List of usage examples for org.apache.hadoop.security.token Token setService
public void setService(Text newService)
From source file:azkaban.security.HadoopSecurityManager_H_2_0.java
License:Apache License
/** * function to fetch hcat token as per the specified hive configuration and * then store the token in to the credential store specified . * * @param userToProxy String value indicating the name of the user the token * will be fetched for.// w w w . j a v a 2 s .c o m * @param hiveConf the configuration based off which the hive client will be * initialized. * @param logger the logger instance which writes the logging content to the * job logs. * * @throws IOException * @throws TException * @throws MetaException * * */ private Token<DelegationTokenIdentifier> fetchHcatToken(String userToProxy, HiveConf hiveConf, String tokenSignatureOverwrite, final Logger logger) throws IOException, MetaException, TException { logger.info(HiveConf.ConfVars.METASTOREURIS.varname + ": " + hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname)); logger.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": " + hiveConf.get(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname)); logger.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": " + hiveConf.get(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname)); HiveMetaStoreClient hiveClient = new HiveMetaStoreClient(hiveConf); String hcatTokenStr = hiveClient.getDelegationToken(userToProxy, UserGroupInformation.getLoginUser().getShortUserName()); Token<DelegationTokenIdentifier> hcatToken = new Token<DelegationTokenIdentifier>(); hcatToken.decodeFromUrlString(hcatTokenStr); // overwrite the value of the service property of the token if the signature // override is specified. if (tokenSignatureOverwrite != null && tokenSignatureOverwrite.trim().length() > 0) { hcatToken.setService(new Text(tokenSignatureOverwrite.trim().toLowerCase())); logger.info(HIVE_TOKEN_SIGNATURE_KEY + ":" + (tokenSignatureOverwrite == null ? "" : tokenSignatureOverwrite)); } logger.info("Created hive metastore token: " + hcatTokenStr); logger.info("Token kind: " + hcatToken.getKind()); logger.info("Token id: " + hcatToken.getIdentifier()); logger.info("Token service: " + hcatToken.getService()); return hcatToken; }
From source file:co.cask.cdap.common.security.YarnTokenUtils.java
License:Apache License
/** * Gets a Yarn delegation token and stores it in the given Credentials. * * @return the same Credentials instance as the one given in parameter. */// www .jav a 2 s.co m public static Credentials obtainToken(YarnConfiguration configuration, Credentials credentials) { if (!UserGroupInformation.isSecurityEnabled()) { return credentials; } try { YarnClient yarnClient = YarnClient.createYarnClient(); yarnClient.init(configuration); yarnClient.start(); try { Text renewer = new Text(UserGroupInformation.getCurrentUser().getShortUserName()); org.apache.hadoop.yarn.api.records.Token rmDelegationToken = yarnClient .getRMDelegationToken(renewer); // TODO: The following logic should be replaced with call to ClientRMProxy.getRMDelegationTokenService after // CDAP-4825 is resolved List<String> services = new ArrayList<>(); if (HAUtil.isHAEnabled(configuration)) { // If HA is enabled, we need to enumerate all RM hosts // and add the corresponding service name to the token service // Copy the yarn conf since we need to modify it to get the RM addresses YarnConfiguration yarnConf = new YarnConfiguration(configuration); for (String rmId : HAUtil.getRMHAIds(configuration)) { yarnConf.set(YarnConfiguration.RM_HA_ID, rmId); InetSocketAddress address = yarnConf.getSocketAddr(YarnConfiguration.RM_ADDRESS, YarnConfiguration.DEFAULT_RM_ADDRESS, YarnConfiguration.DEFAULT_RM_PORT); services.add(SecurityUtil.buildTokenService(address).toString()); } } else { services.add(SecurityUtil.buildTokenService(YarnUtils.getRMAddress(configuration)).toString()); } Token<TokenIdentifier> token = ConverterUtils.convertFromYarn(rmDelegationToken, (InetSocketAddress) null); token.setService(new Text(Joiner.on(',').join(services))); credentials.addToken(new Text(token.getService()), token); // OK to log, it won't log the credential, only information about the token. LOG.info("Added RM delegation token: {}", token); } finally { yarnClient.stop(); } return credentials; } catch (Exception e) { LOG.error("Failed to get secure token for Yarn.", e); throw Throwables.propagate(e); } }
