Examples with DelegationTokenIdentifier org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier used on opensource projects

Search in sources :

Example 21 with DelegationTokenIdentifier

use of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier in project hadoop by apache.

the class TestDataNodeUGIProvider method getWebHdfsFileSystem.

private WebHdfsFileSystem getWebHdfsFileSystem(UserGroupInformation ugi, Configuration conf, List<Token<DelegationTokenIdentifier>> tokens) throws IOException {
    if (UserGroupInformation.isSecurityEnabled()) {
        DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text(ugi.getUserName()), null, null);
        FSNamesystem namesystem = mock(FSNamesystem.class);
        DelegationTokenSecretManager dtSecretManager = new DelegationTokenSecretManager(86400000, 86400000, 86400000, 86400000, namesystem);
        dtSecretManager.startThreads();
        Token<DelegationTokenIdentifier> token1 = new Token<DelegationTokenIdentifier>(dtId, dtSecretManager);
        Token<DelegationTokenIdentifier> token2 = new Token<DelegationTokenIdentifier>(dtId, dtSecretManager);
        SecurityUtil.setTokenService(token1, NetUtils.createSocketAddr(uri.getAuthority()));
        SecurityUtil.setTokenService(token2, NetUtils.createSocketAddr(uri.getAuthority()));
        token1.setKind(WebHdfsConstants.WEBHDFS_TOKEN_KIND);
        token2.setKind(WebHdfsConstants.WEBHDFS_TOKEN_KIND);
        tokens.add(token1);
        tokens.add(token2);
        ugi.addToken(token1);
        ugi.addToken(token2);
    }
    return (WebHdfsFileSystem) FileSystem.get(uri, conf);
}
Also used : DelegationTokenSecretManager(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager) DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) Text(org.apache.hadoop.io.Text) Token(org.apache.hadoop.security.token.Token) WebHdfsFileSystem(org.apache.hadoop.hdfs.web.WebHdfsFileSystem) FSNamesystem(org.apache.hadoop.hdfs.server.namenode.FSNamesystem)

Example 22 with DelegationTokenIdentifier

use of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier in project hadoop by apache.

the class TestParameterParser method testDeserializeHAToken.

@Test
public void testDeserializeHAToken() throws IOException {
    Configuration conf = DFSTestUtil.newHAConfiguration(LOGICAL_NAME);
    final Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>();
    QueryStringDecoder decoder = new QueryStringDecoder(WebHdfsHandler.WEBHDFS_PREFIX + "/?" + NamenodeAddressParam.NAME + "=" + LOGICAL_NAME + "&" + DelegationParam.NAME + "=" + token.encodeToUrlString());
    ParameterParser testParser = new ParameterParser(decoder, conf);
    final Token<DelegationTokenIdentifier> tok2 = testParser.delegationToken();
    Assert.assertTrue(HAUtilClient.isTokenForLogicalUri(tok2));
}
Also used : QueryStringDecoder(io.netty.handler.codec.http.QueryStringDecoder) Configuration(org.apache.hadoop.conf.Configuration) DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) Token(org.apache.hadoop.security.token.Token) Test(org.junit.Test)

Example 23 with DelegationTokenIdentifier

use of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier in project hadoop by apache.

the class TestDelegationToken method testDelegationTokenUgi.

@Test
public void testDelegationTokenUgi() throws Exception {
    final DistributedFileSystem dfs = cluster.getFileSystem();
    Token<?>[] tokens = dfs.addDelegationTokens("renewer", null);
    Assert.assertEquals(1, tokens.length);
    Token<?> token1 = tokens[0];
    DelegationTokenIdentifier ident = (DelegationTokenIdentifier) token1.decodeIdentifier();
    UserGroupInformation expectedUgi = ident.getUser();
    // twice each, all ugi instances should be equivalent
    for (int i = 0; i < 2; i++) {
        DelegationTokenIdentifier identClone = (DelegationTokenIdentifier) token1.decodeIdentifier();
        Assert.assertEquals(ident, identClone);
        Assert.assertNotSame(ident, identClone);
        Assert.assertSame(expectedUgi, identClone.getUser());
        Assert.assertSame(expectedUgi, identClone.getUser());
    }
    // a new token must decode to a different ugi instance than the first token
    tokens = dfs.addDelegationTokens("renewer", null);
    Assert.assertEquals(1, tokens.length);
    Token<?> token2 = tokens[0];
    Assert.assertNotEquals(token1, token2);
    Assert.assertNotSame(expectedUgi, token2.decodeIdentifier().getUser());
}
Also used : DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.security.token.Token) DistributedFileSystem(org.apache.hadoop.hdfs.DistributedFileSystem) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 24 with DelegationTokenIdentifier

use of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier in project hadoop by apache.

the class TestDelegationToken method testDelegationTokenIdentifierToString.

