Home Explore Help
Register Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

MAPREDUCE-5884. History server uses short user name when canceling tokens. Contributed by Mohammad Kamrul Islam

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1593422 13f79535-47bb-0310-9956-ffa450edef68
Jason Darrell Lowe 11 years ago
parent
47f03bc9fe
commit
e2c18809d3
4 changed files with 29 additions and 1 deletions
Split View Show Diff Stats
  1. 3 0
      hadoop-mapreduce-project/CHANGES.txt
  2. 1 1
      hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/HistoryClientService.java
  3. 20 0
      hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs/src/test/java/org/apache/hadoop/mapreduce/v2/hs/TestJHSDelegationTokenSecretManager.java
  4. 5 0
      hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient/src/test/java/org/apache/hadoop/mapreduce/security/TestJHSSecurity.java

+ 3 - 0
hadoop-mapreduce-project/CHANGES.txt
View File 

@@ -213,6 +213,9 @@ Release 2.5.0 - UNRELEASED
 
     MAPREDUCE-5749. TestRMContainerAllocator#testReportedAppProgress Failed
 
     (jlowe)
 
 
+    MAPREDUCE-5884. History server uses short user name when canceling tokens
 
+    (Mohammad Kamrul Islam via jlowe)
 
+
 
 Release 2.4.1 - UNRELEASED
 
 
   INCOMPATIBLE CHANGES

+ 1 - 1
hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/HistoryClientService.java
View File 

@@ -396,7 +396,7 @@ public class HistoryClientService extends AbstractService {
 
                     .array(), new Text(protoToken.getKind()), new Text(
 
                     protoToken.getService()));
 
 
-        String user = UserGroupInformation.getCurrentUser().getShortUserName();
 
+        String user = UserGroupInformation.getCurrentUser().getUserName();
 
         jhsDTSecretManager.cancelToken(token, user);
 
         return Records.newRecord(CancelDelegationTokenResponse.class);
 
     }

+ 20 - 0
hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs/src/test/java/org/apache/hadoop/mapreduce/v2/hs/TestJHSDelegationTokenSecretManager.java
View File 

@@ -30,6 +30,8 @@ import java.util.Map;
 
 import org.apache.hadoop.conf.Configuration;
 
 import org.apache.hadoop.io.Text;
 
 import org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier;
 
+import org.apache.hadoop.security.AccessControlException;
 
+import org.apache.hadoop.security.authentication.util.KerberosName;
 
 import org.apache.hadoop.security.token.Token;
 
 import org.apache.hadoop.security.token.delegation.DelegationKey;
 
 import org.junit.Test;
 
@@ -87,6 +89,24 @@ public class TestJHSDelegationTokenSecretManager {
 
     assertEquals("sequence number restore", tokenId2.getSequenceNumber() + 1,
 
         tokenId3.getSequenceNumber());
 
     mgr.cancelToken(token1, "tokenOwner");
 
+
 
+    // Testing with full principal name
 
+    MRDelegationTokenIdentifier tokenIdFull = new MRDelegationTokenIdentifier(
 
+        new Text("tokenOwner/localhost@LOCALHOST"), new Text("tokenRenewer"),
 
+        new Text("tokenUser"));
 
+    KerberosName.setRules("RULE:[1:$1]\nRULE:[2:$1]");
 
+    Token<MRDelegationTokenIdentifier> tokenFull = new Token<MRDelegationTokenIdentifier>(
 
+        tokenIdFull, mgr);
 
+    // Negative test
 
+    try {
 
+      mgr.cancelToken(tokenFull, "tokenOwner");
 
+    } catch (AccessControlException ace) {
 
+      assertTrue(ace.getMessage().contains(
 
+          "is not authorized to cancel the token"));
 
+    }
 
+    // Succeed to cancel with full principal
 
+    mgr.cancelToken(tokenFull, tokenIdFull.getOwner().toString());
 
+
 
     long tokenRenewDate3 = mgr.getAllTokens().get(tokenId3).getRenewDate();
 
     mgr.stopThreads();

+ 5 - 0
hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-jobclient/src/test/java/org/apache/hadoop/mapreduce/security/TestJHSSecurity.java
View File 

@@ -198,6 +198,11 @@ public class TestJHSSecurity {
 
         fail("Unexpected exception" + e);
 
       }
 
       cancelDelegationToken(loggedInUser, hsService, token);
 
+
 
+      // Testing the token with different renewer to cancel the token
 
+      Token tokenWithDifferentRenewer = getDelegationToken(loggedInUser,
 
+          hsService, "yarn");
 
+      cancelDelegationToken(loggedInUser, hsService, tokenWithDifferentRenewer);
 
       if (clientUsingDT != null) {
 
 //        RPC.stopProxy(clientUsingDT);
 
         clientUsingDT = null;