首页 发现 帮助
注册 登录
apache
/
hadoop
镜像自地址 https://github.com/apache/hadoop.git
2
0
派生 1
文件 工单管理 0 Wiki
浏览代码

HADOOP-14920. KMSClientProvider won't work with KMS delegation token retrieved from non-Java client. Contributed by Xiaoyu Yao.

(cherry picked from commit 2b08a1fc644904a37545107666efc25b3552542d)
Xiaoyu Yao 7 年之前
父节点
da0a96968d
当前提交
65b5e81752
共有 4 个文件被更改,包括 70 次插入23 次删除
合并视图 显示文件统计
  1. 4 1
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java
  2. 1 0
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java
  3. 13 2
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java
  4. 52 20
      hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java

+ 4 - 1
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java
查看文件 

@@ -242,8 +242,11 @@ public abstract class DelegationTokenAuthenticationHandler
 
               }
 
               }
 
               String renewer = ServletUtils.getParameter(request,
 
               String renewer = ServletUtils.getParameter(request,
 
                   KerberosDelegationTokenAuthenticator.RENEWER_PARAM);
 
                   KerberosDelegationTokenAuthenticator.RENEWER_PARAM);
 
+              String service = ServletUtils.getParameter(request,
 
+                  KerberosDelegationTokenAuthenticator.SERVICE_PARAM);
 
               try {
 
               try {
 
-                Token<?> dToken = tokenManager.createToken(requestUgi, renewer);
 
+                Token<?> dToken = tokenManager.createToken(requestUgi, renewer,
 
+                    service);
 
                 map = delegationTokenToJSON(dToken);
 
                 map = delegationTokenToJSON(dToken);
 
               } catch (IOException ex) {
 
               } catch (IOException ex) {
 
                 throw new AuthenticationException(ex.toString(), ex);
 
                 throw new AuthenticationException(ex.toString(), ex);

+ 1 - 0
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java
查看文件 

@@ -70,6 +70,7 @@ public abstract class DelegationTokenAuthenticator implements Authenticator {
 
   public static final String DELEGATION_PARAM = "delegation";
 
   public static final String DELEGATION_PARAM = "delegation";
 
   public static final String TOKEN_PARAM = "token";
 
   public static final String TOKEN_PARAM = "token";
 
   public static final String RENEWER_PARAM = "renewer";
 
   public static final String RENEWER_PARAM = "renewer";
 
+  public static final String SERVICE_PARAM = "service";
 
   public static final String DELEGATION_TOKEN_JSON = "Token";
 
   public static final String DELEGATION_TOKEN_JSON = "Token";
 
   public static final String DELEGATION_TOKEN_URL_STRING_JSON = "urlString";
 
   public static final String DELEGATION_TOKEN_URL_STRING_JSON = "urlString";
 
   public static final String RENEW_DELEGATION_TOKEN_JSON = "long";
 
   public static final String RENEW_DELEGATION_TOKEN_JSON = "long";

+ 13 - 2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java
查看文件 

@@ -160,7 +160,14 @@ public class DelegationTokenManager {
 
   @SuppressWarnings("unchecked")
 
   @SuppressWarnings("unchecked")
 
   public Token<? extends AbstractDelegationTokenIdentifier> createToken(
 
   public Token<? extends AbstractDelegationTokenIdentifier> createToken(
 
       UserGroupInformation ugi, String renewer) {
 
       UserGroupInformation ugi, String renewer) {
 
-    LOG.debug("Creating token with ugi:{}, renewer:{}.", ugi, renewer);
 
+    return createToken(ugi, renewer, null);
 
+  }
 
+
 
+  @SuppressWarnings("unchecked")
 
+  public Token<? extends AbstractDelegationTokenIdentifier> createToken(
 
+      UserGroupInformation ugi, String renewer, String service) {
 
+    LOG.debug("Creating token with ugi:{}, renewer:{}, service:{}.",
 
+        ugi, renewer, service !=null ? service : "");
 
     renewer = (renewer == null) ? ugi.getShortUserName() : renewer;
 
     renewer = (renewer == null) ? ugi.getShortUserName() : renewer;
 
     String user = ugi.getUserName();
 
     String user = ugi.getUserName();
 
     Text owner = new Text(user);
 
     Text owner = new Text(user);
 
@@ -173,7 +180,11 @@ public class DelegationTokenManager {
 
     tokenIdentifier.setOwner(owner);
 
     tokenIdentifier.setOwner(owner);
 
     tokenIdentifier.setRenewer(new Text(renewer));
 
     tokenIdentifier.setRenewer(new Text(renewer));
 
     tokenIdentifier.setRealUser(realUser);
 
     tokenIdentifier.setRealUser(realUser);
 
