Examples with AuthorizationException org.apache.hadoop.security.authorize.AuthorizationException used on opensource projects

Example 6 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class RMWebServices method updateApplicationPriority.

@PUT
@Path("/apps/{appid}/priority")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response updateApplicationPriority(AppPriority targetPriority, @Context HttpServletRequest hsr, @PathParam("appid") String appId) throws AuthorizationException, YarnException, InterruptedException, IOException {
    init();
    if (targetPriority == null) {
        throw new YarnException("Target Priority cannot be null");
    }
    UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
    if (callerUGI == null) {
        throw new AuthorizationException("Unable to obtain user name, user not authenticated");
    }
    if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
        return Response.status(Status.FORBIDDEN).entity("The default static user cannot carry out this operation.").build();
    }
    String userName = callerUGI.getUserName();
    RMApp app = null;
    try {
        app = getRMAppForAppId(appId);
    } catch (NotFoundException e) {
        RMAuditLogger.logFailure(userName, AuditConstants.UPDATE_APP_PRIORITY, "UNKNOWN", "RMWebService", "Trying to update priority an absent application " + appId);
        throw e;
    }
    Priority priority = app.getApplicationPriority();
    if (priority == null || priority.getPriority() != targetPriority.getPriority()) {
        return modifyApplicationPriority(app, callerUGI, targetPriority.getPriority());
    }
    return Response.status(Status.OK).entity(targetPriority).build();
}

Example 7 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class RMWebServices method renewDelegationToken.

private Response renewDelegationToken(DelegationToken tokenData, HttpServletRequest hsr, UserGroupInformation callerUGI) throws AuthorizationException, IOException, InterruptedException, Exception {
    Token<RMDelegationTokenIdentifier> token = extractToken(tokenData.getToken());
    org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind().toString(), token.getPassword(), token.getService().toString());
    final RenewDelegationTokenRequest req = RenewDelegationTokenRequest.newInstance(dToken);
    RenewDelegationTokenResponse resp;
    try {
        resp = callerUGI.doAs(new PrivilegedExceptionAction<RenewDelegationTokenResponse>() {

            @Override
            public RenewDelegationTokenResponse run() throws IOException, YarnException {
                return rm.getClientRMService().renewDelegationToken(req);
            }
        });
    } catch (UndeclaredThrowableException ue) {
        if (ue.getCause() instanceof YarnException) {
            if (ue.getCause().getCause() instanceof InvalidToken) {
                throw new BadRequestException(ue.getCause().getCause().getMessage());
            } else if (ue.getCause().getCause() instanceof org.apache.hadoop.security.AccessControlException) {
                return Response.status(Status.FORBIDDEN).entity(ue.getCause().getCause().getMessage()).build();
            }
            LOG.info("Renew delegation token request failed", ue);
            throw ue;
        }
        LOG.info("Renew delegation token request failed", ue);
        throw ue;
    } catch (Exception e) {
        LOG.info("Renew delegation token request failed", e);
        throw e;
    }
    long renewTime = resp.getNextExpirationTime();
    DelegationToken respToken = new DelegationToken();
    respToken.setNextExpirationTime(renewTime);
    return Response.status(Status.OK).entity(respToken).build();
}

Example 8 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class RMWebServices method updateAppQueue.

@PUT
@Path("/apps/{appid}/queue")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response updateAppQueue(AppQueue targetQueue, @Context HttpServletRequest hsr, @PathParam("appid") String appId) throws AuthorizationException, YarnException, InterruptedException, IOException {
    init();
    UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
    if (callerUGI == null) {
        String msg = "Unable to obtain user name, user not authenticated";
        throw new AuthorizationException(msg);
    }
    if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
        String msg = "The default static user cannot carry out this operation.";
        return Response.status(Status.FORBIDDEN).entity(msg).build();
    }
    String userName = callerUGI.getUserName();
    RMApp app = null;
    try {
        app = getRMAppForAppId(appId);
    } catch (NotFoundException e) {
        RMAuditLogger.logFailure(userName, AuditConstants.MOVE_APP_REQUEST, "UNKNOWN", "RMWebService", "Trying to move an absent application " + appId);
        throw e;
    }
    if (!app.getQueue().equals(targetQueue.getQueue())) {
        // user is attempting to change queue.
        return moveApp(app, callerUGI, targetQueue.getQueue());
    }
    AppQueue ret = new AppQueue();
    ret.setQueue(app.getQueue());
    return Response.status(Status.OK).entity(ret).build();
}

