Examples with CancelDelegationTokenRequest - org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest

Example 1 with CancelDelegationTokenRequest

use of org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest in project hadoop by apache.

the class TestApplicationClientProtocolOnHA method testCancelDelegationTokenOnHA.

@Test(timeout = 15000)
public void testCancelDelegationTokenOnHA() throws Exception {
    CancelDelegationTokenRequest request = CancelDelegationTokenRequest.newInstance(cluster.createFakeToken());
    ClientRMProxy.createRMProxy(this.conf, ApplicationClientProtocol.class).cancelDelegationToken(request);
}

Also used : CancelDelegationTokenRequest(org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest) ApplicationClientProtocol(org.apache.hadoop.yarn.api.ApplicationClientProtocol) Test(org.junit.Test)

Example 2 with CancelDelegationTokenRequest

use of org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest in project hadoop by apache.

the class TestTokenClientRMService method checkTokenCancellation.

private void checkTokenCancellation(ClientRMService rmService, UserGroupInformation owner, UserGroupInformation renewer) throws IOException, YarnException {
    RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier(new Text(owner.getUserName()), new Text(renewer.getUserName()), null);
    Token<?> token = new Token<RMDelegationTokenIdentifier>(tokenIdentifier, dtsm);
    org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind().toString(), token.getPassword(), token.getService().toString());
    CancelDelegationTokenRequest request = Records.newRecord(CancelDelegationTokenRequest.class);
    request.setDelegationToken(dToken);
    rmService.cancelDelegationToken(request);
}

Also used : CancelDelegationTokenRequest(org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest) Text(org.apache.hadoop.io.Text) Token(org.apache.hadoop.security.token.Token) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)

Example 3 with CancelDelegationTokenRequest

use of org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest in project hadoop by apache.

the class RMWebServices method cancelDelegationToken.

// For cancelling tokens, the encoded token is passed as a header
// There are two reasons for this -
// 1. Passing a request body as part of a DELETE request is not
// allowed by Jetty
// 2. Passing the encoded token as part of the url is not ideal
// since urls tend to get logged and anyone with access to
// the logs can extract tokens which are meant to be secret
@DELETE
@Path("/delegation-token")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
public Response cancelDelegationToken(@Context HttpServletRequest hsr) throws AuthorizationException, IOException, InterruptedException, Exception {
    init();
    UserGroupInformation callerUGI;
    try {
        callerUGI = createKerberosUserGroupInformation(hsr);
    } catch (YarnException ye) {
        return Response.status(Status.FORBIDDEN).entity(ye.getMessage()).build();
    }
    Token<RMDelegationTokenIdentifier> token = extractToken(hsr);
    org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind().toString(), token.getPassword(), token.getService().toString());
    final CancelDelegationTokenRequest req = CancelDelegationTokenRequest.newInstance(dToken);
    try {
        callerUGI.doAs(new PrivilegedExceptionAction<CancelDelegationTokenResponse>() {

            @Override
            public CancelDelegationTokenResponse run() throws IOException, YarnException {
                return rm.getClientRMService().cancelDelegationToken(req);
            }
        });
    } catch (UndeclaredThrowableException ue) {
        if (ue.getCause() instanceof YarnException) {
            if (ue.getCause().getCause() instanceof InvalidToken) {
                throw new BadRequestException(ue.getCause().getCause().getMessage());
            } else if (ue.getCause().getCause() instanceof org.apache.hadoop.security.AccessControlException) {
                return Response.status(Status.FORBIDDEN).entity(ue.getCause().getCause().getMessage()).build();
            }
            LOG.info("Renew delegation token request failed", ue);
            throw ue;
        }
        LOG.info("Renew delegation token request failed", ue);
        throw ue;
    } catch (Exception e) {
        LOG.info("Renew delegation token request failed", e);
        throw e;
    }
    return Response.status(Status.OK).build();
}

Also used : AccessControlException(java.security.AccessControlException) RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier) IOException(java.io.IOException) YarnException(org.apache.hadoop.yarn.exceptions.YarnException) ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException) NotFoundException(org.apache.hadoop.yarn.webapp.NotFoundException) IOException(java.io.IOException) YarnRuntimeException(org.apache.hadoop.yarn.exceptions.YarnRuntimeException) AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException) ParseException(java.text.ParseException) AccessControlException(java.security.AccessControlException) YarnException(org.apache.hadoop.yarn.exceptions.YarnException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException) CancelDelegationTokenRequest(org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException) CancelDelegationTokenResponse(org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenResponse) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Produces(javax.ws.rs.Produces)

Aggregations

CancelDelegationTokenRequest (org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenRequest)3 RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)2 IOException (java.io.IOException)1 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)1 AccessControlException (java.security.AccessControlException)1 ParseException (java.text.ParseException)1 DELETE (javax.ws.rs.DELETE)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 Text (org.apache.hadoop.io.Text)1 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)1 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)1 Token (org.apache.hadoop.security.token.Token)1 ApplicationClientProtocol (org.apache.hadoop.yarn.api.ApplicationClientProtocol)1 CancelDelegationTokenResponse (org.apache.hadoop.yarn.api.protocolrecords.CancelDelegationTokenResponse)1 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)1 YarnRuntimeException (org.apache.hadoop.yarn.exceptions.YarnRuntimeException)1 BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)1 ForbiddenException (org.apache.hadoop.yarn.webapp.ForbiddenException)1