下面列出了org.apache.hadoop.mapreduce.v2.api.HSClientProtocol#org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private static void getJtToken(Credentials cred) throws IOException {
try {
JobConf jobConf = new JobConf();
JobClient jobClient = new JobClient(jobConf);
LOG.info("Pre-fetching JT token from JobTracker");
Token<DelegationTokenIdentifier> mrdt = jobClient.getDelegationToken(getMRTokenRenewerInternal(jobConf));
if (mrdt == null) {
LOG.error("Failed to fetch JT token");
throw new IOException("Failed to fetch JT token.");
}
LOG.info("Created JT token: " + mrdt.toString());
LOG.info("Token kind: " + mrdt.getKind());
LOG.info("Token id: " + Arrays.toString(mrdt.getIdentifier()));
LOG.info("Token service: " + mrdt.getService());
cred.addToken(mrdt.getService(), mrdt);
} catch (InterruptedException ie) {
throw new IOException(ie);
}
}
private void cancelMRJobTrackerToken(
final Token<? extends TokenIdentifier> t, String userToProxy)
throws HadoopSecurityManagerException {
try {
getProxiedUser(userToProxy).doAs(new PrivilegedExceptionAction<Void>() {
@SuppressWarnings("unchecked")
@Override
public Void run() throws Exception {
cancelToken((Token<DelegationTokenIdentifier>) t);
return null;
}
private void cancelToken(Token<DelegationTokenIdentifier> jt)
throws IOException, InterruptedException {
JobConf jc = new JobConf(conf);
JobClient jobClient = new JobClient(jc);
jobClient.cancelDelegationToken(jt);
}
});
} catch (Exception e) {
throw new HadoopSecurityManagerException("Failed to cancel token. "
+ e.getMessage() + e.getCause(), e);
}
}
private void cancelMRJobTrackerToken(
final Token<? extends TokenIdentifier> t, String userToProxy)
throws HadoopSecurityManagerException {
try {
getProxiedUser(userToProxy).doAs(new PrivilegedExceptionAction<Void>() {
@SuppressWarnings("unchecked")
@Override
public Void run() throws Exception {
cancelToken((Token<DelegationTokenIdentifier>) t);
return null;
}
private void cancelToken(Token<DelegationTokenIdentifier> jt)
throws IOException, InterruptedException {
JobConf jc = new JobConf(conf);
JobClient jobClient = new JobClient(jc);
jobClient.cancelDelegationToken(jt);
}
});
} catch (Exception e) {
e.printStackTrace();
throw new HadoopSecurityManagerException("Failed to cancel Token. "
+ e.getMessage() + e.getCause());
}
}
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
throws IOException, InterruptedException {
// The token is only used for serialization. So the type information
// mismatch should be fine.
return resMgrDelegate.getDelegationToken(renewer);
}
/**
* Get a delegation token for the user from the JobTracker.
* @param renewer the user who can renew the token
* @return the new token
* @throws IOException
*/
public Token<DelegationTokenIdentifier>
getDelegationToken(final Text renewer) throws IOException, InterruptedException {
return clientUgi.doAs(new
PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
public Token<DelegationTokenIdentifier> run() throws IOException,
InterruptedException {
return cluster.getDelegationToken(renewer);
}
});
}
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
throws IOException, InterruptedException {
// The token is only used for serialization. So the type information
// mismatch should be fine.
return resMgrDelegate.getDelegationToken(renewer);
}
/**
* Get a delegation token for the user from the JobTracker.
* @param renewer the user who can renew the token
* @return the new token
* @throws IOException
*/
public Token<DelegationTokenIdentifier>
getDelegationToken(final Text renewer) throws IOException, InterruptedException {
return clientUgi.doAs(new
PrivilegedExceptionAction<Token<DelegationTokenIdentifier>>() {
public Token<DelegationTokenIdentifier> run() throws IOException,
InterruptedException {
return cluster.getDelegationToken(renewer);
}
});
}
/**
* function to fetch hcat token as per the specified hive configuration and then store the token
* in to the credential store specified .
*
* @param userToProxy String value indicating the name of the user the token will be fetched for.
* @param hiveConf the configuration based off which the hive client will be initialized.
*/
private static Token<DelegationTokenIdentifier> fetchHcatToken(final String userToProxy, final HiveConf hiveConf,
final String tokenSignatureOverwrite, final IMetaStoreClient hiveClient)
throws IOException, TException, InterruptedException {
LOG.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": " + hiveConf.get(
HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname));
LOG.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": " + hiveConf.get(
HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname));
final Token<DelegationTokenIdentifier> hcatToken = new Token<>();
hcatToken.decodeFromUrlString(
hiveClient.getDelegationToken(userToProxy, UserGroupInformation.getLoginUser().getShortUserName()));
// overwrite the value of the service property of the token if the signature
// override is specified.
// If the service field is set, do not overwrite that
if (hcatToken.getService().getLength() <= 0 && tokenSignatureOverwrite != null
&& tokenSignatureOverwrite.trim().length() > 0) {
hcatToken.setService(new Text(tokenSignatureOverwrite.trim().toLowerCase()));
LOG.info(HIVE_TOKEN_SIGNATURE_KEY + ":" + tokenSignatureOverwrite);
}
LOG.info("Created hive metastore token for user:" + userToProxy + " with kind[" + hcatToken.getKind() + "]"
+ " and service[" + hcatToken.getService() + "]");
return hcatToken;
}
/**
* function to fetch hcat token as per the specified hive configuration and
* then store the token in to the credential store specified .
*
* @param userToProxy String value indicating the name of the user the token
* will be fetched for.
* @param hiveConf the configuration based off which the hive client will be
* initialized.
* @param logger the logger instance which writes the logging content to the
* job logs.
*
* @throws IOException
* @throws TException
* @throws MetaException
*
* */
private Token<DelegationTokenIdentifier> fetchHcatToken(String userToProxy,
HiveConf hiveConf, String tokenSignatureOverwrite, final Logger logger)
throws IOException, MetaException, TException {
logger.info(HiveConf.ConfVars.METASTOREURIS.varname + ": "
+ hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname));
logger.info(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname + ": "
+ hiveConf.get(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname));
logger.info(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname + ": "
+ hiveConf.get(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname));
HiveMetaStoreClient hiveClient = new HiveMetaStoreClient(hiveConf);
String hcatTokenStr =
hiveClient.getDelegationToken(userToProxy, UserGroupInformation
.getLoginUser().getShortUserName());
Token<DelegationTokenIdentifier> hcatToken =
new Token<DelegationTokenIdentifier>();
hcatToken.decodeFromUrlString(hcatTokenStr);
// overwrite the value of the service property of the token if the signature
// override is specified.
if (tokenSignatureOverwrite != null
&& tokenSignatureOverwrite.trim().length() > 0) {
hcatToken.setService(new Text(tokenSignatureOverwrite.trim()
.toLowerCase()));
logger.info(HIVE_TOKEN_SIGNATURE_KEY + ":"
+ (tokenSignatureOverwrite == null ? "" : tokenSignatureOverwrite));
}
logger.info("Created hive metastore token: " + hcatTokenStr);
logger.info("Token kind: " + hcatToken.getKind());
logger.info("Token id: " + hcatToken.getIdentifier());
logger.info("Token service: " + hcatToken.getService());
return hcatToken;
}
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
throws IOException, InterruptedException {
// The token is only used for serialization. So the type information
// mismatch should be fine.
return resMgrDelegate.getDelegationToken(renewer);
}
@Override
public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer)
throws IOException, InterruptedException {
// The token is only used for serialization. So the type information
// mismatch should be fine.
return resMgrDelegate.getDelegationToken(renewer);
}
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> token
) throws IOException,
InterruptedException {
}
@Override
public Token<DelegationTokenIdentifier>
getDelegationToken(Text renewer) throws IOException, InterruptedException {
return null;
}
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> token
) throws IOException,InterruptedException{
return 0;
}
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> token
) throws IOException,
InterruptedException {
}
@Override
public Token<DelegationTokenIdentifier>
getDelegationToken(Text renewer) throws IOException, InterruptedException {
return null;
}
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> token
) throws IOException,InterruptedException{
return 0;
}
/** {@inheritDoc} */
@Override public Token<DelegationTokenIdentifier> getDelegationToken(Text renewer) throws IOException,
InterruptedException {
return null;
}
/** {@inheritDoc} */
@Override public long renewDelegationToken(Token<DelegationTokenIdentifier> token) throws IOException,
InterruptedException {
return 0;
}
/** {@inheritDoc} */
@Override public void cancelDelegationToken(Token<DelegationTokenIdentifier> token) throws IOException,
InterruptedException {
// No-op.
}
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
@Override
public void cancelDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
@Override
public long renewDelegationToken(Token<DelegationTokenIdentifier> arg0)
throws IOException, InterruptedException {
throw new UnsupportedOperationException("Use Token.renew instead");
}
/**
* Renew a delegation token
* @param token the token to renew
* @return true if the renewal went well
* @throws InvalidToken
* @throws IOException
* @deprecated Use {@link Token#renew} instead
*/
public long renewDelegationToken(Token<DelegationTokenIdentifier> token
) throws InvalidToken, IOException,
InterruptedException {
return token.renew(getConf());
}
/**
* Cancel a delegation token from the JobTracker
* @param token the token to cancel
* @throws IOException
* @deprecated Use {@link Token#cancel} instead
*/
public void cancelDelegationToken(Token<DelegationTokenIdentifier> token
) throws InvalidToken, IOException,
InterruptedException {
token.cancel(getConf());
}