From source file:co.cask.cdap.explore.security.HiveTokenUtils.java
License:Apache License
public static Credentials obtainToken(Credentials credentials) { ClassLoader hiveClassloader = ExploreServiceUtils.getExploreClassLoader(); ClassLoader contextClassloader = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(hiveClassloader); try {/*from w ww.java 2s . c o m*/ LOG.info("Obtaining delegation token for Hive"); Class hiveConfClass = hiveClassloader.loadClass("org.apache.hadoop.hive.conf.HiveConf"); Object hiveConf = hiveConfClass.newInstance(); Class hiveClass = hiveClassloader.loadClass("org.apache.hadoop.hive.ql.metadata.Hive"); @SuppressWarnings("unchecked") Method hiveGet = hiveClass.getMethod("get", hiveConfClass); Object hiveObject = hiveGet.invoke(null, hiveConf); String user = UserGroupInformation.getCurrentUser().getShortUserName(); @SuppressWarnings("unchecked") Method getDelegationToken = hiveClass.getMethod("getDelegationToken", String.class, String.class); String tokenStr = (String) getDelegationToken.invoke(hiveObject, user, user); Token<DelegationTokenIdentifier> delegationToken = new Token<>(); delegationToken.decodeFromUrlString(tokenStr); delegationToken.setService(new Text(HiveAuthFactory.HS2_CLIENT_TOKEN)); LOG.info("Adding delegation token {} from MetaStore for service {} for user {}", delegationToken, delegationToken.getService(), user); credentials.addToken(delegationToken.getService(), delegationToken); return credentials; } catch (Exception e) { LOG.error("Exception when fetching delegation token from Hive MetaStore", e); throw Throwables.propagate(e); } finally { Thread.currentThread().setContextClassLoader(contextClassloader); } }
From source file:co.cask.cdap.security.hive.HiveTokenUtils.java
License:Apache License
public static Credentials obtainToken(Credentials credentials) { ClassLoader hiveClassloader = ExploreUtils.getExploreClassloader(); ClassLoader contextClassloader = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(hiveClassloader); try {//from ww w .jav a2 s . com LOG.info("Obtaining delegation token for Hive"); Class hiveConfClass = hiveClassloader.loadClass("org.apache.hadoop.hive.conf.HiveConf"); Object hiveConf = hiveConfClass.newInstance(); Class hiveClass = hiveClassloader.loadClass("org.apache.hadoop.hive.ql.metadata.Hive"); @SuppressWarnings("unchecked") Method hiveGet = hiveClass.getMethod("get", hiveConfClass); Object hiveObject = hiveGet.invoke(null, hiveConf); String user = UserGroupInformation.getCurrentUser().getShortUserName(); @SuppressWarnings("unchecked") Method getDelegationToken = hiveClass.getMethod("getDelegationToken", String.class, String.class); String tokenStr = (String) getDelegationToken.invoke(hiveObject, user, user); Token<DelegationTokenIdentifier> delegationToken = new Token<>(); delegationToken.decodeFromUrlString(tokenStr); delegationToken.setService(new Text(HiveAuthFactory.HS2_CLIENT_TOKEN)); LOG.info("Adding delegation token {} from MetaStore for service {} for user {}", delegationToken, delegationToken.getService(), user); credentials.addToken(delegationToken.getService(), delegationToken); return credentials; } catch (Exception e) { LOG.error("Exception when fetching delegation token from Hive MetaStore", e); throw Throwables.propagate(e); } finally { Thread.currentThread().setContextClassLoader(contextClassloader); } }
From source file:com.bigstep.datalake.DLFileSystem.java
License:Apache License