-    return new Token(tokenIdentifier, secretManager);
 
+    Token token = new Token(tokenIdentifier, secretManager);
 
+    if (service != null) {
 
+      token.setService(new Text(service));
 
+    }
 
+    return token;
 
   }
 
   }
 
 
 
   @SuppressWarnings("unchecked")
 
   @SuppressWarnings("unchecked")

+ 52 - 20
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java
查看文件 

@@ -107,12 +107,21 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
 
 
   @Test
 
   @Test
 
   public void testManagementOperations() throws Exception {
 
   public void testManagementOperations() throws Exception {
 
-      testNonManagementOperation();
 
-      testManagementOperationErrors();
 
-      testGetToken(null, new Text("foo"));
 
-      testGetToken("bar", new Text("foo"));
 
-      testCancelToken();
 
-      testRenewToken();
 
+    final Text testTokenKind = new Text("foo");
 
+    final String testRenewer = "bar";
 
+    final String testService = "192.168.64.101:8888";
 
+    testNonManagementOperation();
 
+    testManagementOperationErrors();
 
+    testGetToken(null, null, testTokenKind);
 
+    testGetToken(testRenewer, null, testTokenKind);
 
+    testCancelToken();
 
+    testRenewToken(testRenewer);
 
+
 
+    // Management operations against token requested with service parameter
 
+    Token<DelegationTokenIdentifier> testToken =
 
+        testGetToken(testRenewer, testService, testTokenKind);
 
+    testRenewToken(testToken, testRenewer);
 
+    testCancelToken(testToken);
 
   }
 
   }
 
 
 
   private void testNonManagementOperation() throws Exception {
 
   private void testNonManagementOperation() throws Exception {
 
@@ -152,8 +161,8 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
         Mockito.eq("mock"));
 
         Mockito.eq("mock"));
 
   }
 
   }
 
 
 
-  private void testGetToken(String renewer, Text expectedTokenKind)
 
-      throws Exception {
 
+  private Token<DelegationTokenIdentifier> testGetToken(String renewer,
 
+      String service, Text expectedTokenKind) throws Exception {
 
     DelegationTokenAuthenticator.DelegationTokenOperation op =
 
     DelegationTokenAuthenticator.DelegationTokenOperation op =
 
         DelegationTokenAuthenticator.DelegationTokenOperation.
 
         DelegationTokenAuthenticator.DelegationTokenOperation.
 
             GETDELEGATIONTOKEN;
 
             GETDELEGATIONTOKEN;
 
@@ -169,10 +178,14 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
         new StringWriter()));
 
         new StringWriter()));
 
     Assert.assertFalse(handler.managementOperation(token, request, response));
 
     Assert.assertFalse(handler.managementOperation(token, request, response));
 
 
 
-    Mockito.when(request.getQueryString()).
 
-        thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() +
 
-        "&" + DelegationTokenAuthenticator.RENEWER_PARAM + "=" + renewer);
 
-
 
+    String queryString =
 
+        DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() + "&" +
 
+        DelegationTokenAuthenticator.RENEWER_PARAM + "=" + renewer;
 
+    if (service != null) {
 
+      queryString += "&" + DelegationTokenAuthenticator.SERVICE_PARAM + "="
 
+          + service;
 
+    }
 
+    Mockito.when(request.getQueryString()).thenReturn(queryString);
 
     Mockito.reset(response);
 
     Mockito.reset(response);
 
     Mockito.reset(token);
 
     Mockito.reset(token);
 
     Mockito.when(token.getUserName()).thenReturn("user");
 
     Mockito.when(token.getUserName()).thenReturn("user");
 
@@ -204,10 +217,25 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
     dt.decodeFromUrlString(tokenStr);
 
     dt.decodeFromUrlString(tokenStr);
 
     handler.getTokenManager().verifyToken(dt);
 
     handler.getTokenManager().verifyToken(dt);
 
     Assert.assertEquals(expectedTokenKind, dt.getKind());
 
     Assert.assertEquals(expectedTokenKind, dt.getKind());
 
+    if (service != null) {
 
+      Assert.assertEquals(service, dt.getService().toString());
 
+    } else {
 
+      Assert.assertEquals(0, dt.getService().getLength());
 
+    }
 
+    return dt;
 
   }
 
   }
 
 
 
   @SuppressWarnings("unchecked")
 
