|
|
@@ -23,6 +23,7 @@ import java.io.IOException;
|
|
|
import java.lang.reflect.UndeclaredThrowableException;
|
|
|
import java.net.ConnectException;
|
|
|
import java.net.HttpURLConnection;
|
|
|
+import java.net.InetSocketAddress;
|
|
|
import java.net.URI;
|
|
|
import java.net.URL;
|
|
|
import java.net.URLConnection;
|
|
|
@@ -45,6 +46,7 @@ import org.apache.hadoop.classification.InterfaceAudience.Private;
|
|
|
import org.apache.hadoop.classification.InterfaceStability.Unstable;
|
|
|
import org.apache.hadoop.conf.Configuration;
|
|
|
import org.apache.hadoop.security.UserGroupInformation;
|
|
|
+import org.apache.hadoop.security.SecurityUtil;
|
|
|
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
|
|
|
import org.apache.hadoop.security.ssl.SSLFactory;
|
|
|
import org.apache.hadoop.security.token.Token;
|
|
|
@@ -373,12 +375,14 @@ public class TimelineClientImpl extends TimelineClient {
|
|
|
== UserGroupInformation.AuthenticationMethod.PROXY;
|
|
|
final String doAsUser = isProxyAccess ?
|
|
|
UserGroupInformation.getCurrentUser().getShortUserName() : null;
|
|
|
+ boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
|
|
|
+ final String scheme = useHttps ? "https" : "http";
|
|
|
+ final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
|
|
|
PrivilegedExceptionAction<Long> renewDTAction =
|
|
|
new PrivilegedExceptionAction<Long>() {
|
|
|
|
|
|
@Override
|
|
|
- public Long run()
|
|
|
- throws Exception {
|
|
|
+ public Long run() throws Exception {
|
|
|
// If the timeline DT to renew is different than cached, replace it.
|
|
|
// Token to set every time for retry, because when exception happens,
|
|
|
// DelegationTokenAuthenticatedURL will reset it to null;
|
|
|
@@ -388,8 +392,10 @@ public class TimelineClientImpl extends TimelineClient {
|
|
|
DelegationTokenAuthenticatedURL authUrl =
|
|
|
new DelegationTokenAuthenticatedURL(authenticator,
|
|
|
connConfigurator);
|
|
|
+ final URI serviceURI = new URI(scheme, null, address.getHostName(),
|
|
|
+ address.getPort(), RESOURCE_URI_STR, null, null);
|
|
|
return authUrl
|
|
|
- .renewDelegationToken(resURI.toURL(), token, doAsUser);
|
|
|
+ .renewDelegationToken(serviceURI.toURL(), token, doAsUser);
|
|
|
}
|
|
|
};
|
|
|
return (Long) operateDelegationToken(renewDTAction);
|
|
|
@@ -405,12 +411,14 @@ public class TimelineClientImpl extends TimelineClient {
|
|
|
== UserGroupInformation.AuthenticationMethod.PROXY;
|
|
|
final String doAsUser = isProxyAccess ?
|
|
|
UserGroupInformation.getCurrentUser().getShortUserName() : null;
|
|
|
+ boolean useHttps = YarnConfiguration.useHttps(this.getConfig());
|
|
|
+ final String scheme = useHttps ? "https" : "http";
|
|
|
+ final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT);
|
|
|
PrivilegedExceptionAction<Void> cancelDTAction =
|
|
|
new PrivilegedExceptionAction<Void>() {
|
|
|
|
|
|
@Override
|
|
|
- public Void run()
|
|
|
- throws Exception {
|
|
|
+ public Void run() throws Exception {
|
|
|
// If the timeline DT to cancel is different than cached, replace it.
|
|
|
// Token to set every time for retry, because when exception happens,
|
|
|
// DelegationTokenAuthenticatedURL will reset it to null;
|
|
|
@@ -420,7 +428,9 @@ public class TimelineClientImpl extends TimelineClient {
|
|
|
DelegationTokenAuthenticatedURL authUrl =
|
|
|
new DelegationTokenAuthenticatedURL(authenticator,
|
|
|
connConfigurator);
|
|
|
- authUrl.cancelDelegationToken(resURI.toURL(), token, doAsUser);
|
|
|
+ final URI serviceURI = new URI(scheme, null, address.getHostName(),
|
|
|
+ address.getPort(), RESOURCE_URI_STR, null, null);
|
|
|
+ authUrl.cancelDelegationToken(serviceURI.toURL(), token, doAsUser);
|
|
|
return null;
|
|
|
}
|
|
|
};
|
Jonathan Eagles