Search in sources :

Example 6 with DelegationToken

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken in project hadoop by apache.

the class TestRMWebServicesDelegationTokens method testCancelDelegationToken.

// Test to verify cancel functionality - create a token and then try to cancel
// it. The owner and renewer should succeed; third user should fail
@Test
public void testCancelDelegationToken() throws Exception {
    rm.start();
    this.client().addFilter(new LoggingFilter(System.out));
    if (isKerberosAuth == false) {
        verifySimpleAuthCancel();
        return;
    }
    final DelegationToken dtoken = new DelegationToken();
    String renewer = "client2";
    dtoken.setRenewer(renewer);
    String[] mediaTypes = { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML };
    for (final String mediaType : mediaTypes) {
        for (final String contentType : mediaTypes) {
            // owner should be able to cancel delegation token
            KerberosTestUtils.doAsClient(new Callable<Void>() {

                @Override
                public Void call() throws Exception {
                    ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(contentType).entity(dtoken, mediaType).post(ClientResponse.class);
                    assertResponseStatusCode(Status.OK, response.getStatusInfo());
                    DelegationToken tok = getDelegationTokenFromResponse(response);
                    response = resource().path("ws").path("v1").path("cluster").path("delegation-token").header(yarnTokenHeader, tok.getToken()).accept(contentType).delete(ClientResponse.class);
                    assertResponseStatusCode(Status.OK, response.getStatusInfo());
                    assertTokenCancelled(tok.getToken());
                    return null;
                }
            });
            // renewer should be able to cancel token
            final DelegationToken tmpToken = KerberosTestUtils.doAsClient(new Callable<DelegationToken>() {

                @Override
                public DelegationToken call() throws Exception {
                    ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(contentType).entity(dtoken, mediaType).post(ClientResponse.class);
                    assertResponseStatusCode(Status.OK, response.getStatusInfo());
                    DelegationToken tok = getDelegationTokenFromResponse(response);
                    return tok;
                }
            });
            KerberosTestUtils.doAs(renewer, new Callable<Void>() {

                @Override
                public Void call() throws Exception {
                    ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").header(yarnTokenHeader, tmpToken.getToken()).accept(contentType).delete(ClientResponse.class);
                    assertResponseStatusCode(Status.OK, response.getStatusInfo());
                    assertTokenCancelled(tmpToken.getToken());
                    return null;
                }
            });
            // third user should not be able to cancel token
            final DelegationToken tmpToken2 = KerberosTestUtils.doAsClient(new Callable<DelegationToken>() {

                @Override
                public DelegationToken call() throws Exception {
                    ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(contentType).entity(dtoken, mediaType).post(ClientResponse.class);
                    assertResponseStatusCode(Status.OK, response.getStatusInfo());
                    DelegationToken tok = getDelegationTokenFromResponse(response);
                    return tok;
                }
            });
            KerberosTestUtils.doAs("client3", new Callable<Void>() {

                @Override
                public Void call() throws Exception {
                    ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").header(yarnTokenHeader, tmpToken2.getToken()).accept(contentType).delete(ClientResponse.class);
                    assertResponseStatusCode(Status.FORBIDDEN, response.getStatusInfo());
                    assertValidRMToken(tmpToken2.getToken());
                    return null;
                }
            });
            testCancelTokenBadRequests(mediaType, contentType);
        }
    }
    rm.stop();
    return;
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) DelegationToken(org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken) LoggingFilter(com.sun.jersey.api.client.filter.LoggingFilter) ServletException(javax.servlet.ServletException) SAXException(org.xml.sax.SAXException) IOException(java.io.IOException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) JSONException(org.codehaus.jettison.json.JSONException) Test(org.junit.Test)

Example 7 with DelegationToken

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken in project hadoop by apache.

the class TestRMWebServicesDelegationTokens method testCancelTokenBadRequests.

private void testCancelTokenBadRequests(String mType, String cType) throws Exception {
    final String mediaType = mType;
    final String contentType = cType;
    final DelegationToken dtoken = new DelegationToken();
    String renewer = "client2";
    dtoken.setRenewer(renewer);
    // bad request(invalid header value)
    KerberosTestUtils.doAsClient(new Callable<Void>() {