@Override public Token<DelegationTokenIdentifier> getDelegationToken(final String renewer) throws IOException { final HttpOpParam.Op op = GetOpParam.Op.GETDELEGATIONTOKEN; Token<DelegationTokenIdentifier> token = new FsPathResponseRunner<Token<DelegationTokenIdentifier>>(op, null, new RenewerParam(renewer)) { @Override//from w w w . j a v a2 s .co m Token<DelegationTokenIdentifier> decodeResponse(Map<?, ?> json) throws IOException { return JsonUtil.toDelegationToken(json); } }.run(); if (token != null) { token.setService(tokenServiceName); } else { if (disallowFallbackToInsecureCluster) { throw new AccessControlException(CANT_FALLBACK_TO_INSECURE_MSG); } } return token; }
From source file:com.datatorrent.stram.LaunchContainerRunnable.java
License:Apache License
public static ByteBuffer getTokens(StramDelegationTokenManager delegationTokenManager, InetSocketAddress heartbeatAddress) throws IOException { if (UserGroupInformation.isSecurityEnabled()) { UserGroupInformation ugi = UserGroupInformation.getLoginUser(); StramDelegationTokenIdentifier identifier = new StramDelegationTokenIdentifier( new Text(ugi.getUserName()), new Text(""), new Text("")); String service = heartbeatAddress.getAddress().getHostAddress() + ":" + heartbeatAddress.getPort(); Token<StramDelegationTokenIdentifier> stramToken = new Token<StramDelegationTokenIdentifier>(identifier, delegationTokenManager); stramToken.setService(new Text(service)); return getTokens(ugi, stramToken); }//from w w w.j a v a 2s. c o m return null; }
From source file:com.datatorrent.stram.security.StramWSFilter.java
License:Apache License
private String createClientToken(String username, String service) throws IOException { StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier(new Text(username), new Text(loginUser), new Text()); //tokenIdentifier.setSequenceNumber(sequenceNumber.getAndAdd(1)); //byte[] password = tokenManager.addIdentifier(tokenIdentifier); //Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(tokenIdentifier.getBytes(), password, tokenIdentifier.getKind(), new Text(service)); Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(tokenIdentifier, tokenManager);/*from w w w.j a va 2s .com*/ token.setService(new Text(service)); return token.encodeToUrlString(); }
From source file:com.datatorrent.stram.StreamingAppMasterService.java
License:Apache License
private Token<StramDelegationTokenIdentifier> allocateDelegationToken(String username, InetSocketAddress address) { StramDelegationTokenIdentifier identifier = new StramDelegationTokenIdentifier(new Text(username), new Text(""), new Text("")); String service = address.getAddress().getHostAddress() + ":" + address.getPort(); Token<StramDelegationTokenIdentifier> stramToken = new Token<StramDelegationTokenIdentifier>(identifier, delegationTokenManager);// ww w . j a v a 2 s .c o m stramToken.setService(new Text(service)); return stramToken; }
From source file:com.mellanox.r4h.DFSClient.java
License:Apache License
/** * @see ClientProtocol#getDelegationToken(Text) *//*from w ww . ja va2 s . c o m*/ public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer) throws IOException { assert dtService != null; TraceScope scope = Trace.startSpan("getDelegationToken", traceSampler); try { Token<DelegationTokenIdentifier> token = namenode.getDelegationToken(renewer); if (token != null) { token.setService(this.dtService); LOG.info("Created " + DelegationTokenIdentifier.stringifyToken(token)); } else { LOG.info("Cannot get delegation token from " + renewer); } return token; } finally { scope.close(); } }
From source file:org.apache.falcon.catalog.HiveCatalogService.java
License:Apache License
private static Token<DelegationTokenIdentifier> getDelegationToken(HiveConf hcatConf, String metaStoreServicePrincipal) throws IOException { LOG.debug("Creating delegation tokens for principal={}", metaStoreServicePrincipal); HCatClient hcatClient = HCatClient.create(hcatConf); String delegationToken = hcatClient.getDelegationToken(CurrentUser.getUser(), metaStoreServicePrincipal); hcatConf.set("hive.metastore.token.signature", "FalconService"); Token<DelegationTokenIdentifier> delegationTokenId = new Token<DelegationTokenIdentifier>(); delegationTokenId.decodeFromUrlString(delegationToken); delegationTokenId.setService(new Text("FalconService")); LOG.info("Created delegation token={}", delegationToken); return delegationTokenId; }