Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

MAPREDUCE-3475. JT can't renew its own tokens. Contributed by Daryn Sharp.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-1.0@1214658 13f79535-47bb-0310-9956-ffa450edef68
Matthew Foley 13 years ago
parent
f0d7ddf723
commit
84b6b034f1
3 changed files with 40 additions and 1 deletions
Split View Show Diff Stats
  1. 2 0
      CHANGES.txt
  2. 9 1
      src/mapred/org/apache/hadoop/mapred/JobClient.java
  3. 29 0
      src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java

+ 2 - 0
CHANGES.txt
View File 

@@ -61,6 +61,8 @@ Release 1.0.0 - 2011.11.27
 
 
   BUG FIXES
 
 
+    MAPREDUCE-3475. JT can't renew its own tokens. (Daryn Sharp via mattf)
 
+
 
     HADOOP-7869. HADOOP_HOME warning happens all of the time (Owen O'Malley
 
     via mattf)

+ 9 - 1
src/mapred/org/apache/hadoop/mapred/JobClient.java
View File 

@@ -19,6 +19,8 @@ package org.apache.hadoop.mapred;
 
 
 import java.io.BufferedReader;
 
 import java.io.BufferedWriter;
 
+import java.io.ByteArrayInputStream;
 
+import java.io.DataInputStream;
 
 import java.io.File;
 
 import java.io.FileNotFoundException;
 
 import java.io.FileOutputStream;
 
@@ -509,7 +511,13 @@ public class JobClient extends Configured implements MRConstants, Tool  {
 
 
     @Override
 
     public boolean isManaged(Token<?> token) throws IOException {
 
-      return true;
 
+      ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
 
+      DelegationTokenIdentifier id = new DelegationTokenIdentifier(); 
+      id.readFields(new DataInputStream(buf));
 
+      // AbstractDelegationToken converts given renewer to a short name, but
 
+      // AbstractDelegationTokenSecretManager does not, so we have to do it
 
+      String loginUser = UserGroupInformation.getLoginUser().getShortUserName();
 
+      return loginUser.equals(id.getRenewer().toString());
 
     }
 
     
   }

+ 29 - 0
src/test/org/apache/hadoop/mapreduce/security/token/TestDelegationTokenRenewal.java
View File 

@@ -20,7 +20,9 @@ package org.apache.hadoop.mapreduce.security.token;
 
 
 
 import static org.junit.Assert.assertEquals;
 
+import static org.junit.Assert.assertFalse;
 
 import static org.junit.Assert.assertTrue;
 
+import static org.junit.Assert.fail;
 
 
 import java.io.IOException;
 
 import java.net.InetAddress;
 
@@ -40,6 +42,7 @@ import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
 
 import org.apache.hadoop.io.Text;
 
 import org.apache.hadoop.mapreduce.JobID;
 
 import org.apache.hadoop.security.Credentials;
 
+import org.apache.hadoop.security.UserGroupInformation;
 
 import org.apache.hadoop.security.token.Token;
 
 import org.apache.hadoop.security.token.SecretManager.InvalidToken;
 
 import org.apache.hadoop.security.token.TokenRenewer;
 
@@ -102,10 +105,12 @@ public class TestDelegationTokenRenewal {
 
   }
 
 
   private static Configuration conf;
 
+  private static String trackerService = "localhost:0";
 
  
   @BeforeClass
 
   public static void setUp() throws Exception {
 
     conf = new Configuration();
 
+    conf.set("mapred.job.tracker", trackerService);
 
     
     // create a fake FileSystem (MyFS) and assosiate it
 
     // with "hdfs" schema.
 
@@ -220,6 +225,30 @@ public class TestDelegationTokenRenewal {
 
     return token1;
 
   }
 
   
+  @Test 
+  public void testLocalMRTokenRenewal() throws IOException {
 
+    String user = UserGroupInformation.getLoginUser().getUserName();
 
+    
+    DelegationTokenIdentifier ident = new DelegationTokenIdentifier(
 
+        new Text(user), new Text(user), null);
 
+    Token<?> t = new Token<DelegationTokenIdentifier>(
 
+        ident.getBytes(),
 
+        new byte[]{},
 
+        org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
 
+        new Text("service"));
 
+    assertTrue(t.isManaged());
 
+    
+    ident = new DelegationTokenIdentifier(
 
+        new Text(user), new Text(user+"-is-not-me"), null);
 
+    t = new Token<DelegationTokenIdentifier>(
 
+        ident.getBytes(),
 
+        new byte[]{},
 
+        org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier.MAPREDUCE_DELEGATION_KIND,
 
+        new Text("service"));
 
+    
+    assertFalse(t.isManaged());
 
+    
+  }
 
   
   /**
 
    * Basic idea of the test: