List of usage examples for org.apache.hadoop.security Credentials addToken
public void addToken(Text alias, Token<? extends TokenIdentifier> t)
From source file:org.apache.hive.hcatalog.templeton.SecureProxySupport.java
License:Apache License
/** * @param fsTokens not null/* w w w . j a va2s .co m*/ */ private void writeProxyDelegationTokens(final Token<?> fsTokens[], final Token<?> msToken, final Configuration conf, String user, final Path tokenPath) throws IOException, InterruptedException { LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); ugi.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws IOException { Credentials cred = new Credentials(); for (Token<?> fsToken : fsTokens) { cred.addToken(fsToken.getService(), fsToken); } cred.addToken(msToken.getService(), msToken); cred.writeTokenStorageFile(tokenPath, conf); return null; } }); }
From source file:org.apache.oozie.action.hadoop.HDFSCredentials.java
License:Apache License
private void obtainTokenForAppFileSystemNameNode(final Credentials credentials, final Configuration config, final ActionExecutor.Context context) throws IOException, CredentialException, HadoopAccessorException, URISyntaxException { try (FileSystem fileSystem = context.getAppFileSystem()) { final String renewer = new HadoopTokenHelper().getServerPrincipal(config); LOG.debug("Server principal present, getting HDFS delegation token. [renewer={0}]", renewer); final Token hdfsDelegationToken = fileSystem.getDelegationToken(renewer); if (hdfsDelegationToken == null) { throw new CredentialException(ErrorCode.E0511, renewer); }//from w w w.j a v a2 s. co m LOG.info("Got HDFS delegation token, setting credentials. [hdfsDelegationToken={0}]", hdfsDelegationToken); credentials.addToken(hdfsDelegationToken.getService(), hdfsDelegationToken); } catch (Exception e) { LOG.debug("exception in updateCredentials", e); throw e; } }
From source file:org.apache.oozie.action.hadoop.JHSCredentials.java
License:Apache License
/** * Add an MR_DELEGATION_TOKEN to the {@link Credentials} provided. * @param credentials the credentials object which is updated * @param config launcher AM configuration * @param props properties for getting credential token or certificate * @param context workflow context//from w ww. j ava2 s . c om * @throws Exception thrown if failed */ @Override public void updateCredentials(Credentials credentials, Configuration config, CredentialsProperties props, ActionExecutor.Context context) throws Exception { try { LOG.debug("Instantiating JHS Proxy"); MRClientProtocol hsProxy = instantiateHistoryProxy(config, context); Text hsService = SecurityUtil.buildTokenService(hsProxy.getConnectAddress()); LOG.debug("Getting delegation token for {0}", hsService.toString()); Token<?> jhsToken = getDelegationTokenFromJHS(hsProxy, new HadoopTokenHelper().getServerPrincipal(config)); LOG.debug("Acquired token {0}", jhsToken); credentials.addToken(hsService, jhsToken); } catch (IOException | InterruptedException ex) { LOG.debug("exception in updateCredentials", ex); throw new CredentialException(ErrorCode.E0512, ex.getMessage(), ex); } }
From source file:org.apache.oozie.action.hadoop.YarnRMCredentials.java
License:Apache License
/** * Add an RM_DELEGATION_TOKEN to the {@link Credentials} provided. * * @param credentials the credentials object which is updated * @param config launcher AM configuration * @param props properties for getting credential token or certificate * @param context workflow context//w ww . ja va2 s .co m * @throws Exception thrown if failed */ @Override public void updateCredentials(Credentials credentials, Configuration config, CredentialsProperties props, ActionExecutor.Context context) throws Exception { Text rmDelegationTokenService = ClientRMProxy.getRMDelegationTokenService(config); if (rmDelegationTokenService == null) { throw new CredentialException(ErrorCode.E0512, "Can't create RMDelegationTokenService"); } try (YarnClient yarnClient = Services.get().get(HadoopAccessorService.class) .createYarnClient(context.getWorkflow().getUser(), config)) { org.apache.hadoop.yarn.api.records.Token rmDelegationToken = yarnClient .getRMDelegationToken(new Text(new HadoopTokenHelper().getServerPrincipal(config))); if (rmDelegationToken == null) { throw new CredentialException(ErrorCode.E0512, "Returned token is null"); } Token<TokenIdentifier> rmToken = ConverterUtils.convertFromYarn(rmDelegationToken, rmDelegationTokenService); credentials.addToken(rmDelegationTokenService, rmToken); } catch (Exception e) { XLog.getLog(getClass()).debug("Exception in updateCredentials", e); throw e; } }
From source file:org.apache.slider.core.launch.CredentialUtils.java
License:Apache License
/** * Create and add an RM delegation token to the credentials * @param yarnClient Yarn Client// w ww. j a v a 2 s. c om * @param credentials to add token to * @return the token which was added * @throws IOException * @throws YarnException */ public static Token<TokenIdentifier> addRMDelegationToken(YarnClient yarnClient, Credentials credentials) throws IOException, YarnException { Configuration conf = yarnClient.getConfig(); Text rmPrincipal = new Text(CredentialUtils.getRMPrincipal(conf)); Text rmDTService = ClientRMProxy.getRMDelegationTokenService(conf); Token<TokenIdentifier> rmDelegationToken = ConverterUtils .convertFromYarn(yarnClient.getRMDelegationToken(rmPrincipal), rmDTService); credentials.addToken(rmDelegationToken.getService(), rmDelegationToken); return rmDelegationToken; }
