Example 1 with DelegationTokenIdentifier
use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project cdap by caskdata.
the class HiveTokenUtils method obtainToken.
public static Credentials obtainToken(Credentials credentials) {
ClassLoader hiveClassloader = ExploreUtils.getExploreClassloader();
ClassLoader contextClassloader = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(hiveClassloader);
try {
Class hiveConfClass = hiveClassloader.loadClass("org.apache.hadoop.hive.conf.HiveConf");
Object hiveConf = hiveConfClass.newInstance();
Class hiveClass = hiveClassloader.loadClass("org.apache.hadoop.hive.ql.metadata.Hive");
@SuppressWarnings("unchecked") Method hiveGet = hiveClass.getMethod("get", hiveConfClass);
Object hiveObject = hiveGet.invoke(null, hiveConf);
String user = UserGroupInformation.getCurrentUser().getShortUserName();
@SuppressWarnings("unchecked") Method getDelegationToken = hiveClass.getMethod("getDelegationToken", String.class, String.class);
String tokenStr = (String) getDelegationToken.invoke(hiveObject, user, user);
Token<DelegationTokenIdentifier> delegationToken = new Token<>();
delegationToken.decodeFromUrlString(tokenStr);
delegationToken.setService(new Text(HiveAuthFactory.HS2_CLIENT_TOKEN));
LOG.debug("Adding delegation token {} from MetaStore for service {} for user {}", delegationToken, delegationToken.getService(), user);
credentials.addToken(delegationToken.getService(), delegationToken);
return credentials;
} catch (Exception e) {
throw Throwables.propagate(e);
} finally {
Thread.currentThread().setContextClassLoader(contextClassloader);
}
}
Also used :
DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier)
Token(org.apache.hadoop.security.token.Token)
Text(org.apache.hadoop.io.Text)
Method(java.lang.reflect.Method)
Example 2 with DelegationTokenIdentifier
use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project oozie by apache.
the class HCatURIHandler method getHCatClient.
private HCatClientWithToken getHCatClient(URI uri, Configuration conf, String user) throws HCatAccessorException {
final HiveConf hiveConf = getHiveConf(uri, conf);
String delegationToken = null;
try {
// Get UGI to doAs() as the specified user
UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
// Define the label for the Delegation Token for the HCat instance.
hiveConf.set("hive.metastore.token.signature", "HCatTokenSignature");
if (hiveConf.getBoolean(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname, false)) {
HCatClient tokenClient = null;
try {
// Retrieve Delegation token for HCatalog
tokenClient = HCatClient.create(hiveConf);
delegationToken = tokenClient.getDelegationToken(user, UserGroupInformation.getLoginUser().getUserName());
// Store Delegation token in the UGI
Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>();
token.decodeFromUrlString(delegationToken);
token.setService(new Text(hiveConf.get("hive.metastore.token.signature")));
ugi.addToken(token);
} finally {
if (tokenClient != null) {
tokenClient.close();
}
}
}
XLog.getLog(HCatURIHandler.class).info("Creating HCatClient for user [{0}] login_user [{1}] and server [{2}] ", user, UserGroupInformation.getLoginUser(), hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname));
HCatClient hcatClient = ugi.doAs(new PrivilegedExceptionAction<HCatClient>() {
@Override
public HCatClient run() throws Exception {
HCatClient client = HCatClient.create(hiveConf);
return client;
}
});
HCatClientWithToken clientWithToken = new HCatClientWithToken(hcatClient, delegationToken);
return clientWithToken;
} catch (IOException e) {
throw new HCatAccessorException(ErrorCode.E1501, e.getMessage());
} catch (Exception e) {
throw new HCatAccessorException(ErrorCode.E1501, e.getMessage());
}
}
Also used :
DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier)
Token(org.apache.hadoop.security.token.Token)
Text(org.apache.hadoop.io.Text)
IOException(java.io.IOException)
HCatAccessorException(org.apache.oozie.service.HCatAccessorException)
HCatException(org.apache.hive.hcatalog.common.HCatException)
URISyntaxException(java.net.URISyntaxException)
HCatAccessorException(org.apache.oozie.service.HCatAccessorException)
ConnectionFailureException(org.apache.hive.hcatalog.api.ConnectionFailureException)
IOException(java.io.IOException)
HCatClient(org.apache.hive.hcatalog.api.HCatClient)
HiveConf(org.apache.hadoop.hive.conf.HiveConf)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
Example 3 with DelegationTokenIdentifier
use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project cdap by caskdata.
the class HiveTokenUtils method obtainHiveServer2Token.
private static void obtainHiveServer2Token(ClassLoader hiveClassloader, CConfiguration cConf, Credentials credentials) {
String hiveJdbcUrl = cConf.get(Constants.Explore.HIVE_SERVER_JDBC_URL);
// required to be present for CDAP functionality.