Example 9 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class RMWebServices method createDelegationToken.

private Response createDelegationToken(DelegationToken tokenData, HttpServletRequest hsr, UserGroupInformation callerUGI) throws AuthorizationException, IOException, InterruptedException, Exception {
    final String renewer = tokenData.getRenewer();
    GetDelegationTokenResponse resp;
    try {
        resp = callerUGI.doAs(new PrivilegedExceptionAction<GetDelegationTokenResponse>() {

            @Override
            public GetDelegationTokenResponse run() throws IOException, YarnException {
                GetDelegationTokenRequest createReq = GetDelegationTokenRequest.newInstance(renewer);
                return rm.getClientRMService().getDelegationToken(createReq);
            }
        });
    } catch (Exception e) {
        LOG.info("Create delegation token request failed", e);
        throw e;
    }
    Token<RMDelegationTokenIdentifier> tk = new Token<RMDelegationTokenIdentifier>(resp.getRMDelegationToken().getIdentifier().array(), resp.getRMDelegationToken().getPassword().array(), new Text(resp.getRMDelegationToken().getKind()), new Text(resp.getRMDelegationToken().getService()));
    RMDelegationTokenIdentifier identifier = tk.decodeIdentifier();
    long currentExpiration = rm.getRMContext().getRMDelegationTokenSecretManager().getRenewDate(identifier);
    DelegationToken respToken = new DelegationToken(tk.encodeToUrlString(), renewer, identifier.getOwner().toString(), tk.getKind().toString(), currentExpiration, identifier.getMaxDate());
    return Response.status(Status.OK).entity(respToken).build();
}

Example 10 with AuthorizationException

use of org.apache.hadoop.security.authorize.AuthorizationException in project hadoop by apache.

the class RMWebServices method deleteReservation.

/**
   * Function to delete a Reservation to the RM.
   *
   * @param resContext provides information to construct
   *          the ReservationDeleteRequest
   * @param hsr the servlet request
   * @return Response containing the status code
   * @throws AuthorizationException when the user group information cannot be
   *           retrieved.
   * @throws IOException when a {@link ReservationDeleteRequest} cannot be
   *           created from the {@link ReservationDeleteRequestInfo}. This
   *           exception is also thrown on
   *           {@code ClientRMService.deleteReservation} invokation failure.
   * @throws InterruptedException if doAs action throws an InterruptedException.
   */
@POST
@Path("/reservation/delete")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response deleteReservation(ReservationDeleteRequestInfo resContext, @Context HttpServletRequest hsr) throws AuthorizationException, IOException, InterruptedException {
    init();
    UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
    if (callerUGI == null) {
        throw new AuthorizationException("Unable to obtain user name, " + "user not authenticated");
    }
    if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
        String msg = "The default static user cannot carry out this operation.";
        return Response.status(Status.FORBIDDEN).entity(msg).build();
    }
    final ReservationDeleteRequest reservation = createReservationDeleteRequest(resContext);
    ReservationDeleteResponseInfo resRespInfo;
    try {
        resRespInfo = callerUGI.doAs(new PrivilegedExceptionAction<ReservationDeleteResponseInfo>() {

            @Override
            public ReservationDeleteResponseInfo run() throws IOException, YarnException {
                rm.getClientRMService().deleteReservation(reservation);
                return new ReservationDeleteResponseInfo();
            }
        });
    } catch (UndeclaredThrowableException ue) {
        if (ue.getCause() instanceof YarnException) {
            throw new BadRequestException(ue.getCause().getMessage());
        }
        LOG.info("Update reservation request failed", ue);
        throw ue;
    }
    return Response.status(Status.OK).entity(resRespInfo).build();
}