        @Override
        public Void call() throws Exception {
            ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").header(yarnTokenHeader, "random-string").accept(contentType).delete(ClientResponse.class);
            assertResponseStatusCode(Status.BAD_REQUEST, response.getStatusInfo());
            return null;
        }
    });
    // bad request(missing header)
    KerberosTestUtils.doAsClient(new Callable<Void>() {

        @Override
        public Void call() throws Exception {
            ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(contentType).delete(ClientResponse.class);
            assertResponseStatusCode(Status.BAD_REQUEST, response.getStatusInfo());
            return null;
        }
    });
    // bad request(cancelled token)
    final DelegationToken tmpToken = KerberosTestUtils.doAsClient(new Callable<DelegationToken>() {

        @Override
        public DelegationToken call() throws Exception {
            ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").accept(contentType).entity(dtoken, mediaType).post(ClientResponse.class);
            assertResponseStatusCode(Status.OK, response.getStatusInfo());
            DelegationToken tok = getDelegationTokenFromResponse(response);
            return tok;
        }
    });
    KerberosTestUtils.doAs(renewer, new Callable<Void>() {

        @Override
        public Void call() throws Exception {
            ClientResponse response = resource().path("ws").path("v1").path("cluster").path("delegation-token").header(yarnTokenHeader, tmpToken.getToken()).accept(contentType).delete(ClientResponse.class);
            assertResponseStatusCode(Status.OK, response.getStatusInfo());
            response = resource().path("ws").path("v1").path("cluster").path("delegation-token").header(yarnTokenHeader, tmpToken.getToken()).accept(contentType).delete(ClientResponse.class);
            assertResponseStatusCode(Status.BAD_REQUEST, response.getStatusInfo());
            return null;
        }
    });
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) DelegationToken(org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken) ServletException(javax.servlet.ServletException) SAXException(org.xml.sax.SAXException) IOException(java.io.IOException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) JSONException(org.codehaus.jettison.json.JSONException)

Example 8 with DelegationToken

use of org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken in project hadoop by apache.

the class TestRMWebServicesDelegationTokens method getDelegationTokenFromXML.

public static DelegationToken getDelegationTokenFromXML(String tokenXML) throws IOException, ParserConfigurationException, SAXException {
    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    DocumentBuilder db = dbf.newDocumentBuilder();
    InputSource is = new InputSource();
    is.setCharacterStream(new StringReader(tokenXML));
    Document dom = db.parse(is);
    NodeList nodes = dom.getElementsByTagName("delegation-token");
    assertEquals("incorrect number of elements", 1, nodes.getLength());
    Element element = (Element) nodes.item(0);
    DelegationToken ret = new DelegationToken();
    String token = WebServicesTestUtils.getXmlString(element, "token");
    if (token != null) {
        ret.setToken(token);
    } else {
        long expiration = WebServicesTestUtils.getXmlLong(element, "expiration-time");
        ret.setNextExpirationTime(expiration);
    }
    return ret;
}
Also used : InputSource(org.xml.sax.InputSource) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) DocumentBuilder(javax.xml.parsers.DocumentBuilder) DelegationToken(org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) StringReader(java.io.StringReader) Document(org.w3c.dom.Document)

Aggregations

DelegationToken (org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.DelegationToken)8 IOException (java.io.IOException)6 ClientResponse (com.sun.jersey.api.client.ClientResponse)4 ServletException (javax.servlet.ServletException)4 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)4 JSONException (org.codehaus.jettison.json.JSONException)4 SAXException (org.xml.sax.SAXException)4 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)3 YarnException (org.apache.hadoop.yarn.exceptions.YarnException)3 RMDelegationTokenIdentifier (org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)3 LoggingFilter (com.sun.jersey.api.client.filter.LoggingFilter)2 UndeclaredThrowableException (java.lang.reflect.UndeclaredThrowableException)2 AccessControlException (java.security.AccessControlException)2 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)2 ParseException (java.text.ParseException)2 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)2 Token (org.apache.hadoop.security.token.Token)2 YarnRuntimeException (org.apache.hadoop.yarn.exceptions.YarnRuntimeException)2 BadRequestException (org.apache.hadoop.yarn.webapp.BadRequestException)2 ForbiddenException (org.apache.hadoop.yarn.webapp.ForbiddenException)2