HADOOP-13255. KMSClientProvider should check and renew tgt when doing delegation token operations. Contributed by Xiao Chen.
(cherry picked from commit ddf66427ff
)
This commit is contained in:
parent
408848d1e9
commit
e84a9c976a
|
@ -536,8 +536,6 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
|
|||
UserGroupInformation.AuthenticationMethod.PROXY)
|
||||
? currentUgi.getShortUserName() : null;
|
||||
|
||||
// check and renew TGT to handle potential expiration
|
||||
actualUgi.checkTGTAndReloginFromKeytab();
|
||||
// creating the HTTP connection using the current UGI at constructor time
|
||||
conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
|
||||
@Override
|
||||
|
|
|
@ -20,6 +20,7 @@ package org.apache.hadoop.security.token.delegation.web;
|
|||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.classification.InterfaceStability;
|
||||
import org.apache.hadoop.security.SecurityUtil;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
|
||||
import org.apache.hadoop.security.authentication.client.AuthenticationException;
|
||||
import org.apache.hadoop.security.authentication.client.Authenticator;
|
||||
|
@ -143,6 +144,8 @@ public abstract class DelegationTokenAuthenticator implements Authenticator {
|
|||
public void authenticate(URL url, AuthenticatedURL.Token token)
|
||||
throws IOException, AuthenticationException {
|
||||
if (!hasDelegationToken(url, token)) {
|
||||
// check and renew TGT to handle potential expiration
|
||||
UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
|
||||
authenticator.authenticate(url, token);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,7 +22,7 @@ log4j.appender.stdout.Target=System.out
|
|||
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
|
||||
log4j.appender.stdout.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n
|
||||
|
||||
log4j.rootLogger=WARN, stdout
|
||||
log4j.rootLogger=INFO, stdout
|
||||
log4j.logger.org.apache.hadoop.conf=ERROR
|
||||
log4j.logger.org.apache.hadoop.crytpo.key.kms.server=ALL
|
||||
log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF
|
||||
|
|
Loading…
Reference in New Issue