From source file:org.apache.slider.core.launch.CredentialUtils.java
License:Apache License
public static Token<TimelineDelegationTokenIdentifier> maybeAddTimelineToken(Configuration conf, Credentials credentials) throws IOException, YarnException { if (conf.getBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, false)) { LOG.debug("Timeline service enabled -fetching token"); try (TimelineClient timelineClient = TimelineClient.createTimelineClient()) { timelineClient.init(conf);//from w w w. ja va 2 s . c om timelineClient.start(); Token<TimelineDelegationTokenIdentifier> token = timelineClient .getDelegationToken(CredentialUtils.getRMPrincipal(conf)); credentials.addToken(token.getService(), token); return token; } } else { LOG.debug("Timeline service is disabled"); return null; } }
From source file:org.apache.sqoop.client.request.ResourceRequest.java
License:Apache License
public Token<?>[] addDelegationTokens(String strURL, String renewer, Credentials credentials) throws IOException { Token<?>[] tokens = null;/*from ww w . j a v a2 s . c om*/ Text dtService = getDelegationTokenService(strURL); Token<?> token = credentials.getToken(dtService); if (token == null) { URL url = new URL(strURL); DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL( new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { return conn; } }); try { token = authUrl.getDelegationToken(url, authToken, renewer); if (token != null) { credentials.addToken(token.getService(), token); tokens = new Token<?>[] { token }; } else { throw new IOException("Got NULL as delegation token"); } } catch (AuthenticationException ex) { throw new IOException(ex); } } return tokens; }
From source file:org.apache.tez.common.security.TestTokenCache.java
License:Apache License
@Test(timeout = 5000) @SuppressWarnings("deprecation") public void testBinaryCredentials() throws Exception { String binaryTokenFile = null; try {//from w ww . j a v a 2 s. co m Path TEST_ROOT_DIR = new Path("target"); binaryTokenFile = FileSystem.getLocal(conf).makeQualified(new Path(TEST_ROOT_DIR, "tokenFile")).toUri() .getPath(); MockFileSystem fs1 = createFileSystemForServiceName("service1"); MockFileSystem fs2 = createFileSystemForServiceName("service2"); MockFileSystem fs3 = createFileSystemForServiceName("service3"); // get the tokens for fs1 & fs2 and write out to binary creds file Credentials creds = new Credentials(); Token<?> token1 = fs1.getDelegationToken(renewer); Token<?> token2 = fs2.getDelegationToken(renewer); creds.addToken(token1.getService(), token1); creds.addToken(token2.getService(), token2); creds.writeTokenStorageFile(new Path(binaryTokenFile), conf); Credentials newCreds = new Credentials(); TokenCache.mergeBinaryTokens(newCreds, conf, binaryTokenFile); Assert.assertTrue(newCreds.getAllTokens().size() > 0); checkTokens(creds, newCreds); } finally { if (binaryTokenFile != null) { try { FileSystem.getLocal(conf).delete(new Path(binaryTokenFile)); } catch (IOException e) { // Ignore } } } }
From source file:org.apache.tez.common.security.TokenCache.java
License:Apache License
/** * store session specific token/*from w ww . ja va 2 s. c o m*/ * @param t */ @InterfaceAudience.Private public static void setSessionToken(Token<? extends TokenIdentifier> t, Credentials credentials) { credentials.addToken(SESSION_TOKEN, t); }
From source file:org.apache.tez.dag.api.TestDAGPlan.java
License:Apache License
@Test(timeout = 5000) public void testCredentialsSerde() { DAG dag = DAG.create("testDag"); ProcessorDescriptor pd1 = ProcessorDescriptor.create("processor1") .setUserPayload(UserPayload.create(ByteBuffer.wrap("processor1Bytes".getBytes()))); ProcessorDescriptor pd2 = ProcessorDescriptor.create("processor2") .setUserPayload(UserPayload.create(ByteBuffer.wrap("processor2Bytes".getBytes()))); Vertex v1 = Vertex.create("v1", pd1, 10, Resource.newInstance(1024, 1)); Vertex v2 = Vertex.create("v2", pd2, 1, Resource.newInstance(1024, 1)); v1.setTaskLaunchCmdOpts("").setTaskEnvironment(new HashMap<String, String>()) .addTaskLocalFiles(new HashMap<String, LocalResource>()); v2.setTaskLaunchCmdOpts("").setTaskEnvironment(new HashMap<String, String>()) .addTaskLocalFiles(new HashMap<String, LocalResource>()); InputDescriptor inputDescriptor = InputDescriptor.create("input") .setUserPayload(UserPayload.create(ByteBuffer.wrap("inputBytes".getBytes()))); OutputDescriptor outputDescriptor = OutputDescriptor.create("output") .setUserPayload(UserPayload.create(ByteBuffer.wrap("outputBytes".getBytes()))); Edge edge = Edge.create(v1, v2, EdgeProperty.create(DataMovementType.SCATTER_GATHER, DataSourceType.PERSISTED, SchedulingType.SEQUENTIAL, outputDescriptor, inputDescriptor)); dag.addVertex(v1).addVertex(v2).addEdge(edge); Credentials dagCredentials = new Credentials(); Token<TokenIdentifier> token1 = new Token<TokenIdentifier>(); Token<TokenIdentifier> token2 = new Token<TokenIdentifier>(); dagCredentials.addToken(new Text("Token1"), token1); dagCredentials.addToken(new Text("Token2"), token2); dag.setCredentials(dagCredentials);/* www . j a v a2s . c om*/ DAGPlan dagProto = dag.createDag(new TezConfiguration(), null, null, null, true); assertTrue(dagProto.hasCredentialsBinary()); Credentials fetchedCredentials = DagTypeConverters .convertByteStringToCredentials(dagProto.getCredentialsBinary()); assertEquals(2, fetchedCredentials.numberOfTokens()); assertNotNull(fetchedCredentials.getToken(new Text("Token1"))); assertNotNull(fetchedCredentials.getToken(new Text("Token2"))); }