Examples of org.apache.hadoop.yarn.security.client.TimelineDelegationTokenOperation

• org.apache.hadoop.yarn.security.client.TimelineDelegationTokenOperation

    boolean requestContinues = true;
    String op = request.getParameter(OP_PARAM);
    op = (op != null) ? op.toUpperCase() : null;
    if (DELEGATION_TOKEN_OPS.contains(op) &&
        !request.getMethod().equals("OPTIONS")) {
      TimelineDelegationTokenOperation dtOp =
          TimelineDelegationTokenOperation.valueOf(op);
      if (dtOp.getHttpMethod().equals(request.getMethod())) {
        if (dtOp.requiresKerberosCredentials() && token == null) {
          response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
              MessageFormat.format(
                  "Operation [{0}] requires SPNEGO authentication established",
                  dtOp));
          requestContinues = false;
        } else {
          TimelineDelegationTokenSecretManagerService secretManager =
              AHSWebApp.getInstance()
                  .getTimelineDelegationTokenSecretManagerService();
          try {
            TimelineDelegationTokenResponse res = null;
            switch (dtOp) {
              case GETDELEGATIONTOKEN:
                UserGroupInformation ownerUGI =
                    UserGroupInformation.createRemoteUser(token.getUserName());
                String renewerParam =
                    request
                        .getParameter(TimelineAuthenticationConsts.RENEWER_PARAM);
                if (renewerParam == null) {
                  renewerParam = token.getUserName();
                }
                Token<?> dToken =
                    secretManager.createToken(ownerUGI, renewerParam);
                res = new TimelineDelegationTokenResponse();
                res.setType(TimelineAuthenticationConsts.DELEGATION_TOKEN_URL);
                res.setContent(dToken.encodeToUrlString());
                break;
              case RENEWDELEGATIONTOKEN:
              case CANCELDELEGATIONTOKEN:
                String tokenParam =
                    request
                        .getParameter(TimelineAuthenticationConsts.TOKEN_PARAM);
                if (tokenParam == null) {
                  response.sendError(HttpServletResponse.SC_BAD_REQUEST,
                      MessageFormat
                          .format(
                              "Operation [{0}] requires the parameter [{1}]",
                              dtOp,
                              TimelineAuthenticationConsts.TOKEN_PARAM));
                  requestContinues = false;
                } else {
                  if (dtOp == TimelineDelegationTokenOperation.CANCELDELEGATIONTOKEN) {
                    Token<TimelineDelegationTokenIdentifier> dt =
                        new Token<TimelineDelegationTokenIdentifier>();
                    dt.decodeFromUrlString(tokenParam);
                    secretManager.cancelToken(dt, token.getUserName());
                  } else {
                    Token<TimelineDelegationTokenIdentifier> dt =
                        new Token<TimelineDelegationTokenIdentifier>();
                    dt.decodeFromUrlString(tokenParam);
                    long expirationTime =
                        secretManager.renewToken(dt, token.getUserName());
                    res = new TimelineDelegationTokenResponse();
                    res.setType(TimelineAuthenticationConsts.DELEGATION_TOKEN_EXPIRATION_TIME);
                    res.setContent(expirationTime);
                  }
                }
                break;
            }
            if (requestContinues) {
              response.setStatus(HttpServletResponse.SC_OK);
              if (res != null) {
                response.setContentType(MediaType.APPLICATION_JSON);
                Writer writer = response.getWriter();
                mapper.writeValue(writer, res);
                writer.write(ENTER);
                writer.flush();

              }
              requestContinues = false;
            }
          } catch (IOException e) {
            throw new AuthenticationException(e.toString(), e);
          }
        }
      } else {
        response
            .sendError(
                HttpServletResponse.SC_BAD_REQUEST,
                MessageFormat
                    .format(
                        "Wrong HTTP method [{0}] for operation [{1}], it should be [{2}]",
                        request.getMethod(), dtOp, dtOp.getHttpMethod()));
        requestContinues = false;
      }
    }
    return requestContinues;
  }

    }
  }

  public static Token<TimelineDelegationTokenIdentifier> getDelegationToken(
      URL url, AuthenticatedURL.Token token, String renewer) throws IOException {
    TimelineDelegationTokenOperation op =
        TimelineDelegationTokenOperation.GETDELEGATIONTOKEN;
    Map<String, String> params = new HashMap<String, String>();
    params.put(TimelineAuthenticationConsts.OP_PARAM, op.toString());
    params.put(TimelineAuthenticationConsts.RENEWER_PARAM, renewer);
    url = appendParams(url, params);
    AuthenticatedURL aUrl =
        new AuthenticatedURL(new TimelineAuthenticator());
    try {
      HttpURLConnection conn = aUrl.openConnection(url, token);
      conn.setRequestMethod(op.getHttpMethod());
      TimelineDelegationTokenResponse dtRes = validateAndParseResponse(conn);
      if (!dtRes.getType().equals(
          TimelineAuthenticationConsts.DELEGATION_TOKEN_URL)) {
        throw new IOException("The response content is not expected: "
            + dtRes.getContent());