use of org.apache.hadoop.hive.llap.daemon.rpc.LlapDaemonProtocolProtos.GetTokenResponseProto in project hive by apache.
the class LlapProtocolServerImpl method getDelegationToken.
@Override
public GetTokenResponseProto getDelegationToken(RpcController controller, GetTokenRequestProto request) throws ServiceException {
if (secretManager == null) {
throw new ServiceException("Operation not supported on unsecure cluster");
}
UserGroupInformation callingUser = null;
Token<LlapTokenIdentifier> token = null;
try {
callingUser = UserGroupInformation.getCurrentUser();
// Determine if the user would need to sign fragments.
boolean isSigningRequired = determineIfSigningIsRequired(callingUser);
token = secretManager.createLlapToken(request.hasAppId() ? request.getAppId() : null, null, isSigningRequired);
} catch (IOException e) {
throw new ServiceException(e);
}
if (isRestrictedToClusterUser && !clusterUser.equals(callingUser.getShortUserName())) {
throw new ServiceException("Management protocol ACL is too permissive. The access has been" + " automatically restricted to " + clusterUser + "; " + callingUser.getShortUserName() + " is denied access. Please set " + ConfVars.LLAP_VALIDATE_ACLS.varname + " to false," + " or adjust " + ConfVars.LLAP_MANAGEMENT_ACL.varname + " and " + ConfVars.LLAP_MANAGEMENT_ACL_DENY.varname + " to a more restrictive ACL.");
}
ByteArrayDataOutput out = ByteStreams.newDataOutput();
try {
token.write(out);
} catch (IOException e) {
throw new ServiceException(e);
}
ByteString bs = ByteString.copyFrom(out.toByteArray());
GetTokenResponseProto response = GetTokenResponseProto.newBuilder().setToken(bs).build();
return response;
}
Aggregations