Example 1 with RenewDelegationTokenResponse
use of org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenResponse in project hadoop by apache.
the class ClientRMService method renewDelegationToken.
@Override
public RenewDelegationTokenResponse renewDelegationToken(RenewDelegationTokenRequest request) throws YarnException {
try {
if (!isAllowedDelegationTokenOp()) {
throw new IOException("Delegation Token can be renewed only with kerberos authentication");
}
org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
Token<RMDelegationTokenIdentifier> token = new Token<RMDelegationTokenIdentifier>(protoToken.getIdentifier().array(), protoToken.getPassword().array(), new Text(protoToken.getKind()), new Text(protoToken.getService()));
String user = getRenewerForToken(token);
long nextExpTime = rmDTSecretManager.renewToken(token, user);
RenewDelegationTokenResponse renewResponse = Records.newRecord(RenewDelegationTokenResponse.class);
renewResponse.setNextExpirationTime(nextExpTime);
return renewResponse;
} catch (IOException e) {
throw RPCUtil.getRemoteException(e);
}
}
Also used :
Token(org.apache.hadoop.security.token.Token)
Text(org.apache.hadoop.io.Text)
IOException(java.io.IOException)
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
RenewDelegationTokenResponse(org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenResponse)
Example 2 with RenewDelegationTokenResponse
use of org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenResponse in project hadoop by apache.
the class RMWebServices method renewDelegationToken.
private Response renewDelegationToken(DelegationToken tokenData, HttpServletRequest hsr, UserGroupInformation callerUGI) throws AuthorizationException, IOException, InterruptedException, Exception {
Token<RMDelegationTokenIdentifier> token = extractToken(tokenData.getToken());
org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind().toString(), token.getPassword(), token.getService().toString());
final RenewDelegationTokenRequest req = RenewDelegationTokenRequest.newInstance(dToken);
RenewDelegationTokenResponse resp;
try {
resp = callerUGI.doAs(new PrivilegedExceptionAction<RenewDelegationTokenResponse>() {
@Override
public RenewDelegationTokenResponse run() throws IOException, YarnException {
return rm.getClientRMService().renewDelegationToken(req);
}
});
} catch (UndeclaredThrowableException ue) {
if (ue.getCause() instanceof YarnException) {
if (ue.getCause().getCause() instanceof InvalidToken) {
throw new BadRequestException(ue.getCause().getCause().getMessage());
} else if (ue.getCause().getCause() instanceof org.apache.hadoop.security.AccessControlException) {
return Response.status(Status.FORBIDDEN).entity(ue.getCause().getCause().getMessage()).build();
}
LOG.info("Renew delegation token request failed", ue);
throw ue;
}
LOG.info("Renew delegation token request failed", ue);
throw ue;
} catch (Exception e) {
LOG.info("Renew delegation token request failed", e);
throw e;
}
long renewTime = resp.getNextExpirationTime();
DelegationToken respToken = new DelegationToken();
respToken.setNextExpirationTime(renewTime);
return Response.status(Status.OK).entity(respToken).build();
}
Also used :
RenewDelegationTokenRequest(org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenRequest)
DelegationToken(org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken)
AccessControlException(java.security.AccessControlException)
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)
RenewDelegationTokenResponse(org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenResponse)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
ForbiddenException(org.apache.hadoop.yarn.webapp.ForbiddenException)
NotFoundException(org.apache.hadoop.yarn.webapp.NotFoundException)
IOException(java.io.IOException)
YarnRuntimeException(org.apache.hadoop.yarn.exceptions.YarnRuntimeException)
AuthorizationException(org.apache.hadoop.security.authorize.AuthorizationException)
ParseException(java.text.ParseException)
AccessControlException(java.security.AccessControlException)
YarnException(org.apache.hadoop.yarn.exceptions.YarnException)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException)
InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken)
BadRequestException(org.apache.hadoop.yarn.webapp.BadRequestException)
Aggregations
IOException (java.io.IOException)2
RenewDelegationTokenResponse (org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenResponse)2
RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)2
UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)1
AccessControlException (java.security.AccessControlException)1
PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)1
ParseException (java.text.ParseException)1
Text (org.apache.hadoop.io.Text)1
AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)1
InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)1
Token (org.apache.hadoop.security.token.Token)1
RenewDelegationTokenRequest (org.apache.hadoop.yarn.api.protocolrecords.RenewDelegationTokenRequest)1
YarnException (org.apache.hadoop.yarn.exceptions.YarnException)1
YarnRuntimeException (org.apache.hadoop.yarn.exceptions.YarnRuntimeException)1
DelegationToken (org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken)1
BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)1
ForbiddenException (org.apache.hadoop.yarn.webapp.ForbiddenException)1
NotFoundException (org.apache.hadoop.yarn.webapp.NotFoundException)1
