HDFS-14006. Refactor name node to allow different token verification implementations. Contributed by CR Hota.
(cherry picked from commit 00d5e631b5
)
This commit is contained in:
parent
152cbc6457
commit
eca7bc7ac4
|
@ -23,7 +23,6 @@ import org.slf4j.LoggerFactory;
|
|||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNode;
|
||||
import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer;
|
||||
import org.apache.hadoop.hdfs.web.resources.DelegationParam;
|
||||
import org.apache.hadoop.hdfs.web.resources.DoAsParam;
|
||||
|
@ -176,10 +175,11 @@ public class JspHelper {
|
|||
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
|
||||
id.readFields(in);
|
||||
if (context != null) {
|
||||
final NameNode nn = NameNodeHttpServer.getNameNodeFromContext(context);
|
||||
if (nn != null) {
|
||||
final TokenVerifier<DelegationTokenIdentifier> tokenVerifier =
|
||||
NameNodeHttpServer.getTokenVerifierFromContext(context);
|
||||
if (tokenVerifier != null) {
|
||||
// Verify the token.
|
||||
nn.getNamesystem().verifyToken(id, token.getPassword());
|
||||
tokenVerifier.verifyToken(id, token.getPassword());
|
||||
}
|
||||
}
|
||||
UserGroupInformation ugi = id.getUser();
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.hadoop.hdfs.server.common;
|
||||
|
||||
import java.io.IOException;
|
||||
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
|
||||
|
||||
/**
|
||||
* Interface to verify delegation tokens passed through WebHDFS.
|
||||
* Implementations are intercepted by JspHelper that pass delegation token
|
||||
* for verification.
|
||||
*/
|
||||
public interface TokenVerifier<T extends AbstractDelegationTokenIdentifier> {
|
||||
|
||||
/* Verify delegation token passed through WebHDFS
|
||||
* Name node, Router implement this for JspHelper to verify token
|
||||
*/
|
||||
void verifyToken(T t, byte[] password) throws IOException;
|
||||
|
||||
}
|
|
@ -47,6 +47,7 @@ import org.apache.hadoop.hdfs.client.HdfsClientConfigKeys;
|
|||
import org.apache.hadoop.hdfs.protocol.ClientProtocol;
|
||||
import org.apache.hadoop.hdfs.protocol.HdfsConstants;
|
||||
import org.apache.hadoop.hdfs.protocol.HdfsConstants.StoragePolicySatisfierMode;
|
||||
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
|
||||
import org.apache.hadoop.hdfs.server.aliasmap.InMemoryAliasMap;
|
||||
import org.apache.hadoop.hdfs.server.aliasmap.InMemoryLevelDBAliasMapServer;
|
||||
import org.apache.hadoop.hdfs.server.blockmanagement.BlockManager;
|
||||
|
@ -56,6 +57,7 @@ import org.apache.hadoop.hdfs.server.common.HdfsServerConstants.RollingUpgradeSt
|
|||
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants.StartupOption;
|
||||
import org.apache.hadoop.hdfs.server.common.MetricsLoggerTask;
|
||||
import org.apache.hadoop.hdfs.server.common.Storage.StorageDirectory;
|
||||
import org.apache.hadoop.hdfs.server.common.TokenVerifier;
|
||||
import org.apache.hadoop.hdfs.server.namenode.ha.ActiveState;
|
||||
import org.apache.hadoop.hdfs.server.namenode.ha.BootstrapStandby;
|
||||
import org.apache.hadoop.hdfs.server.namenode.ha.HAContext;
|
||||
|
@ -217,7 +219,7 @@ import static org.apache.hadoop.fs.CommonConfigurationKeys.IPC_BACKOFF_ENABLE_DE
|
|||
**********************************************************/
|
||||
@InterfaceAudience.Private
|
||||
public class NameNode extends ReconfigurableBase implements
|
||||
NameNodeStatusMXBean {
|
||||
NameNodeStatusMXBean, TokenVerifier<DelegationTokenIdentifier> {
|
||||
static{
|
||||
HdfsConfiguration.init();
|
||||
}
|
||||
|
@ -674,6 +676,11 @@ public class NameNode extends ReconfigurableBase implements
|
|||
return (ugi != null) ? ugi : UserGroupInformation.getCurrentUser();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void verifyToken(DelegationTokenIdentifier id, byte[] password)
|
||||
throws IOException {
|
||||
namesystem.verifyToken(id, password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Login as the configured user for the NameNode.
|
||||
|
|
|
@ -37,6 +37,7 @@ import org.apache.hadoop.hdfs.DFSConfigKeys;
|
|||
import org.apache.hadoop.hdfs.DFSUtil;
|
||||
import org.apache.hadoop.hdfs.client.HdfsClientConfigKeys;
|
||||
import org.apache.hadoop.hdfs.server.common.JspHelper;
|
||||
import org.apache.hadoop.hdfs.server.common.TokenVerifier;
|
||||
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
|
||||
import org.apache.hadoop.hdfs.server.namenode.web.resources.NamenodeWebHdfsMethods;
|
||||
import org.apache.hadoop.hdfs.web.AuthFilter;
|
||||
|
@ -311,6 +312,11 @@ public class NameNodeHttpServer {
|
|||
return (NameNode)context.getAttribute(NAMENODE_ATTRIBUTE_KEY);
|
||||
}
|
||||
|
||||
public static TokenVerifier
|
||||
getTokenVerifierFromContext(ServletContext context) {
|
||||
return (TokenVerifier) context.getAttribute(NAMENODE_ATTRIBUTE_KEY);
|
||||
}
|
||||
|
||||
static Configuration getConfFromContext(ServletContext context) {
|
||||
return (Configuration)context.getAttribute(JspHelper.CURRENT_CONF);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue