@VisibleForTesting DelegationTokenAuthenticatedURL createAuthenticatedURL() { return new DelegationTokenAuthenticatedURL(configurator) { @Override public org.apache.hadoop.security.token.Token<? extends TokenIdentifier> selectDelegationToken(URL url, Credentials creds) { if (LOG.isDebugEnabled()) { LOG.debug("Looking for delegation token. creds: {}", creds.getAllTokens()); } // clientTokenProvider is either "this" or a load balancing instance. // if the latter, it will first look for the load balancer's uri // service followed by each sub-provider for backwards-compatibility. return clientTokenProvider.selectDelegationToken(creds); } }; }
/** * Returns an authenticated {@link HttpURLConnection}. If the Delegation * Token is present, it will be used taking precedence over the configured * <code>Authenticator</code>. * * @param url the URL to connect to. Only HTTP/S URLs are supported. * @param token the authentication token being used for the user. * @return an authenticated {@link HttpURLConnection}. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public HttpURLConnection openConnection(URL url, Token token) throws IOException, AuthenticationException { return openConnection(url, token, null); }
/** * Cancels a delegation token from the server end-point. It does not require * being authenticated by the configured <code>Authenticator</code>. * * @param url the URL to cancel the delegation token from. Only HTTP/S URLs * are supported. * @param token the authentication token with the Delegation Token to cancel. * @throws IOException if an IO error occurred. */ public void cancelDelegationToken(URL url, Token token) throws IOException { cancelDelegationToken(url, token, null); }
dToken = selectDelegationToken(url, creds); if (dToken != null) { if (useQueryStringForDelegationToken()) { url = augmentURL(url, extraParams); HttpURLConnection conn = super.openConnection(url, token); if (!token.isSet() && !useQueryStringForDelegationToken() && dToken != null) {
@Override public Void run() throws Exception { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token(); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); HttpURLConnection conn = aUrl.openConnection(url, token); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); List<String> ret = IOUtils.readLines(conn.getInputStream()); Assert.assertEquals(1, ret.size()); Assert.assertEquals(FOO_USER, ret.get(0)); try { aUrl.getDelegationToken(url, token, FOO_USER); Assert.fail(); } catch (AuthenticationException ex) { Assert.assertTrue(ex.getMessage().contains( "delegation token operation")); } return null; } });
@Override public HttpURLConnection run() throws Exception { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator); return authUrl.openConnection(url, authToken, doAsUser); } });
new DelegationTokenAuthenticatedURL.Token(); final DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); aUrl.setUseQueryStringForDelegationToken(useQS); aUrl.getDelegationToken(nonAuthURL, token, FOO_USER); Assert.fail(); } catch (Exception ex) { aUrl.getDelegationToken(authURL, token, FOO_USER); Assert.assertNotNull(token.getDelegationToken()); Assert.assertEquals(new Text("token-kind"), token.getDelegationToken().getKind()); aUrl.renewDelegationToken(authURL, token); aUrl.renewDelegationToken(nonAuthURL, token); Assert.fail(); } catch (Exception ex) { aUrl.getDelegationToken(authURL, token, FOO_USER); aUrl.renewDelegationToken(authURL2, token); Assert.fail(); } catch (Exception ex) { aUrl.getDelegationToken(authURL, token, FOO_USER); aUrl.cancelDelegationToken(authURL, token);
@Override public Token<TimelineDelegationTokenIdentifier> run() throws Exception { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); return (Token) authUrl.getDelegationToken( resURI.toURL(), token, renewer, doAsUser); } };
@Override public Void call() throws Exception { aUrl.getDelegationToken( url, token, doAs ? doAsUser : "client", doAsUser); Assert.assertNotNull(token.getDelegationToken()); aUrl.renewDelegationToken(url, token, doAsUser); Assert.assertNotNull(token.getDelegationToken()); aUrl.getDelegationToken(url, token, FOO_USER, doAsUser); Assert.assertNotNull(token.getDelegationToken()); aUrl.renewDelegationToken(url, token, doAsUser); Assert.fail(); } catch (Exception ex) { aUrl.getDelegationToken(url, token, FOO_USER, doAsUser); aUrl.cancelDelegationToken(url, token, doAsUser); Assert.assertNull(token.getDelegationToken());
@Override public Void run() throws Exception { final URL url = createURL(null, null, null, null); LOG.debug("Cancelling delegation token {} with url:{}, as:{}", dToken, url, doAsUser); final DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator); authUrl.cancelDelegationToken(url, token, doAsUser); return null; } }
