token instanceof DelegationTokenImpl) {
// Avoid serializing the DelegationToken secret in the configuration -- the Job will do that
// work for us securely
DelegationTokenImpl delToken = (DelegationTokenImpl) token;
conf.set(enumToConfKey(implementingClass, ConnectorInfo.TOKEN), TokenSource.JOB.prefix() + token.getClass().getName() + ":" + delToken.getServiceName().toString());
} else {
conf.set(enumToConfKey(implementingClass, ConnectorInfo.TOKEN), TokenSource.INLINE.prefix() + token.getClass().getName() + ":" + Base64.getEncoder().encodeToString(AuthenticationTokenSerializer.serialize(token)));
}
}
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class ConfiguratorBase method unwrapAuthenticationToken.
/**
* Unwraps the provided {@link AuthenticationToken} if it is an instance of DelegationTokenStub,
* reconstituting it from the provided {@link JobConf}.
*
* @param job
* The job
* @param token
* The authentication token
*/
public static AuthenticationToken unwrapAuthenticationToken(JobContext job, AuthenticationToken token) {
requireNonNull(job);
requireNonNull(token);
if (token instanceof org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) {
org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub delTokenStub = (org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) token;
Token<? extends TokenIdentifier> hadoopToken = job.getCredentials().getToken(new Text(delTokenStub.getServiceName()));
AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier();
try {
identifier.readFields(new DataInputStream(new ByteArrayInputStream(hadoopToken.getIdentifier())));
return new DelegationTokenImpl(hadoopToken.getPassword(), identifier);
} catch (IOException e) {
throw new RuntimeException("Could not construct DelegationToken from JobConf Credentials", e);
}
}
return token;
}
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class ConfiguratorBase method unwrapAuthenticationToken.
/**
* Unwraps the provided {@link AuthenticationToken} if it is an instance of DelegationTokenStub,
* reconstituting it from the provided {@link JobConf}.
*
* @param job
* The job
* @param token
* The authentication token
*/
public static AuthenticationToken unwrapAuthenticationToken(JobConf job, AuthenticationToken token) {
requireNonNull(job);
requireNonNull(token);
if (token instanceof org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) {
org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub delTokenStub = (org.apache.accumulo.core.clientImpl.mapreduce.DelegationTokenStub) token;
Token<? extends TokenIdentifier> hadoopToken = job.getCredentials().getToken(new Text(delTokenStub.getServiceName()));
AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier();
try {
identifier.readFields(new DataInputStream(new ByteArrayInputStream(hadoopToken.getIdentifier())));
return new DelegationTokenImpl(hadoopToken.getPassword(), identifier);
} catch (IOException e) {
throw new RuntimeException("Could not construct DelegationToken from JobConf Credentials", e);
}
}
return token;
}
use of org.apache.accumulo.core.clientImpl.DelegationTokenImpl in project accumulo by apache.
the class DelegationTokenImplTest method testSerialization.
@Test
public void testSerialization() throws IOException {
byte[] passBytes = new byte[] { 'f', 'a', 'k', 'e' };
AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier(createTAuthIdentifier("user", 1, 1000L, 2000L, "instanceid"));
DelegationTokenImpl token = new DelegationTokenImpl(passBytes, identifier);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
token.write(new DataOutputStream(baos));
DelegationTokenImpl copy = new DelegationTokenImpl();
copy.readFields(new DataInputStream(new ByteArrayInputStream(baos.toByteArray())));
assertEquals(token.getServiceName(), copy.getServiceName());
assertEquals(token, copy);
assertEquals(token.hashCode(), copy.hashCode());
}
Aggregations