@VisibleForTesting @SuppressWarnings("unchecked") public void initTokenManager(Properties config) { Configuration conf = new Configuration(false); for (Map.Entry entry : config.entrySet()) { conf.set((String) entry.getKey(), (String) entry.getValue()); } String tokenKind = conf.get(TOKEN_KIND); if (tokenKind == null) { throw new IllegalArgumentException( "The configuration does not define the token kind"); } tokenKind = tokenKind.trim(); tokenManager = new DelegationTokenManager(conf, new Text(tokenKind)); tokenManager.init(); }
KerberosDelegationTokenAuthenticator.SERVICE_PARAM); try { Token<?> dToken = tokenManager.createToken(requestUgi, renewer, service); map = delegationTokenToJSON(dToken); try { dt.decodeFromUrlString(tokenToRenew); long expirationTime = tokenManager.renewToken(dt, requestUgi.getShortUserName()); map = new HashMap(); try { dt.decodeFromUrlString(tokenToCancel); tokenManager.cancelToken(dt, (requestUgi != null) ? requestUgi.getShortUserName() : null); } catch (IOException ex) {
@Override public void destroy() { tokenManager.destroy(); authHandler.destroy(); }
@SuppressWarnings("unchecked") @Test public void testRenewTokenSingleManager() throws Exception { for (int i = 0; i < TEST_RETRIES; i++) { DelegationTokenManager tm1 = null; String connectString = zkServer.getConnectString(); Configuration conf = getSecretConf(connectString); tm1 = new DelegationTokenManager(conf, new Text("foo")); tm1.init(); Token<DelegationTokenIdentifier> token = (Token<DelegationTokenIdentifier>) tm1.createToken(UserGroupInformation.getCurrentUser(), "foo"); Assert.assertNotNull(token); tm1.renewToken(token, "foo"); tm1.verifyToken(token); verifyDestroy(tm1, conf); } }
tm1 = new DelegationTokenManager(conf, new Text("foo")); tm1.init(); tm1.createToken(UserGroupInformation.getCurrentUser(), "foo"); Assert.assertNotNull(token); AbstractDelegationTokenSecretManager sm = tm1.getDelegationTokenSecretManager(); ZKDelegationTokenSecretManager zksm = (ZKDelegationTokenSecretManager)sm; ExecutorService es = zksm.getListenerThreadPool(); tm1.destroy();
curatorFramework.start(); ZKDelegationTokenSecretManager.setCurator(curatorFramework); tm1 = new DelegationTokenManager(conf, new Text("bla")); tm1.init(); verifyACL(curatorFramework, "/" + workingPath, digestACL); tm1.destroy(); ZKDelegationTokenSecretManager.setCurator(null); curatorFramework.close();
Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()). pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); handler.getTokenManager().verifyToken(dToken);
@SuppressWarnings("unchecked") public void cancelToken( Token<? extends AbstractDelegationTokenIdentifier> token, String canceler) throws IOException { LOG.debug("Cancelling token:{} with canceler:{}.", token, canceler); canceler = (canceler != null) ? canceler : verifyToken(token).getShortUserName(); secretManager.cancelToken(token, canceler); }
@SuppressWarnings("unchecked") public Token<? extends AbstractDelegationTokenIdentifier> createToken( UserGroupInformation ugi, String renewer) { return createToken(ugi, renewer, null); }
@SuppressWarnings("rawtypes") protected void verifyDestroy(DelegationTokenManager tm, Configuration conf) throws Exception { AbstractDelegationTokenSecretManager sm = tm.getDelegationTokenSecretManager(); ZKDelegationTokenSecretManager zksm = (ZKDelegationTokenSecretManager) sm; ExecutorService es = zksm.getListenerThreadPool(); tm.destroy(); Assert.assertTrue(es.isShutdown()); // wait for the pool to terminate long timeout = conf.getLong( ZKDelegationTokenSecretManager.ZK_DTSM_ZK_SHUTDOWN_TIMEOUT, ZKDelegationTokenSecretManager.ZK_DTSM_ZK_SHUTDOWN_TIMEOUT_DEFAULT); Thread.sleep(timeout * 3); Assert.assertTrue(es.isTerminated()); }
/** * Sets an external <code>DelegationTokenSecretManager</code> instance to * manage creation and verification of Delegation Tokens. * <p/> * This is useful for use cases where secrets must be shared across multiple * services. * * @param secretManager a <code>DelegationTokenSecretManager</code> instance */ public void setExternalDelegationTokenSecretManager( AbstractDelegationTokenSecretManager secretManager) { tokenManager.setExternalDelegationTokenSecretManager(secretManager); }
