Examples with DelegationTokenSelector - org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSelector

Example 1 with DelegationTokenSelector

use of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSelector in project hadoop by apache.

the class TestDelegationTokensWithHA method testHAUtilClonesDelegationTokens.

@Test(timeout = 300000)
public void testHAUtilClonesDelegationTokens() throws Exception {
    final Token<DelegationTokenIdentifier> token = getDelegationToken(fs, "JobTracker");
    UserGroupInformation ugi = UserGroupInformation.createRemoteUser("test");
    URI haUri = new URI("hdfs://my-ha-uri/");
    token.setService(HAUtilClient.buildTokenServiceForLogicalUri(haUri, HdfsConstants.HDFS_URI_SCHEME));
    ugi.addToken(token);
    Collection<InetSocketAddress> nnAddrs = new HashSet<InetSocketAddress>();
    nnAddrs.add(new InetSocketAddress("localhost", nn0.getNameNodeAddress().getPort()));
    nnAddrs.add(new InetSocketAddress("localhost", nn1.getNameNodeAddress().getPort()));
    HAUtil.cloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
    Collection<Token<? extends TokenIdentifier>> tokens = ugi.getTokens();
    assertEquals(3, tokens.size());
    LOG.info("Tokens:\n" + Joiner.on("\n").join(tokens));
    DelegationTokenSelector dts = new DelegationTokenSelector();
    // matches the one we received
    for (InetSocketAddress addr : nnAddrs) {
        Text ipcDtService = SecurityUtil.buildTokenService(addr);
        Token<DelegationTokenIdentifier> token2 = dts.selectToken(ipcDtService, ugi.getTokens());
        assertNotNull(token2);
        assertArrayEquals(token.getIdentifier(), token2.getIdentifier());
        assertArrayEquals(token.getPassword(), token2.getPassword());
    }
    // switch to host-based tokens, shouldn't match existing tokens 
    SecurityUtilTestHelper.setTokenServiceUseIp(false);
    for (InetSocketAddress addr : nnAddrs) {
        Text ipcDtService = SecurityUtil.buildTokenService(addr);
        Token<DelegationTokenIdentifier> token2 = dts.selectToken(ipcDtService, ugi.getTokens());
        assertNull(token2);
    }
    // reclone the tokens, and see if they match now
    HAUtil.cloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
    for (InetSocketAddress addr : nnAddrs) {
        Text ipcDtService = SecurityUtil.buildTokenService(addr);
        Token<DelegationTokenIdentifier> token2 = dts.selectToken(ipcDtService, ugi.getTokens());
        assertNotNull(token2);
        assertArrayEquals(token.getIdentifier(), token2.getIdentifier());
        assertArrayEquals(token.getPassword(), token2.getPassword());
    }
}

Also used : TokenIdentifier(org.apache.hadoop.security.token.TokenIdentifier) DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) DelegationTokenIdentifier(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier) InetSocketAddress(java.net.InetSocketAddress) Token(org.apache.hadoop.security.token.Token) Text(org.apache.hadoop.io.Text) URI(java.net.URI) DelegationTokenSelector(org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSelector) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

InetSocketAddress (java.net.InetSocketAddress)1 URI (java.net.URI)1 HashSet (java.util.HashSet)1 DelegationTokenIdentifier (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier)1 DelegationTokenSelector (org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSelector)1 Text (org.apache.hadoop.io.Text)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 Token (org.apache.hadoop.security.token.Token)1 TokenIdentifier (org.apache.hadoop.security.token.TokenIdentifier)1 Test (org.junit.Test)1