List of usage examples for org.apache.hadoop.security Credentials Credentials
public Credentials(Credentials credentials)
From source file:org.apache.slider.client.TokensOperation.java
License:Apache License
public int actionTokens(ActionTokensArgs args, FileSystem fs, Configuration conf, YarnClientImpl yarnClient) throws IOException, YarnException { Credentials credentials;//ww w . jav a 2s . co m String footnote = ""; UserGroupInformation user = UserGroupInformation.getCurrentUser(); boolean isSecure = UserGroupInformation.isSecurityEnabled(); if (args.keytab != null) { File keytab = args.keytab; if (!keytab.isFile()) { throw new NotFoundException(E_NO_KEYTAB + keytab.getAbsolutePath()); } String principal = args.principal; log.info("Logging in as {} from keytab {}", principal, keytab); user = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytab.getCanonicalPath()); } Credentials userCredentials = user.getCredentials(); File output = args.output; if (output != null) { if (!isSecure) { throw new BadClusterStateException(E_INSECURE); } credentials = new Credentials(userCredentials); // filesystem addRMRenewableFSDelegationTokens(conf, fs, credentials); addRMDelegationToken(yarnClient, credentials); if (maybeAddTimelineToken(conf, credentials) != null) { log.debug("Added timeline token"); } saveTokens(output, credentials); String filename = output.getCanonicalPath(); footnote = String.format( "%d tokens saved to %s\n" + "To use these in the environment:\n" + "export %s=%s", credentials.numberOfTokens(), filename, UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION, filename); } else if (args.source != null) { File source = args.source; log.info("Reading credentials from file {}", source); if (!source.isFile()) { throw new NotFoundException(E_MISSING_SOURCE_FILE + source.getAbsolutePath()); } credentials = Credentials.readTokenStorageFile(args.source, conf); } else { StringBuffer origin = new StringBuffer(); File file = locateEnvCredentials(System.getenv(), conf, origin); if (file != null) { log.info("Credential Source {}", origin); } else { log.info("Credential source: logged in user"); } credentials = userCredentials; } // list the tokens log.info("\n{}", dumpTokens(credentials, "\n")); if (!footnote.isEmpty()) { log.info(footnote); } return 0; }
From source file:org.apache.slider.core.launch.CredentialUtils.java
License:Apache License
/** * Filter a list of tokens from a set of credentials * @param credentials credential source (a new credential set os re * @param filter List of tokens to strip out * @return a new, filtered, set of credentials *//*from w w w .jav a 2s . c om*/ public static Credentials filterTokens(Credentials credentials, List<Text> filter) { Credentials result = new Credentials(credentials); Iterator<Token<? extends TokenIdentifier>> iter = result.getAllTokens().iterator(); while (iter.hasNext()) { Token<? extends TokenIdentifier> token = iter.next(); LOG.debug("Token {}", token.getKind()); if (filter.contains(token.getKind())) { LOG.debug("Filtering token {}", token.getKind()); iter.remove(); } } return result; }
From source file:org.apache.slider.server.appmaster.SliderAppMaster.java
License:Apache License
private ByteBuffer getContainerCredentials() throws IOException { // a delegation token can be retrieved from filesystem since // the login is via a keytab (see above) Credentials credentials = new Credentials(containerCredentials); ByteBuffer tokens = null;//from w w w . j ava 2 s . c o m Token<? extends TokenIdentifier>[] hdfsTokens = getClusterFS().getFileSystem() .addDelegationTokens(UserGroupInformation.getLoginUser().getShortUserName(), credentials); if (hdfsTokens.length > 0) { DataOutputBuffer dob = new DataOutputBuffer(); credentials.writeTokenStorageToStream(dob); dob.close(); tokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); } return tokens; }