@Test
public void testDelegationTokenIdentifierToString() throws Exception {
    DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text("SomeUser"), new Text("JobTracker"), null);
    Assert.assertEquals("HDFS_DELEGATION_TOKEN token 0" + " for SomeUser with renewer JobTracker", dtId.toStringStable());
}
Also used : DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) Text(org.apache.hadoop.io.Text) Test(org.junit.Test)

Example 25 with DelegationTokenIdentifier

use of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier in project hadoop by apache.

the class TestJspHelper method testGetUgiFromToken.

@Test
public void testGetUgiFromToken() throws IOException {
    conf.set(DFSConfigKeys.FS_DEFAULT_NAME_KEY, "hdfs://localhost:4321/");
    ServletContext context = mock(ServletContext.class);
    String realUser = "TheDoctor";
    String user = "TheNurse";
    conf.set(DFSConfigKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
    UserGroupInformation.setConfiguration(conf);
    UserGroupInformation ugi;
    HttpServletRequest request;
    Text ownerText = new Text(user);
    DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(ownerText, ownerText, new Text(realUser));
    Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(dtId, new DummySecretManager(0, 0, 0, 0));
    String tokenString = token.encodeToUrlString();
    // token with no auth-ed user
    request = getMockRequest(null, null, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);
    // token with auth-ed user
    request = getMockRequest(realUser, null, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);
    // completely different user, token trumps auth
    request = getMockRequest("rogue", null, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);
    // expected case
    request = getMockRequest(null, user, null);
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    ugi = JspHelper.getUGI(context, request, conf);
    Assert.assertNotNull(ugi.getRealUser());
    Assert.assertEquals(ugi.getRealUser().getShortUserName(), realUser);
    Assert.assertEquals(ugi.getShortUserName(), user);
    checkUgiFromToken(ugi);
    // can't proxy with a token!
    request = getMockRequest(null, null, "rogue");
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    try {
        JspHelper.getUGI(context, request, conf);
        Assert.fail("bad request allowed");
    } catch (IOException ioe) {
        Assert.assertEquals("Usernames not matched: name=rogue != expected=" + user, ioe.getMessage());
    }
    // can't proxy with a token!
    request = getMockRequest(null, user, "rogue");
    when(request.getParameter(JspHelper.DELEGATION_PARAMETER_NAME)).thenReturn(tokenString);
    try {
        JspHelper.getUGI(context, request, conf);
        Assert.fail("bad request allowed");
    } catch (IOException ioe) {
        Assert.assertEquals("Usernames not matched: name=rogue != expected=" + user, ioe.getMessage());
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) ServletContext(javax.servlet.ServletContext) Text(org.apache.hadoop.io.Text) Token(org.apache.hadoop.security.token.Token) IOException(java.io.IOException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Aggregations

DelegationTokenIdentifier (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)46 Test (org.junit.Test)28 Text (org.apache.hadoop.io.Text)25 Token (org.apache.hadoop.security.token.Token)21 IOException (java.io.IOException)18 Configuration (org.apache.hadoop.conf.Configuration)13 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)12 Credentials (org.apache.hadoop.security.Credentials)11 ByteArrayInputStream (java.io.ByteArrayInputStream)10 DataInputStream (java.io.DataInputStream)10 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)9 ByteBuffer (java.nio.ByteBuffer)7 DataInputByteBuffer (org.apache.hadoop.io.DataInputByteBuffer)7 MockNM (org.apache.hadoop.yarn.server.resourcemanager.MockNM)7 MockRM (org.apache.hadoop.yarn.server.resourcemanager.MockRM)7 TestSecurityMockRM (org.apache.hadoop.yarn.server.resourcemanager.TestRMRestart.TestSecurityMockRM)7 InetSocketAddress (java.net.InetSocketAddress)6 RMApp (org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)6 DelegationTokenSecretManager (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager)5 YarnConfiguration (org.apache.hadoop.yarn.conf.YarnConfiguration)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial