HADOOP-10771. Refactor HTTP delegation support out of httpfs to common, PART 1. (tucu)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1616671 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
2ac640ec75
commit
4e7c4a6e1f
|
@ -490,6 +490,8 @@ Release 2.6.0 - UNRELEASED
|
||||||
HADOOP-10791. AuthenticationFilter should support externalizing the
|
HADOOP-10791. AuthenticationFilter should support externalizing the
|
||||||
secret for signing and provide rotation support. (rkanter via tucu)
|
secret for signing and provide rotation support. (rkanter via tucu)
|
||||||
|
|
||||||
|
HADOOP-10771. Refactor HTTP delegation support out of httpfs to common, PART 1. (tucu)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
|
@ -1,78 +0,0 @@
|
||||||
/**
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.apache.hadoop.lib.service;
|
|
||||||
|
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
|
||||||
import org.apache.hadoop.security.token.Token;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Service interface to manage HttpFS delegation tokens.
|
|
||||||
*/
|
|
||||||
@InterfaceAudience.Private
|
|
||||||
public interface DelegationTokenManager {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates a delegation token.
|
|
||||||
*
|
|
||||||
* @param ugi UGI creating the token.
|
|
||||||
* @param renewer token renewer.
|
|
||||||
* @return new delegation token.
|
|
||||||
* @throws DelegationTokenManagerException thrown if the token could not be
|
|
||||||
* created.
|
|
||||||
*/
|
|
||||||
public Token<DelegationTokenIdentifier> createToken(UserGroupInformation ugi,
|
|
||||||
String renewer)
|
|
||||||
throws DelegationTokenManagerException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Renews a delegation token.
|
|
||||||
*
|
|
||||||
* @param token delegation token to renew.
|
|
||||||
* @param renewer token renewer.
|
|
||||||
* @return epoc expiration time.
|
|
||||||
* @throws DelegationTokenManagerException thrown if the token could not be
|
|
||||||
* renewed.
|
|
||||||
*/
|
|
||||||
public long renewToken(Token<DelegationTokenIdentifier> token, String renewer)
|
|
||||||
throws DelegationTokenManagerException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Cancels a delegation token.
|
|
||||||
*
|
|
||||||
* @param token delegation token to cancel.
|
|
||||||
* @param canceler token canceler.
|
|
||||||
* @throws DelegationTokenManagerException thrown if the token could not be
|
|
||||||
* canceled.
|
|
||||||
*/
|
|
||||||
public void cancelToken(Token<DelegationTokenIdentifier> token,
|
|
||||||
String canceler)
|
|
||||||
throws DelegationTokenManagerException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Verifies a delegation token.
|
|
||||||
*
|
|
||||||
* @param token delegation token to verify.
|
|
||||||
* @return the UGI for the token.
|
|
||||||
* @throws DelegationTokenManagerException thrown if the token could not be
|
|
||||||
* verified.
|
|
||||||
*/
|
|
||||||
public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier> token)
|
|
||||||
throws DelegationTokenManagerException;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,51 +0,0 @@
|
||||||
/**
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.apache.hadoop.lib.service;
|
|
||||||
|
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
|
||||||
import org.apache.hadoop.lib.lang.XException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Exception thrown by the {@link DelegationTokenManager} service implementation.
|
|
||||||
*/
|
|
||||||
@InterfaceAudience.Private
|
|
||||||
public class DelegationTokenManagerException extends XException {
|
|
||||||
|
|
||||||
public enum ERROR implements XException.ERROR {
|
|
||||||
DT01("Could not verify delegation token, {0}"),
|
|
||||||
DT02("Could not renew delegation token, {0}"),
|
|
||||||
DT03("Could not cancel delegation token, {0}"),
|
|
||||||
DT04("Could not create delegation token, {0}");
|
|
||||||
|
|
||||||
private String template;
|
|
||||||
|
|
||||||
ERROR(String template) {
|
|
||||||
this.template = template;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getTemplate() {
|
|
||||||
return template;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public DelegationTokenManagerException(ERROR error, Object... params) {
|
|
||||||
super(error, params);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,94 +0,0 @@
|
||||||
/**
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.apache.hadoop.fs.http.server;
|
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
|
||||||
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
|
||||||
import org.apache.hadoop.fs.FileSystem;
|
|
||||||
import org.apache.hadoop.fs.Path;
|
|
||||||
import org.apache.hadoop.fs.http.client.HttpFSKerberosAuthenticator;
|
|
||||||
import org.apache.hadoop.lib.server.Service;
|
|
||||||
import org.apache.hadoop.lib.server.ServiceException;
|
|
||||||
import org.apache.hadoop.lib.service.Groups;
|
|
||||||
import org.apache.hadoop.lib.wsrs.UserProvider;
|
|
||||||
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
|
|
||||||
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
|
|
||||||
import org.apache.hadoop.security.authentication.util.Signer;
|
|
||||||
import org.apache.hadoop.test.HFSTestCase;
|
|
||||||
import org.apache.hadoop.test.HadoopUsersConfTestHelper;
|
|
||||||
import org.apache.hadoop.test.TestDir;
|
|
||||||
import org.apache.hadoop.test.TestDirHelper;
|
|
||||||
import org.apache.hadoop.test.TestHdfs;
|
|
||||||
import org.apache.hadoop.test.TestHdfsHelper;
|
|
||||||
import org.apache.hadoop.test.TestJetty;
|
|
||||||
import org.apache.hadoop.test.TestJettyHelper;
|
|
||||||
import org.json.simple.JSONObject;
|
|
||||||
import org.json.simple.parser.JSONParser;
|
|
||||||
import org.junit.Assert;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.mortbay.jetty.Server;
|
|
||||||
import org.mortbay.jetty.webapp.WebAppContext;
|
|
||||||
|
|
||||||
import java.io.BufferedReader;
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.FileWriter;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.io.InputStreamReader;
|
|
||||||
import java.io.OutputStream;
|
|
||||||
import java.io.Writer;
|
|
||||||
import java.net.HttpURLConnection;
|
|
||||||
import java.net.URL;
|
|
||||||
import java.text.MessageFormat;
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
public class TestHttpFSCustomUserName extends HFSTestCase {
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@TestDir
|
|
||||||
@TestJetty
|
|
||||||
public void defaultUserName() throws Exception {
|
|
||||||
String dir = TestDirHelper.getTestDir().getAbsolutePath();
|
|
||||||
|
|
||||||
Configuration httpfsConf = new Configuration(false);
|
|
||||||
HttpFSServerWebApp server =
|
|
||||||
new HttpFSServerWebApp(dir, dir, dir, dir, httpfsConf);
|
|
||||||
server.init();
|
|
||||||
Assert.assertEquals(UserProvider.USER_PATTERN_DEFAULT,
|
|
||||||
UserProvider.getUserPattern().pattern());
|
|
||||||
server.destroy();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@TestDir
|
|
||||||
@TestJetty
|
|
||||||
public void customUserName() throws Exception {
|
|
||||||
String dir = TestDirHelper.getTestDir().getAbsolutePath();
|
|
||||||
|
|
||||||
Configuration httpfsConf = new Configuration(false);
|
|
||||||
httpfsConf.set(UserProvider.USER_PATTERN_KEY, "1");
|
|
||||||
HttpFSServerWebApp server =
|
|
||||||
new HttpFSServerWebApp(dir, dir, dir, dir, httpfsConf);
|
|
||||||
server.init();
|
|
||||||
Assert.assertEquals("1", UserProvider.getUserPattern().pattern());
|
|
||||||
server.destroy();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in New Issue