YARN-2121. Fixed NPE handling in Timeline Server's TimelineAuthenticator. Contributed by Zhijie Shen.
svn merge --ignore-ancestry -c 1601000 ../../trunk/ git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1601001 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
683d4bdbd9
commit
3cc1cddffb
|
@ -186,6 +186,9 @@ Release 2.5.0 - UNRELEASED
|
||||||
YARN-2117. Fixed the issue that secret file reader is potentially not
|
YARN-2117. Fixed the issue that secret file reader is potentially not
|
||||||
closed in TimelineAuthenticationFilterInitializer. (Chen He via zjshen)
|
closed in TimelineAuthenticationFilterInitializer. (Chen He via zjshen)
|
||||||
|
|
||||||
|
YARN-2121. Fixed NPE handling in Timeline Server's TimelineAuthenticator.
|
||||||
|
(Zhijie Shen via vinodkv)
|
||||||
|
|
||||||
Release 2.4.1 - UNRELEASED
|
Release 2.4.1 - UNRELEASED
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
|
|
@ -35,13 +35,15 @@ import org.apache.hadoop.security.authentication.client.Authenticator;
|
||||||
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
|
import org.apache.hadoop.security.authentication.client.KerberosAuthenticator;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
import org.apache.hadoop.yarn.api.records.timeline.TimelineDelegationTokenResponse;
|
import org.apache.hadoop.yarn.api.records.timeline.TimelineDelegationTokenResponse;
|
||||||
|
import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts;
|
||||||
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;
|
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier;
|
||||||
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenOperation;
|
import org.apache.hadoop.yarn.security.client.TimelineDelegationTokenOperation;
|
||||||
import org.apache.hadoop.yarn.security.client.TimelineAuthenticationConsts;
|
|
||||||
import org.apache.hadoop.yarn.webapp.YarnJacksonJaxbJsonProvider;
|
import org.apache.hadoop.yarn.webapp.YarnJacksonJaxbJsonProvider;
|
||||||
import org.codehaus.jackson.JsonNode;
|
import org.codehaus.jackson.JsonNode;
|
||||||
import org.codehaus.jackson.map.ObjectMapper;
|
import org.codehaus.jackson.map.ObjectMapper;
|
||||||
|
|
||||||
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A <code>KerberosAuthenticator</code> subclass that fallback to
|
* A <code>KerberosAuthenticator</code> subclass that fallback to
|
||||||
* {@link TimelineAuthenticationConsts}.
|
* {@link TimelineAuthenticationConsts}.
|
||||||
|
@ -77,10 +79,16 @@ public class TimelineAuthenticator extends KerberosAuthenticator {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean hasDelegationToken(URL url) {
|
@Private
|
||||||
|
@VisibleForTesting
|
||||||
|
boolean hasDelegationToken(URL url) {
|
||||||
|
if (url.getQuery() == null) {
|
||||||
|
return false;
|
||||||
|
} else {
|
||||||
return url.getQuery().contains(
|
return url.getQuery().contains(
|
||||||
TimelineAuthenticationConsts.DELEGATION_PARAM + "=");
|
TimelineAuthenticationConsts.DELEGATION_PARAM + "=");
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void authenticate(URL url, AuthenticatedURL.Token token)
|
public void authenticate(URL url, AuthenticatedURL.Token token)
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.hadoop.yarn.client.api.impl;
|
||||||
|
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
public class TestTimelineAuthenticator {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testHasDelegationTokens() throws Exception {
|
||||||
|
TimelineAuthenticator authenticator = new TimelineAuthenticator();
|
||||||
|
Assert.assertFalse(authenticator.hasDelegationToken(new URL(
|
||||||
|
"http://localhost:8/resource")));
|
||||||
|
Assert.assertFalse(authenticator.hasDelegationToken(new URL(
|
||||||
|
"http://localhost:8/resource?other=xxxx")));
|
||||||
|
Assert.assertTrue(authenticator.hasDelegationToken(new URL(
|
||||||
|
"http://localhost:8/resource?delegation=yyyy")));
|
||||||
|
Assert.assertTrue(authenticator.hasDelegationToken(new URL(
|
||||||
|
"http://localhost:8/resource?other=xxxx&delegation=yyyy")));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue