Search in sources :

Example 1 with DelegationTokenIdentifier

use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project cdap by caskdata.

the class HiveTokenUtils method obtainToken.

public static Credentials obtainToken(Credentials credentials) {
    ClassLoader hiveClassloader = ExploreUtils.getExploreClassloader();
    ClassLoader contextClassloader = Thread.currentThread().getContextClassLoader();
    Thread.currentThread().setContextClassLoader(hiveClassloader);
    try {
        Class hiveConfClass = hiveClassloader.loadClass("org.apache.hadoop.hive.conf.HiveConf");
        Object hiveConf = hiveConfClass.newInstance();
        Class hiveClass = hiveClassloader.loadClass("org.apache.hadoop.hive.ql.metadata.Hive");
        @SuppressWarnings("unchecked") Method hiveGet = hiveClass.getMethod("get", hiveConfClass);
        Object hiveObject = hiveGet.invoke(null, hiveConf);
        String user = UserGroupInformation.getCurrentUser().getShortUserName();
        @SuppressWarnings("unchecked") Method getDelegationToken = hiveClass.getMethod("getDelegationToken", String.class, String.class);
        String tokenStr = (String) getDelegationToken.invoke(hiveObject, user, user);
        Token<DelegationTokenIdentifier> delegationToken = new Token<>();
        delegationToken.decodeFromUrlString(tokenStr);
        delegationToken.setService(new Text(HiveAuthFactory.HS2_CLIENT_TOKEN));
        LOG.debug("Adding delegation token {} from MetaStore for service {} for user {}", delegationToken, delegationToken.getService(), user);
        credentials.addToken(delegationToken.getService(), delegationToken);
        return credentials;
    } catch (Exception e) {
        throw Throwables.propagate(e);
    } finally {
        Thread.currentThread().setContextClassLoader(contextClassloader);
    }
}
Also used : DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier) Token(org.apache.hadoop.security.token.Token) Text(org.apache.hadoop.io.Text) Method(java.lang.reflect.Method)

Example 2 with DelegationTokenIdentifier

use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project oozie by apache.

the class HCatURIHandler method getHCatClient.

private HCatClientWithToken getHCatClient(URI uri, Configuration conf, String user) throws HCatAccessorException {
    final HiveConf hiveConf = getHiveConf(uri, conf);
    String delegationToken = null;
    try {
        // Get UGI to doAs() as the specified user
        UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
        // Define the label for the Delegation Token for the HCat instance.
        hiveConf.set("hive.metastore.token.signature", "HCatTokenSignature");
        if (hiveConf.getBoolean(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname, false)) {
            HCatClient tokenClient = null;
            try {
                // Retrieve Delegation token for HCatalog
                tokenClient = HCatClient.create(hiveConf);
                delegationToken = tokenClient.getDelegationToken(user, UserGroupInformation.getLoginUser().getUserName());
                // Store Delegation token in the UGI
                Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>();
                token.decodeFromUrlString(delegationToken);
                token.setService(new Text(hiveConf.get("hive.metastore.token.signature")));
                ugi.addToken(token);
            } finally {
                if (tokenClient != null) {
                    tokenClient.close();
                }
            }
        }
        XLog.getLog(HCatURIHandler.class).info("Creating HCatClient for user [{0}] login_user [{1}] and server [{2}] ", user, UserGroupInformation.getLoginUser(), hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname));
        HCatClient hcatClient = ugi.doAs(new PrivilegedExceptionAction<HCatClient>() {

            @Override
            public HCatClient run() throws Exception {
                HCatClient client = HCatClient.create(hiveConf);
                return client;
            }
        });
        HCatClientWithToken clientWithToken = new HCatClientWithToken(hcatClient, delegationToken);
        return clientWithToken;
    } catch (IOException e) {
        throw new HCatAccessorException(ErrorCode.E1501, e.getMessage());
    } catch (Exception e) {
        throw new HCatAccessorException(ErrorCode.E1501, e.getMessage());
    }
}
Also used : DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier) Token(org.apache.hadoop.security.token.Token) Text(org.apache.hadoop.io.Text) IOException(java.io.IOException) HCatAccessorException(org.apache.oozie.service.HCatAccessorException) HCatException(org.apache.hive.hcatalog.common.HCatException) URISyntaxException(java.net.URISyntaxException) HCatAccessorException(org.apache.oozie.service.HCatAccessorException) ConnectionFailureException(org.apache.hive.hcatalog.api.ConnectionFailureException) IOException(java.io.IOException) HCatClient(org.apache.hive.hcatalog.api.HCatClient) HiveConf(org.apache.hadoop.hive.conf.HiveConf) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 3 with DelegationTokenIdentifier

use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project cdap by caskdata.

the class HiveTokenUtils method obtainHiveServer2Token.