   @SuppressWarnings("unchecked")
 
   private void testCancelToken() throws Exception {
 
   private void testCancelToken() throws Exception {
 
+    Token<DelegationTokenIdentifier> token =
 
+        (Token<DelegationTokenIdentifier>) handler.getTokenManager()
 
+            .createToken(UserGroupInformation.getCurrentUser(), "foo");
 
+    testCancelToken(token);
 
+  }
 
+
 
+  @SuppressWarnings("unchecked")
 
+  private void testCancelToken(Token<DelegationTokenIdentifier> token)
 
+      throws Exception {
 
     DelegationTokenAuthenticator.DelegationTokenOperation op =
 
     DelegationTokenAuthenticator.DelegationTokenOperation op =
 
         DelegationTokenAuthenticator.DelegationTokenOperation.
 
         DelegationTokenAuthenticator.DelegationTokenOperation.
 
             CANCELDELEGATIONTOKEN;
 
             CANCELDELEGATIONTOKEN;
 
@@ -224,9 +252,6 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
         Mockito.contains("requires the parameter [token]"));
 
         Mockito.contains("requires the parameter [token]"));
 
 
 
     Mockito.reset(response);
 
     Mockito.reset(response);
 
-    Token<DelegationTokenIdentifier> token =
 
-        (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
 
-            UserGroupInformation.getCurrentUser(), "foo");
 
     Mockito.when(request.getQueryString()).thenReturn(
 
     Mockito.when(request.getQueryString()).thenReturn(
 
         DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() + "&" +
 
         DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() + "&" +
 
             DelegationTokenAuthenticator.TOKEN_PARAM + "=" +
 
             DelegationTokenAuthenticator.TOKEN_PARAM + "=" +
 
@@ -245,7 +270,16 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
   }
 
   }
 
 
 
   @SuppressWarnings("unchecked")
 
   @SuppressWarnings("unchecked")
 
-  private void testRenewToken() throws Exception {
 
+  private void testRenewToken(String testRenewer) throws Exception {
 
+    Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>)
 
+        handler.getTokenManager().createToken(
 
+            UserGroupInformation.getCurrentUser(), testRenewer);
 
+    testRenewToken(dToken, testRenewer);
 
+  }
 
+
 
+  @SuppressWarnings("unchecked")
 
+  private void testRenewToken(Token<DelegationTokenIdentifier> dToken,
 
+      String testRenewer) throws Exception {
 
     DelegationTokenAuthenticator.DelegationTokenOperation op =
 
     DelegationTokenAuthenticator.DelegationTokenOperation op =
 
         DelegationTokenAuthenticator.DelegationTokenOperation.
 
         DelegationTokenAuthenticator.DelegationTokenOperation.
 
             RENEWDELEGATIONTOKEN;
 
             RENEWDELEGATIONTOKEN;
 
@@ -266,7 +300,7 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
 
 
     Mockito.reset(response);
 
     Mockito.reset(response);
 
     AuthenticationToken token = Mockito.mock(AuthenticationToken.class);
 
     AuthenticationToken token = Mockito.mock(AuthenticationToken.class);
 
-    Mockito.when(token.getUserName()).thenReturn("user");
 
+    Mockito.when(token.getUserName()).thenReturn(testRenewer);
 
     Assert.assertFalse(handler.managementOperation(token, request, response));
 
     Assert.assertFalse(handler.managementOperation(token, request, response));
 
     Mockito.verify(response).sendError(
 
     Mockito.verify(response).sendError(
 
         Mockito.eq(HttpServletResponse.SC_BAD_REQUEST),
 
         Mockito.eq(HttpServletResponse.SC_BAD_REQUEST),
 
@@ -276,9 +310,7 @@ public class TestDelegationTokenAuthenticationHandlerWithMocks {
 
     StringWriter writer = new StringWriter();
 
     StringWriter writer = new StringWriter();
 
     PrintWriter pwriter = new PrintWriter(writer);
 
     PrintWriter pwriter = new PrintWriter(writer);
 
     Mockito.when(response.getWriter()).thenReturn(pwriter);
 
     Mockito.when(response.getWriter()).thenReturn(pwriter);
 
-    Token<DelegationTokenIdentifier> dToken =
 
-        (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken(
 
-            UserGroupInformation.getCurrentUser(), "user");
 
+
 
     Mockito.when(request.getQueryString()).
 
     Mockito.when(request.getQueryString()).
 
         thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() +
 
         thenReturn(DelegationTokenAuthenticator.OP_PARAM + "=" + op.toString() +
 
             "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" +
 
             "&" + DelegationTokenAuthenticator.TOKEN_PARAM + "=" +