Package org.apache.hadoop.hdfs.security.token.delegation

Examples of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager


    LOG.info("finished shutting down the cluster");
  }

  private Token<DelegationTokenIdentifier> generateDelegationToken(
      String owner, String renewer) {
    DelegationTokenSecretManager dtSecretManager = cluster.getNameNode()
        .getNamesystem().getDelegationTokenSecretManager();
    DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text(
        owner), new Text(renewer), null);
    return new Token<DelegationTokenIdentifier>(dtId, dtSecretManager);
  }
View Full Code Here


    return new Token<DelegationTokenIdentifier>(dtId, dtSecretManager);
  }
 
  @Test
  public void testDelegationTokenSecretManager() throws Exception {
    DelegationTokenSecretManager dtSecretManager = cluster.getNameNode()
        .getNamesystem().getDelegationTokenSecretManager();
    Token<DelegationTokenIdentifier> token = generateDelegationToken(
        "SomeUser", "JobTracker");
    // Fake renewer should not be able to renew
    try {
      dtSecretManager.renewToken(token, "FakeRenewer");
      Assert.fail("should have failed");
    } catch (AccessControlException ace) {
      // PASS
    }
    dtSecretManager.renewToken(token, "JobTracker");
    DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
    byte[] tokenId = token.getIdentifier();
    identifier.readFields(new DataInputStream(
             new ByteArrayInputStream(tokenId)));
    Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
    LOG.info("Sleep to expire the token");
    Thread.sleep(6000);
    //Token should be expired
    try {
      dtSecretManager.retrievePassword(identifier);
      //Should not come here
      Assert.fail("Token should have expired");
    } catch (InvalidToken e) {
      //Success
    }
    dtSecretManager.renewToken(token, "JobTracker");
    LOG.info("Sleep beyond the max lifetime");
    Thread.sleep(5000);
    try {
      dtSecretManager.renewToken(token, "JobTracker");
      Assert.fail("should have been expired");
    } catch (InvalidToken it) {
      // PASS
    }
  }
View Full Code Here

    }
  }
 
  @Test
  public void testCancelDelegationToken() throws Exception {
    DelegationTokenSecretManager dtSecretManager = cluster.getNameNode()
        .getNamesystem().getDelegationTokenSecretManager();
    Token<DelegationTokenIdentifier> token = generateDelegationToken(
        "SomeUser", "JobTracker");
    //Fake renewer should not be able to renew
    try {
      dtSecretManager.cancelToken(token, "FakeCanceller");
      Assert.fail("should have failed");
    } catch (AccessControlException ace) {
      // PASS
    }
    dtSecretManager.cancelToken(token, "JobTracker");
    try {
      dtSecretManager.renewToken(token, "JobTracker");
      Assert.fail("should have failed");
    } catch (InvalidToken it) {
      // PASS
    }
  }
View Full Code Here

    }
  }
 
  @Test
  public void testDelegationTokenDFSApi() throws Exception {
    DelegationTokenSecretManager dtSecretManager = cluster.getNameNode()
        .getNamesystem().getDelegationTokenSecretManager();
    DistributedFileSystem dfs = (DistributedFileSystem) cluster.getFileSystem();
    final Token<DelegationTokenIdentifier> token = dfs.getDelegationToken(new Text("JobTracker"));
    DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
    byte[] tokenId = token.getIdentifier();
    identifier.readFields(new DataInputStream(
             new ByteArrayInputStream(tokenId)));
    LOG.info("A valid token should have non-null password, and should be renewed successfully");
    Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
    dtSecretManager.renewToken(token, "JobTracker");
    UserGroupInformation.createRemoteUser("JobTracker").doAs(
        new PrivilegedExceptionAction<Object>() {
          @Override
          public Object run() throws Exception {
            token.renew(config);
View Full Code Here

  }
 
  @Test
  public void testDelegationTokenWebHdfsApi() throws Exception {
    ((Log4JLogger)NamenodeWebHdfsMethods.LOG).getLogger().setLevel(Level.ALL);
    final DelegationTokenSecretManager dtSecretManager = cluster.getNameNode(
        ).getNamesystem().getDelegationTokenSecretManager();
    final String uri = WebHdfsFileSystem.SCHEME  + "://"
        + config.get("dfs.http.address");
    //get file system as JobTracker
    final UserGroupInformation ugi = UserGroupInformation.createUserForTesting(
        "JobTracker", new String[]{"user"});
    final WebHdfsFileSystem webhdfs = ugi.doAs(
        new PrivilegedExceptionAction<WebHdfsFileSystem>() {
      @Override
      public WebHdfsFileSystem run() throws Exception {
        return (WebHdfsFileSystem)FileSystem.get(new URI(uri), config);
      }
    });

    final Token<DelegationTokenIdentifier> token = webhdfs
        .getDelegationToken("JobTracker");
    DelegationTokenIdentifier identifier = new DelegationTokenIdentifier();
    byte[] tokenId = token.getIdentifier();
    identifier
        .readFields(new DataInputStream(new ByteArrayInputStream(tokenId)));
    LOG.info("A valid token should have non-null password, and should be renewed successfully");
    Assert.assertTrue(null != dtSecretManager.retrievePassword(identifier));
    dtSecretManager.renewToken(token, "JobTracker");
    ugi.doAs(new PrivilegedExceptionAction<Object>() {
      @Override
      public Object run() throws Exception {
        token.renew(config);
        token.cancel(config);
View Full Code Here