private static void obtainHiveServer2Token(ClassLoader hiveClassloader, CConfiguration cConf, Credentials credentials) {
    String hiveJdbcUrl = cConf.get(Constants.Explore.HIVE_SERVER_JDBC_URL);
    // required to be present for CDAP functionality.
    if (Strings.isNullOrEmpty(hiveJdbcUrl)) {
        LOG.debug("Hive JDBC URL is not set, not fetching delegation token from HiveServer2");
        return;
    }
    try {
        Class hiveConnectionClass = hiveClassloader.loadClass("org.apache.hive.jdbc.HiveConnection");
        @SuppressWarnings("unchecked") Constructor constructor = hiveConnectionClass.getConstructor(String.class, Properties.class);
        @SuppressWarnings("unchecked") Method closeMethod = hiveConnectionClass.getMethod("close");
        @SuppressWarnings("unchecked") Method getDelegationTokenMethod = hiveConnectionClass.getMethod("getDelegationToken", String.class, String.class);
        Object hiveConnection = constructor.newInstance(hiveJdbcUrl, EMPTY_PROPERTIES);
        try {
            String user = UserGroupInformation.getCurrentUser().getShortUserName();
            String tokenStr = (String) getDelegationTokenMethod.invoke(hiveConnection, user, user);
            Token<DelegationTokenIdentifier> delegationToken = new Token<>();
            delegationToken.decodeFromUrlString(tokenStr);
            LOG.debug("Adding delegation token {} from HiveServer2 for service {} for user {}", delegationToken, delegationToken.getService(), user);
            credentials.addToken(delegationToken.getService(), delegationToken);
        } finally {
            closeMethod.invoke(hiveConnection);
        }
    } catch (Exception e) {
        LOG.warn("Got exception when fetching delegation token from HiveServer2 using JDBC URL {}, ignoring it", hiveJdbcUrl, e);
    }
}
Also used : DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier) Constructor(java.lang.reflect.Constructor) Token(org.apache.hadoop.security.token.Token) Method(java.lang.reflect.Method)

Example 4 with DelegationTokenIdentifier

use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project hive by apache.

the class Utils method createToken.

/**
   * Create a new token using the given string and service
   * @param tokenStr
   * @param tokenService
   * @return
   * @throws IOException
   */
private static Token<DelegationTokenIdentifier> createToken(String tokenStr, String tokenService) throws IOException {
    Token<DelegationTokenIdentifier> delegationToken = new Token<DelegationTokenIdentifier>();
    delegationToken.decodeFromUrlString(tokenStr);
    delegationToken.setService(new Text(tokenService));
    return delegationToken;
}
Also used : DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier) Token(org.apache.hadoop.security.token.Token) Text(org.apache.hadoop.io.Text)

Example 5 with DelegationTokenIdentifier

use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project cdap by caskdata.

the class HiveTokenUtils method obtainHiveMetastoreToken.

private static void obtainHiveMetastoreToken(ClassLoader hiveClassloader, Credentials credentials) {
    try {
        Class hiveConfClass = hiveClassloader.loadClass("org.apache.hadoop.hive.conf.HiveConf");
        Object hiveConf = hiveConfClass.newInstance();
        Class hiveClass = hiveClassloader.loadClass("org.apache.hadoop.hive.ql.metadata.Hive");
        @SuppressWarnings("unchecked") Method hiveGet = hiveClass.getMethod("get", hiveConfClass);
        Object hiveObject = hiveGet.invoke(null, hiveConf);
        String user = UserGroupInformation.getCurrentUser().getShortUserName();
        @SuppressWarnings("unchecked") Method getDelegationToken = hiveClass.getMethod("getDelegationToken", String.class, String.class);
        String tokenStr = (String) getDelegationToken.invoke(hiveObject, user, user);
        Token<DelegationTokenIdentifier> delegationToken = new Token<>();
        delegationToken.decodeFromUrlString(tokenStr);
        delegationToken.setService(new Text(Constants.Explore.HIVE_METASTORE_TOKEN_SERVICE_NAME));
        LOG.debug("Adding delegation token {} from MetaStore for service {} for user {}", delegationToken, delegationToken.getService(), user);
        credentials.addToken(delegationToken.getService(), delegationToken);
    } catch (Exception e) {
        throw Throwables.propagate(e);
    }
}
Also used : DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier) Token(org.apache.hadoop.security.token.Token) Text(org.apache.hadoop.io.Text) Method(java.lang.reflect.Method)

Aggregations

DelegationTokenIdentifier (org.apache.hadoop.hive.thrift.DelegationTokenIdentifier)5 Token (org.apache.hadoop.security.token.Token)5 Text (org.apache.hadoop.io.Text)4 Method (java.lang.reflect.Method)3 IOException (java.io.IOException)1 Constructor (java.lang.reflect.Constructor)1 URISyntaxException (java.net.URISyntaxException)1 HiveConf (org.apache.hadoop.hive.conf.HiveConf)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 ConnectionFailureException (org.apache.hive.hcatalog.api.ConnectionFailureException)1 HCatClient (org.apache.hive.hcatalog.api.HCatClient)1 HCatException (org.apache.hive.hcatalog.common.HCatException)1 HCatAccessorException (org.apache.oozie.service.HCatAccessorException)1