/** * Decode the token identifier. The subclass can customize the way to decode * the token identifier. * * @param token the token where to extract the identifier * @return the delegation token identifier * @throws IOException */ public TokenIdent decodeTokenIdentifier(Token<TokenIdent> token) throws IOException { return token.decodeIdentifier(); }
@Override protected String getTokenUser(Token<LlapTokenIdentifier> token) { if (token == null) return null; try { return token.decodeIdentifier().getOwner().toString(); } catch (IOException e) { throw new RuntimeException("Cannot determine the user from token " + token, e); } }
private void identifierToString(StringBuilder buffer) { T id = null; try { id = decodeIdentifier(); } catch (IOException e) { // handle in the finally block } finally { if (id != null) { buffer.append("(").append(id).append(")"); } else { addBinaryBuffer(buffer, identifier); } } }
@Override protected String getTokenUser(Token<JobTokenIdentifier> token) { try { JobTokenIdentifier id = token.decodeIdentifier(); if (id == null) { LOG.warn("Token ID is null from " + token); return null; } if (id.getJobId() == null) { LOG.warn("Job ID is null from " + id); return null; } return id.getJobId().toString(); } catch (IOException e) { throw new RuntimeException(e); } }
LOG.debug("Token from Credentials : {}", token); TokenIdentifier tokenId = token.decodeIdentifier(); if (tokenId != null) { LOG.debug("Token identifier : {}", tokenId);
/** Verifies the token available as serialized bytes. */ public void verifyToken(byte[] tokenBytes) throws IOException { if (!UserGroupInformation.isSecurityEnabled()) return; if (tokenBytes == null) throw new SecurityException("Token required for authentication"); Token<LlapTokenIdentifier> token = new Token<>(); token.readFields(new DataInputStream(new ByteArrayInputStream(tokenBytes))); verifyToken(token.decodeIdentifier(), token.getPassword()); } }
for (Token<? extends TokenIdentifier> token : ugi.getTokens()) { LOG.debug("Token in UGI (delegation token): {} / {}", token.toString(), token.decodeIdentifier().getUser()); LOG.debug("Found HBASE_AUTH_TOKEN - using the token to replace current user."); ugi = token.decodeIdentifier().getUser(); ugi.addToken(token);
tokenForLog.toString(), tokenForLog.decodeIdentifier().getUser());
/** Print out a Credentials object. * @param creds the Credentials object to be printed out. * @param alias print only tokens matching alias (null matches all). * @param out print to this stream. * @throws IOException */ public static void printCredentials( Credentials creds, Text alias, PrintStream out) throws IOException { boolean tokenHeader = true; String fmt = "%-24s %-20s %-15s %-12s %s%n"; for (Token<?> token : creds.getAllTokens()) { if (matchAlias(token, alias)) { if (tokenHeader) { out.printf(fmt, "Token kind", "Service", "Renewer", "Exp date", "URL enc token"); out.println(StringUtils.repeat("-", 80)); tokenHeader = false; } AbstractDelegationTokenIdentifier id = (AbstractDelegationTokenIdentifier) token.decodeIdentifier(); out.printf(fmt, token.getKind(), token.getService(), (id != null) ? id.getRenewer() : NA_STRING, (id != null) ? formatDate(id.getMaxDate()) : NA_STRING, token.encodeToUrlString()); } } }
@VisibleForTesting void clearCache() throws IOException { if (UserGroupInformation.isSecurityEnabled()) { params.delegationToken().decodeIdentifier().clearCache(); } }
/** * Decode the token identifier. The subclass can customize the way to decode * the token identifier. * * @param token the token where to extract the identifier * @return the delegation token identifier * @throws IOException */ public TokenIdent decodeTokenIdentifier(Token<TokenIdent> token) throws IOException { return token.decodeIdentifier(); }
/** * Decode the token identifier. The subclass can customize the way to decode * the token identifier. * * @param token the token where to extract the identifier * @return the delegation token identifier * @throws IOException */ public TokenIdent decodeTokenIdentifier(Token<TokenIdent> token) throws IOException { return token.decodeIdentifier(); }
@SuppressWarnings("unchecked") private static String getRenewer(Token<?> token) throws IOException { return ((Token<RMDelegationTokenIdentifier>)token).decodeIdentifier() .getRenewer().toString(); }
@SuppressWarnings("unchecked") private static String getRenewer(Token<?> token) throws IOException { return ((Token<RMDelegationTokenIdentifier>)token).decodeIdentifier() .getRenewer().toString(); }
@SuppressWarnings("unchecked") private static String getRenewer(Token<?> token) throws IOException { return ((Token<RMDelegationTokenIdentifier>)token).decodeIdentifier() .getRenewer().toString(); }
private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token) throws IOException { UserGroupInformation user = UserGroupInformation.getCurrentUser(); UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); // we can always renew our own tokens return loginUser.getUserName().equals(user.getUserName()) ? token.decodeIdentifier().getRenewer().toString() : user.getShortUserName(); }
public static ContainerTokenIdentifier newContainerTokenIdentifier( Token containerToken) throws IOException { org.apache.hadoop.security.token.Token<ContainerTokenIdentifier> token = new org.apache.hadoop.security.token.Token<ContainerTokenIdentifier>( containerToken.getIdentifier() .array(), containerToken.getPassword().array(), new Text( containerToken.getKind()), new Text(containerToken.getService())); return token.decodeIdentifier(); }
public static ContainerTokenIdentifier newContainerTokenIdentifier( Token containerToken) throws IOException { org.apache.hadoop.security.token.Token<ContainerTokenIdentifier> token = new org.apache.hadoop.security.token.Token<ContainerTokenIdentifier>( containerToken.getIdentifier() .array(), containerToken.getPassword().array(), new Text( containerToken.getKind()), new Text(containerToken.getService())); return token.decodeIdentifier(); }
public void testDecodeIdentifier() throws IOException { TestDelegationTokenSecretManager secretManager = new TestDelegationTokenSecretManager(0, 0, 0, 0); secretManager.startThreads(); TestDelegationTokenIdentifier id = new TestDelegationTokenIdentifier( new Text("owner"), new Text("renewer"), new Text("realUser")); Token<TestDelegationTokenIdentifier> token = new Token<TestDelegationTokenIdentifier>(id, secretManager); TokenIdentifier idCopy = token.decodeIdentifier(); assertNotSame(id, idCopy); assertEquals(id, idCopy); }
public AllocateResponse allocate(AllocateRequest allocateRequest) throws Exception { UserGroupInformation ugi = UserGroupInformation.createRemoteUser(attemptId.toString()); Token<AMRMTokenIdentifier> token = context.getRMApps().get(attemptId.getApplicationId()) .getRMAppAttempt(attemptId).getAMRMToken(); ugi.addTokenIdentifier(token.decodeIdentifier()); lastResponse = doAllocateAs(ugi, allocateRequest); return lastResponse; }