@SuppressWarnings("unchecked") @Test public void testRenewTokenSingleManager() throws Exception { for (int i = 0; i < TEST_RETRIES; i++) { DelegationTokenManager tm1 = null; String connectString = zkServer.getConnectString(); Configuration conf = getSecretConf(connectString); tm1 = new DelegationTokenManager(conf, new Text("foo")); tm1.init(); Token<DelegationTokenIdentifier> token = (Token<DelegationTokenIdentifier>) tm1.createToken(UserGroupInformation.getCurrentUser(), "foo"); Assert.assertNotNull(token); tm1.renewToken(token, "foo"); tm1.verifyToken(token); verifyDestroy(tm1, conf); } }
tm1 = new DelegationTokenManager(conf, new Text("foo")); tm1.init(); tm1.createToken(UserGroupInformation.getCurrentUser(), "foo"); Assert.assertNotNull(token); AbstractDelegationTokenSecretManager sm = tm1.getDelegationTokenSecretManager(); ZKDelegationTokenSecretManager zksm = (ZKDelegationTokenSecretManager)sm; ExecutorService es = zksm.getListenerThreadPool(); tm1.destroy();
curatorFramework.start(); ZKDelegationTokenSecretManager.setCurator(curatorFramework); tm1 = new DelegationTokenManager(conf, new Text("bla")); tm1.init(); verifyACL(curatorFramework, "/" + workingPath, digestACL); tm1.destroy(); ZKDelegationTokenSecretManager.setCurator(null); curatorFramework.close();
Mockito.when(response.getWriter()).thenReturn(pwriter); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getQueryString()). pwriter.close(); Assert.assertTrue(writer.toString().contains("long")); handler.getTokenManager().verifyToken(dToken);
Token<AbstractDelegationTokenIdentifier> dt = new Token(); dt.decodeFromUrlString(delegationParam); UserGroupInformation ugi = tokenManager.verifyToken(dt); final String shortName = ugi.getShortUserName();
@SuppressWarnings("unchecked") private void testValidDelegationTokenHeader() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); Token<DelegationTokenIdentifier> dToken = (Token<DelegationTokenIdentifier>) handler.getTokenManager().createToken( UserGroupInformation.getCurrentUser(), "user"); Mockito.when(request.getHeader(Mockito.eq( DelegationTokenAuthenticator.DELEGATION_TOKEN_HEADER))).thenReturn( dToken.encodeToUrlString()); AuthenticationToken token = handler.authenticate(request, response); Assert.assertEquals(UserGroupInformation.getCurrentUser(). getShortUserName(), token.getUserName()); Assert.assertEquals(0, token.getExpires()); Assert.assertEquals(handler.getType(), token.getType()); Assert.assertTrue(token.isExpired()); }
@SuppressWarnings("rawtypes") protected void verifyDestroy(DelegationTokenManager tm, Configuration conf) throws Exception { AbstractDelegationTokenSecretManager sm = tm.getDelegationTokenSecretManager(); ZKDelegationTokenSecretManager zksm = (ZKDelegationTokenSecretManager) sm; ExecutorService es = zksm.getListenerThreadPool(); tm.destroy(); Assert.assertTrue(es.isShutdown()); // wait for the pool to terminate long timeout = conf.getLong( ZKDelegationTokenSecretManager.ZK_DTSM_ZK_SHUTDOWN_TIMEOUT, ZKDelegationTokenSecretManager.ZK_DTSM_ZK_SHUTDOWN_TIMEOUT_DEFAULT); Thread.sleep(timeout * 3); Assert.assertTrue(es.isTerminated()); }
/** * Sets an external <code>DelegationTokenSecretManager</code> instance to * manage creation and verification of Delegation Tokens. * <p/> * This is useful for use cases where secrets must be shared across multiple * services. * * @param secretManager a <code>DelegationTokenSecretManager</code> instance */ public void setExternalDelegationTokenSecretManager( AbstractDelegationTokenSecretManager secretManager) { tokenManager.setExternalDelegationTokenSecretManager(secretManager); }
@SuppressWarnings("unchecked") @Test public void testDTManager() throws Exception { Configuration conf = new Configuration(false); conf.setLong(DelegationTokenManager.UPDATE_INTERVAL, DAY_IN_SECS); conf.setLong(DelegationTokenManager.MAX_LIFETIME, DAY_IN_SECS); conf.setLong(DelegationTokenManager.RENEW_INTERVAL, DAY_IN_SECS); conf.setLong(DelegationTokenManager.REMOVAL_SCAN_INTERVAL, DAY_IN_SECS); conf.getBoolean(DelegationTokenManager.ENABLE_ZK_KEY, enableZKKey); DelegationTokenManager tm = new DelegationTokenManager(conf, new Text("foo")); tm.init(); Token<DelegationTokenIdentifier> token = (Token<DelegationTokenIdentifier>) tm.createToken( UserGroupInformation.getCurrentUser(), "foo"); Assert.assertNotNull(token); tm.verifyToken(token); Assert.assertTrue(tm.renewToken(token, "foo") > System.currentTimeMillis()); tm.cancelToken(token, "foo"); try { tm.verifyToken(token); Assert.fail(); } catch (IOException ex) { //NOP } catch (Exception ex) { Assert.fail(); } tm.destroy(); }