Example usage for org.apache.hadoop.hdfs.security.token.delegation DelegationTokenIdentifier DelegationTokenIdentifier

List of usage examples for org.apache.hadoop.hdfs.security.token.delegation DelegationTokenIdentifier DelegationTokenIdentifier

  1. HOME
  2. Java
  3. org.apache.hadoop
  4. org.apache.hadoop.hdfs.security.token.delegation.*
  5. DelegationTokenIdentifier
  6. DelegationTokenIdentifier

Introduction

In this page you can find the example usage for org.apache.hadoop.hdfs.security.token.delegation DelegationTokenIdentifier DelegationTokenIdentifier.

Prototype

public DelegationTokenIdentifier()

Source Link

Document

Create an empty delegation token identifier for reading into.

Usage

From source file:co.cask.cdap.app.runtime.spark.SparkCredentialsUpdater.java

License:Apache License

@VisibleForTesting
long getNextUpdateDelay(Credentials credentials) throws IOException {
    long now = System.currentTimeMillis();

    // This is almost the same logic as in SparkHadoopUtil.getTimeFromNowToRenewal
    for (Token<? extends TokenIdentifier> token : credentials.getAllTokens()) {
        if (DelegationTokenIdentifier.HDFS_DELEGATION_KIND.equals(token.getKind())) {
            DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
            try (DataInputStream input = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()))) {
                identifier.readFields(input);

                // speed up by 2 seconds to account for any time race between driver and executor
                return Math.max(0L, (long) (identifier.getIssueDate() + 0.8 * updateIntervalMs) - now - 2000);
            }/*  w ww . jav a 2  s.  c om*/
        }
    }
    return 0L;
}

From source file:org.apache.hawq.pxf.service.utilities.SecuredHDFS.java

License:Apache License

/**
 * The function will verify the token with NameNode if available and will
 * create a UserGroupInformation./*from w w w .  j  a  v a2 s . com*/
 *
 * Code in this function is copied from JspHelper.getTokenUGI
 *
 * @param identifier Delegation token identifier
 * @param password Delegation token password
 * @param kind the kind of token
 * @param service the service for this token
 * @param servletContext Jetty servlet context which contains the NN address
 *
 * @throws SecurityException Thrown when authentication fails
 */
private static void verifyToken(byte[] identifier, byte[] password, Text kind, Text service,
        ServletContext servletContext) {
    try {
        Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(identifier, password,
                kind, service);

        ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
        DataInputStream in = new DataInputStream(buf);
        DelegationTokenIdentifier id = new DelegationTokenIdentifier();
        id.readFields(in);

        final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(servletContext);
        if (nn != null) {
            nn.getNamesystem().verifyToken(id, token.getPassword());
        }

        UserGroupInformation userGroupInformation = id.getUser();
        userGroupInformation.addToken(token);
        LOG.debug("user " + userGroupInformation.getUserName() + " (" + userGroupInformation.getShortUserName()
                + ") authenticated");

        // re-login if necessary
        userGroupInformation.checkTGTAndReloginFromKeytab();
    } catch (IOException e) {
        throw new SecurityException("Failed to verify delegation token " + e, e);
    }
}