/** * Requests a delegation token using the configured <code>Authenticator</code> * for authentication. * * @param url the URL to get the delegation token from. Only HTTP/S URLs are * supported. * @param token the authentication token being used for the user where the * Delegation token will be stored. * @param renewer the renewer user. * @return a delegation token. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication exception occurred. */ public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> getDelegationToken(URL url, Token token, String renewer) throws IOException, AuthenticationException { return getDelegationToken(url, token, renewer, null); }
@Override public Long run() throws Exception { // If the timeline DT to renew is different than cached, replace it. // Token to set every time for retry, because when exception happens, // DelegationTokenAuthenticatedURL will reset it to null; if (!timelineDT.equals(token.getDelegationToken())) { token.setDelegationToken((Token) timelineDT); } DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); // If the token service address is not available, fall back to use // the configured service address. final URI serviceURI = isTokenServiceAddrEmpty ? resURI : new URI(scheme, null, address.getHostName(), address.getPort(), RESOURCE_URI_STR, null, null); return authUrl .renewDelegationToken(serviceURI.toURL(), token, doAsUser); } };
@Override public Long run() throws Exception { return authUrl.renewDelegationToken(url, token, doAsUser); } }
dToken = creds.getToken(service); if (dToken != null) { if (useQueryStringForDelegationToken()) { url = augmentURL(url, extraParams); HttpURLConnection conn = super.openConnection(url, token); if (!token.isSet() && !useQueryStringForDelegationToken() && dToken != null) {
/** * Cancels a delegation token from the server end-point. It does not require * being authenticated by the configured <code>Authenticator</code>. * * @param url the URL to cancel the delegation token from. Only HTTP/S URLs * are supported. * @param token the authentication token with the Delegation Token to cancel. * @param doAsUser the user to do as, which will be the token owner. * @throws IOException if an IO error occurred. */ public void cancelDelegationToken(URL url, Token token, String doAsUser) throws IOException { Preconditions.checkNotNull(url, "url"); Preconditions.checkNotNull(token, "token"); Preconditions.checkNotNull(token.delegationToken, "No delegation token available"); try { ((KerberosDelegationTokenAuthenticator) getAuthenticator()). cancelDelegationToken(url, token, token.delegationToken, doAsUser); } finally { token.delegationToken = null; } }
/** * Creates an <code>DelegationTokenAuthenticatedURL</code>. * * @param authenticator the {@link DelegationTokenAuthenticator} instance to * use, if <code>null</code> the default one will be used. * @param connConfigurator a connection configurator. */ public DelegationTokenAuthenticatedURL( DelegationTokenAuthenticator authenticator, ConnectionConfigurator connConfigurator) { super(obtainDelegationTokenAuthenticator(authenticator, connConfigurator), connConfigurator); }
@Override public Void run() throws Exception { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token(); DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); HttpURLConnection conn = aUrl.openConnection(url, token); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); List<String> ret = IOUtils.readLines(conn.getInputStream()); Assert.assertEquals(1, ret.size()); Assert.assertEquals(FOO_USER, ret.get(0)); try { aUrl.getDelegationToken(url, token, FOO_USER); Assert.fail(); } catch (AuthenticationException ex) { Assert.assertTrue(ex.getMessage().contains( "delegation token operation")); } return null; } });
@Override public HttpURLConnection run() throws Exception { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator); return authUrl.openConnection(url, authToken, doAsUser); } });
new DelegationTokenAuthenticatedURL.Token(); final DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); aUrl.setUseQueryStringForDelegationToken(useQS); aUrl.getDelegationToken(nonAuthURL, token, FOO_USER); Assert.fail(); } catch (Exception ex) { aUrl.getDelegationToken(authURL, token, FOO_USER); Assert.assertNotNull(token.getDelegationToken()); Assert.assertEquals(new Text("token-kind"), token.getDelegationToken().getKind()); aUrl.renewDelegationToken(authURL, token); aUrl.renewDelegationToken(nonAuthURL, token); Assert.fail(); } catch (Exception ex) { aUrl.getDelegationToken(authURL, token, FOO_USER); aUrl.renewDelegationToken(authURL2, token); Assert.fail(); } catch (Exception ex) { aUrl.getDelegationToken(authURL, token, FOO_USER); aUrl.cancelDelegationToken(authURL, token);
@Override public Token<TimelineDelegationTokenIdentifier> run() throws Exception { DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(authenticator, connConfigurator); return (Token) authUrl.getDelegationToken( resURI.toURL(), token, renewer, doAsUser); } };