  /**
   * Create delegation token secret manager
   */
  private DelegationTokenSecretManager createDelegationTokenSecretManager(
      Configuration conf) {
    return new DelegationTokenSecretManager(conf.getLong(
        DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_KEY,
        DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT),
        conf.getLong(DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY,
            DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT),
        conf.getLong(DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY,
View Full Code Here

  /**
   * Create delegation token secret manager
   */
  private DelegationTokenSecretManager createDelegationTokenSecretManager(
      Configuration conf) {
    return new DelegationTokenSecretManager(conf.getLong(
        DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_KEY,
        DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT),
        conf.getLong(DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY,
            DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT),
        conf.getLong(DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY,
View Full Code Here

        new PrivilegedExceptionAction<Object>() {
          @SuppressWarnings("unchecked")
          @Override
          public Object run() throws Exception {
            if (print) {
              DelegationTokenIdentifier id = new DelegationTokenSecretManager(
                  0, 0, 0, 0, null).createIdentifier();
              for (Token<?> token : readTokens(tokenFile, conf)) {
                DataInputStream in = new DataInputStream(
                    new ByteArrayInputStream(token.getIdentifier()));
                id.readFields(in);
View Full Code Here

    FSImage fsImage = mock(FSImage.class);
    FSEditLog log = mock(FSEditLog.class);
    doReturn(log).when(fsImage).getEditLog();  
    FSNamesystem fsn = new FSNamesystem(fsImage, conf);
   
    DelegationTokenSecretManager dtsm = fsn.getDelegationTokenSecretManager();
    try {
      dtsm.startThreads();
     
      // get two tokens
      Token<DelegationTokenIdentifier> token1 = fsn.getDelegationToken(renewer);
      Token<DelegationTokenIdentifier> token2 = fsn.getDelegationToken(renewer);
      DelegationTokenIdentifier ident1 = decodeIdentifier(token1);
      DelegationTokenIdentifier ident2 = decodeIdentifier(token2);
     
      // verify we got the tokens
      verify(log, times(1)).logGetDelegationToken(eq(ident1), anyLong());
      verify(log, times(1)).logGetDelegationToken(eq(ident2), anyLong());
     
      // this is a little tricky because DTSM doesn't let us set scan interval
      // so need to periodically sleep, then stop/start threads to force scan
     
      // renew first token 1/2 to expire
      Thread.sleep(renewInterval/2);
      fsn.renewDelegationToken(token2);
      verify(log, times(1)).logRenewDelegationToken(eq(ident2), anyLong());
      // force scan and give it a little time to complete
      dtsm.stopThreads(); dtsm.startThreads();
      Thread.sleep(250);
      // no token has expired yet
      verify(log, times(0)).logCancelDelegationToken(eq(ident1));
      verify(log, times(0)).logCancelDelegationToken(eq(ident2));
     
      // sleep past expiration of 1st non-renewed token
      Thread.sleep(renewInterval/2);
      dtsm.stopThreads(); dtsm.startThreads();
      Thread.sleep(250);
      // non-renewed token should have implicitly been cancelled
      verify(log, times(1)).logCancelDelegationToken(eq(ident1));
      verify(log, times(0)).logCancelDelegationToken(eq(ident2));
     
      // sleep past expiration of 2nd renewed token
      Thread.sleep(renewInterval/2);
      dtsm.stopThreads(); dtsm.startThreads();
      Thread.sleep(250);
      // both tokens should have been implicitly cancelled by now
      verify(log, times(1)).logCancelDelegationToken(eq(ident1));
      verify(log, times(1)).logCancelDelegationToken(eq(ident2));
    } finally {
      dtsm.stopThreads();
    }
  }
View Full Code Here

  /**
   * Create delegation token secret manager
   */
  private DelegationTokenSecretManager createDelegationTokenSecretManager(
      Configuration conf) {
    return new DelegationTokenSecretManager(conf.getLong(
        DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_KEY,
        DFS_NAMENODE_DELEGATION_KEY_UPDATE_INTERVAL_DEFAULT),
        conf.getLong(DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_KEY,
            DFS_NAMENODE_DELEGATION_TOKEN_MAX_LIFETIME_DEFAULT),
        conf.getLong(DFS_NAMENODE_DELEGATION_TOKEN_RENEW_INTERVAL_KEY,
View Full Code Here

TOP

Related Classes of org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.