HADOOP-13255. KMSClientProvider should check and renew tgt when doing delegation token operations. Contributed by Xiao Chen.

This commit is contained in:
Xiaoyu Yao 2016-06-16 20:11:32 -07:00
parent 1ef89a767d
commit ddf66427ff
3 changed files with 4 additions and 3 deletions

View File

@ -536,8 +536,6 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
UserGroupInformation.AuthenticationMethod.PROXY) UserGroupInformation.AuthenticationMethod.PROXY)
? currentUgi.getShortUserName() : null; ? currentUgi.getShortUserName() : null;
// check and renew TGT to handle potential expiration
actualUgi.checkTGTAndReloginFromKeytab();
// creating the HTTP connection using the current UGI at constructor time // creating the HTTP connection using the current UGI at constructor time
conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
@Override @Override

View File

@ -20,6 +20,7 @@ package org.apache.hadoop.security.token.delegation.web;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.SecurityUtil; import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL; import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.Authenticator; import org.apache.hadoop.security.authentication.client.Authenticator;
@ -143,6 +144,8 @@ public abstract class DelegationTokenAuthenticator implements Authenticator {
public void authenticate(URL url, AuthenticatedURL.Token token) public void authenticate(URL url, AuthenticatedURL.Token token)
throws IOException, AuthenticationException { throws IOException, AuthenticationException {
if (!hasDelegationToken(url, token)) { if (!hasDelegationToken(url, token)) {
// check and renew TGT to handle potential expiration
UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
authenticator.authenticate(url, token); authenticator.authenticate(url, token);
} }
} }

View File

@ -22,7 +22,7 @@ log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n log4j.appender.stdout.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n
log4j.rootLogger=WARN, stdout log4j.rootLogger=INFO, stdout
log4j.logger.org.apache.hadoop.conf=ERROR log4j.logger.org.apache.hadoop.conf=ERROR
log4j.logger.org.apache.hadoop.crytpo.key.kms.server=ALL log4j.logger.org.apache.hadoop.crytpo.key.kms.server=ALL
log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF