public SaslClientDigestCallbackHandler(DelegationTokenImpl token) { requireNonNull(token); this.userName = encodeIdentifier(token.getIdentifier().getBytes()); this.userPassword = encodePassword(token.getPassword()); }
public Token<? extends TokenIdentifier> getHadoopToken(AuthenticationToken token) throws IOException { if (!(token instanceof DelegationTokenImpl)) { throw new IOException("Expected a DelegationTokenImpl but found " + (token != null ? token.getClass() : "null")); } DelegationTokenImpl dt = (DelegationTokenImpl) token; try { AuthenticationTokenIdentifier identifier = dt.getIdentifier(); return new Token<AuthenticationTokenIdentifier>(identifier.getBytes(), dt.getPassword(), identifier.getKind(), dt.getServiceName()); } catch (Exception e) { throw new IOException("Failed to create Hadoop token from Accumulo DelegationToken", e); } }
Token<AuthenticationTokenIdentifier> token = new Token<>(id.getBytes(), password, id.getKind(), new Text(svcName.toString())); return Maps.immutableEntry(token, id);
@Override public byte[] retrievePassword(AuthenticationTokenIdentifier identifier) throws InvalidToken { long now = System.currentTimeMillis(); if (identifier.getExpirationDate() < now) { throw new InvalidToken("Token has expired"); } if (identifier.getIssueDate() > now) { throw new InvalidToken("Token issued in the future"); } AuthenticationKey masterKey = allKeys.get(identifier.getKeyId()); if (masterKey == null) { throw new InvalidToken("Unknown master key for token (id=" + identifier.getKeyId() + ")"); } // regenerate the password return createPassword(identifier.getBytes(), masterKey.getKey()); }
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
return createPassword(identifier.getBytes(), secretKey.getKey());
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName());
public static ClientInfo updateToken(org.apache.hadoop.security.Credentials credentials, ClientInfo info) { ClientInfo result = info; if (info.getAuthenticationToken() instanceof KerberosToken) { log.info("Received KerberosToken, attempting to fetch DelegationToken"); try { AccumuloClient client = Accumulo.newClient().usingClientInfo(info).build(); AuthenticationToken token = client.securityOperations() .getDelegationToken(new DelegationTokenConfig()); result = Accumulo.newClient().usingClientInfo(info).usingToken(info.getPrincipal(), token) .info(); } catch (Exception e) { log.warn("Failed to automatically obtain DelegationToken, " + "Mappers/Reducers will likely fail to communicate with Accumulo", e); } } // DelegationTokens can be passed securely from user to task without serializing insecurely in // the configuration if (info.getAuthenticationToken() instanceof DelegationTokenImpl) { DelegationTokenImpl delegationToken = (DelegationTokenImpl) info.getAuthenticationToken(); // Convert it into a Hadoop Token AuthenticationTokenIdentifier identifier = delegationToken.getIdentifier(); Token<AuthenticationTokenIdentifier> hadoopToken = new Token<>(identifier.getBytes(), delegationToken.getPassword(), identifier.getKind(), delegationToken.getServiceName()); // Add the Hadoop Token to the Job so it gets serialized and passed along. credentials.addToken(hadoopToken.getService(), hadoopToken); } return result; }