Example 16 with LlapTokenIdentifier
use of org.apache.hadoop.hive.llap.security.LlapTokenIdentifier in project hive by apache.
the class LlapProtocolServerImpl method getDelegationToken.
@Override
public GetTokenResponseProto getDelegationToken(RpcController controller, GetTokenRequestProto request) throws ServiceException {
if (secretManager == null) {
throw new ServiceException("Operation not supported on unsecure cluster");
}
UserGroupInformation callingUser = null;
Token<LlapTokenIdentifier> token = null;
try {
callingUser = UserGroupInformation.getCurrentUser();
// Determine if the user would need to sign fragments.
boolean isSigningRequired = determineIfSigningIsRequired(callingUser);
token = secretManager.createLlapToken(request.hasAppId() ? request.getAppId() : null, null, isSigningRequired);
} catch (IOException e) {
throw new ServiceException(e);
}
if (isRestrictedToClusterUser && !clusterUser.equals(callingUser.getShortUserName())) {
throw new ServiceException("Management protocol ACL is too permissive. The access has been" + " automatically restricted to " + clusterUser + "; " + callingUser.getShortUserName() + " is denied access. Please set " + ConfVars.LLAP_VALIDATE_ACLS.varname + " to false," + " or adjust " + ConfVars.LLAP_MANAGEMENT_ACL.varname + " and " + ConfVars.LLAP_MANAGEMENT_ACL_DENY.varname + " to a more restrictive ACL.");
}
ByteArrayDataOutput out = ByteStreams.newDataOutput();
try {
token.write(out);
} catch (IOException e) {
throw new ServiceException(e);
}
ByteString bs = ByteString.copyFrom(out.toByteArray());
GetTokenResponseProto response = GetTokenResponseProto.newBuilder().setToken(bs).build();
return response;
}
Also used :
LlapTokenIdentifier(org.apache.hadoop.hive.llap.security.LlapTokenIdentifier)
ServiceException(com.google.protobuf.ServiceException)
GetTokenResponseProto(org.apache.hadoop.hive.llap.daemon.rpc.LlapDaemonProtocolProtos.GetTokenResponseProto)
ByteString(com.google.protobuf.ByteString)
ByteArrayDataOutput(com.google.common.io.ByteArrayDataOutput)
IOException(java.io.IOException)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Aggregations
LlapTokenIdentifier (org.apache.hadoop.hive.llap.security.LlapTokenIdentifier)16
IOException (java.io.IOException)5
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)5
ByteString (com.google.protobuf.ByteString)3
LlapCoordinator (org.apache.hadoop.hive.llap.coordinator.LlapCoordinator)3
Token (org.apache.hadoop.security.token.Token)3
ServiceException (com.google.protobuf.ServiceException)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
DataInputStream (java.io.DataInputStream)2
FileNotFoundException (java.io.FileNotFoundException)2
URISyntaxException (java.net.URISyntaxException)2
LoginException (javax.security.auth.login.LoginException)2
FileSystem (org.apache.hadoop.fs.FileSystem)2
Path (org.apache.hadoop.fs.Path)2
LlapInputSplit (org.apache.hadoop.hive.llap.LlapInputSplit)2
SubmitWorkInfo (org.apache.hadoop.hive.llap.SubmitWorkInfo)2
LlapServiceInstance (org.apache.hadoop.hive.llap.registry.LlapServiceInstance)2
LlapSigner (org.apache.hadoop.hive.llap.security.LlapSigner)2
SignedMessage (org.apache.hadoop.hive.llap.security.LlapSigner.SignedMessage)2
LlapTokenLocalClient (org.apache.hadoop.hive.llap.security.LlapTokenLocalClient)2
