HADOOP-7625. Fix TestDelegationToken by having DFSClient set the service

correctly and having the test cases use the common jar. (omalley)


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security@1171236 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -163,6 +163,9 @@ Release 0.20.205.0 - unreleased
     HADOOP-7602. wordcount, sort etc on har files fails with NPE.
     (John George via jitendra)
 
+    HADOOP-7625. Fix TestDelegationToken by having DFSClient set the service
+    correctly and having the test cases use the common jar. (omalley)
+
   IMPROVEMENTS
 
     MAPREDUCE-2187. Reporter sends progress during sort/merge. (Anupam Seth via

build.xml

@@ -328,6 +328,7 @@
     <pathelement location="${build.tools}"/>
     <pathelement path="${clover.jar}"/>
     <path refid="test.lib.classpath"/>
+    <pathelement location="${hadoop-core.jar}"/>
     <path refid="classpath"/>
   </path>
 
@@ -864,7 +865,7 @@
   <!-- ================================================================== -->
   <!--                                                                    -->
   <!-- ================================================================== -->
-  <target name="jar-test" depends="compile-core-test" description="Make hadoop-test.jar">
+  <target name="jar-test" depends="jar,compile-core-test" description="Make hadoop-test.jar">
     <jar jarfile="${build.dir}/${test.final.name}.jar"
          basedir="${test.build.classes}">
          <manifest>

src/core/org/apache/hadoop/security/token/Token.java

@@ -126,8 +126,11 @@ public class Token<T extends TokenIdentifier> implements Writable {
    * @param newKind
    */
   @InterfaceAudience.Private
-  public void setKind(Text newKind) {
+  public synchronized void setKind(Text newKind) {
     kind = newKind;
+    // removed the cached renewer so that it will be looked up with the new
+    // kind.
+    renewer = null;
   }
 
   /**

src/hdfs/org/apache/hadoop/hdfs/DFSClient.java

@@ -40,6 +40,7 @@ import org.apache.hadoop.hdfs.server.datanode.DataNode;
 import org.apache.hadoop.hdfs.server.namenode.NameNode;
 import org.apache.hadoop.hdfs.server.namenode.NotReplicatedYetException;
 import org.apache.hadoop.security.AccessControlException;
+import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
@@ -76,6 +77,7 @@ public class DFSClient implements FSConstants, java.io.Closeable {
   private static final int TCP_WINDOW_SIZE = 128 * 1024; // 128 KB
   public final ClientProtocol namenode;
   private final ClientProtocol rpcNamenode;
+  private final InetSocketAddress nnAddress;
   final UserGroupInformation ugi;
   volatile boolean clientRunning = true;
   Random r = new Random();
@@ -194,6 +196,7 @@ public class DFSClient implements FSConstants, java.io.Closeable {
     throws IOException {
     this.conf = conf;
     this.stats = stats;
+    this.nnAddress = nameNodeAddr;
     this.socketTimeout = conf.getInt("dfs.socket.timeout", 
                                      HdfsConstants.READ_TIMEOUT);
     this.datanodeWriteTimeout = conf.getInt("dfs.datanode.socket.write.timeout",
@@ -296,6 +299,7 @@ public class DFSClient implements FSConstants, java.io.Closeable {
       throws IOException {
     Token<DelegationTokenIdentifier> result =
       namenode.getDelegationToken(renewer);
+    SecurityUtil.setTokenService(result, nnAddress);
     LOG.info("Created " + stringifyToken(result));
     return result;
   }

src/hdfs/org/apache/hadoop/hdfs/DistributedFileSystem.java

@@ -576,7 +576,6 @@ public class DistributedFileSystem extends FileSystem {
                                                       ) throws IOException {
     Token<DelegationTokenIdentifier> result =
       dfs.getDelegationToken(renewer == null ? null : new Text(renewer));
-    result.setService(new Text(getCanonicalServiceName()));
     return result;
   }
 
@@ -596,7 +595,7 @@ public class DistributedFileSystem extends FileSystem {
   @Deprecated
   public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
       throws IOException {
-    return dfs.getDelegationToken(renewer);
+    return getDelegationToken(renewer.toString());
   }
 
   /**

src/test/org/apache/hadoop/hdfs/security/TestDelegationToken.java

@@ -27,6 +27,8 @@ import java.security.PrivilegedExceptionAction;
 
 import junit.framework.Assert;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.hdfs.DFSConfigKeys;
@@ -42,9 +44,9 @@ import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretMan
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
-import org.mortbay.log.Log;
 
 public class TestDelegationToken {
+  private static final Log LOG = LogFactory.getLog(TestDelegationToken.class);
   private MiniDFSCluster cluster;
   Configuration config;
   
@@ -99,7 +101,7 @@ public class TestDelegationToken {
     identifier.readFields(new DataInputStream(
              new ByteArrayInputStream(tokenId)));
     Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
-    Log.info("Sleep to expire the token");
+    LOG.info("Sleep to expire the token");
 	  Thread.sleep(6000);
 	  //Token should be expired
 	  try {
@@ -110,7 +112,7 @@ public class TestDelegationToken {
 	    //Success
 	  }
 	  dtSecretManager.renewToken(token, "JobTracker");
-	  Log.info("Sleep beyond the max lifetime");
+	  LOG.info("Sleep beyond the max lifetime");
 	  Thread.sleep(5000);
 	  try {
   	  dtSecretManager.renewToken(token, "JobTracker");
@@ -152,7 +154,7 @@ public class TestDelegationToken {
     byte[] tokenId = token.getIdentifier();
     identifier.readFields(new DataInputStream(
              new ByteArrayInputStream(tokenId)));
-    Log.info("A valid token should have non-null password, and should be renewed successfully");
+    LOG.info("A valid token should have non-null password, and should be renewed successfully");
     Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
     dtSecretManager.renewToken(token, "JobTracker");
   }
@@ -166,6 +168,8 @@ public class TestDelegationToken {
         .createRemoteUser("JobTracker/foo.com@FOO.COM");
     final UserGroupInformation shortUgi = UserGroupInformation
         .createRemoteUser("JobTracker");
+    LOG.info("cluster at: " + dfs.getUri() + 
+             " token for: " + token.getService());
     longUgi.doAs(new PrivilegedExceptionAction<Object>() {
       public Object run() throws IOException {
         final DistributedFileSystem dfs = (DistributedFileSystem) cluster
@@ -174,6 +178,7 @@ public class TestDelegationToken {
           //try renew with long name
           dfs.renewDelegationToken(token);
         } catch (IOException e) {
+          LOG.error("caught unexpected exception out of renew", e);
           Assert.fail("Could not renew delegation token for user "+longUgi);
         }
         return null;