if (Strings.isNullOrEmpty(hiveJdbcUrl)) {
LOG.debug("Hive JDBC URL is not set, not fetching delegation token from HiveServer2");
return;
}
try {
Class hiveConnectionClass = hiveClassloader.loadClass("org.apache.hive.jdbc.HiveConnection");
@SuppressWarnings("unchecked") Constructor constructor = hiveConnectionClass.getConstructor(String.class, Properties.class);
@SuppressWarnings("unchecked") Method closeMethod = hiveConnectionClass.getMethod("close");
@SuppressWarnings("unchecked") Method getDelegationTokenMethod = hiveConnectionClass.getMethod("getDelegationToken", String.class, String.class);
Object hiveConnection = constructor.newInstance(hiveJdbcUrl, EMPTY_PROPERTIES);
try {
String user = UserGroupInformation.getCurrentUser().getShortUserName();
String tokenStr = (String) getDelegationTokenMethod.invoke(hiveConnection, user, user);
Token<DelegationTokenIdentifier> delegationToken = new Token<>();
delegationToken.decodeFromUrlString(tokenStr);
LOG.debug("Adding delegation token {} from HiveServer2 for service {} for user {}", delegationToken, delegationToken.getService(), user);
credentials.addToken(delegationToken.getService(), delegationToken);
} finally {
closeMethod.invoke(hiveConnection);
}
} catch (Exception e) {
LOG.warn("Got exception when fetching delegation token from HiveServer2 using JDBC URL {}, ignoring it", hiveJdbcUrl, e);
}
}
Also used :
DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier)
Constructor(java.lang.reflect.Constructor)
Token(org.apache.hadoop.security.token.Token)
Method(java.lang.reflect.Method)
Example 4 with DelegationTokenIdentifier
use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project hive by apache.
the class Utils method createToken.
/**
* Create a new token using the given string and service
* @param tokenStr
* @param tokenService
* @return
* @throws IOException
*/
private static Token<DelegationTokenIdentifier> createToken(String tokenStr, String tokenService) throws IOException {
Token<DelegationTokenIdentifier> delegationToken = new Token<DelegationTokenIdentifier>();
delegationToken.decodeFromUrlString(tokenStr);
delegationToken.setService(new Text(tokenService));
return delegationToken;
}
Also used :
DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier)
Token(org.apache.hadoop.security.token.Token)
Text(org.apache.hadoop.io.Text)
Example 5 with DelegationTokenIdentifier
use of org.apache.hadoop.hive.thrift.DelegationTokenIdentifier in project cdap by caskdata.
the class HiveTokenUtils method obtainHiveMetastoreToken.
private static void obtainHiveMetastoreToken(ClassLoader hiveClassloader, Credentials credentials) {
try {
Class hiveConfClass = hiveClassloader.loadClass("org.apache.hadoop.hive.conf.HiveConf");
Object hiveConf = hiveConfClass.newInstance();
Class hiveClass = hiveClassloader.loadClass("org.apache.hadoop.hive.ql.metadata.Hive");
@SuppressWarnings("unchecked") Method hiveGet = hiveClass.getMethod("get", hiveConfClass);
Object hiveObject = hiveGet.invoke(null, hiveConf);
String user = UserGroupInformation.getCurrentUser().getShortUserName();
@SuppressWarnings("unchecked") Method getDelegationToken = hiveClass.getMethod("getDelegationToken", String.class, String.class);
String tokenStr = (String) getDelegationToken.invoke(hiveObject, user, user);
Token<DelegationTokenIdentifier> delegationToken = new Token<>();
delegationToken.decodeFromUrlString(tokenStr);
delegationToken.setService(new Text(Constants.Explore.HIVE_METASTORE_TOKEN_SERVICE_NAME));
LOG.debug("Adding delegation token {} from MetaStore for service {} for user {}", delegationToken, delegationToken.getService(), user);
credentials.addToken(delegationToken.getService(), delegationToken);
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
Also used :
DelegationTokenIdentifier(org.apache.hadoop.hive.thrift.DelegationTokenIdentifier)
Token(org.apache.hadoop.security.token.Token)
Text(org.apache.hadoop.io.Text)
Method(java.lang.reflect.Method)
Aggregations
DelegationTokenIdentifier (org.apache.hadoop.hive.thrift.DelegationTokenIdentifier)5
Token (org.apache.hadoop.security.token.Token)5
Text (org.apache.hadoop.io.Text)4
Method (java.lang.reflect.Method)3
IOException (java.io.IOException)1
Constructor (java.lang.reflect.Constructor)1
URISyntaxException (java.net.URISyntaxException)1
HiveConf (org.apache.hadoop.hive.conf.HiveConf)1
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1
ConnectionFailureException (org.apache.hive.hcatalog.api.ConnectionFailureException)1
HCatClient (org.apache.hive.hcatalog.api.HCatClient)1
HCatException (org.apache.hive.hcatalog.common.HCatException)1
HCatAccessorException (org.apache.oozie.service.HCatAccessorException)1
