/** * Construct the service key for a token * @param uri of remote connection with a token * @return "ip:port" or "host:port" depending on the value of * hadoop.security.token.service.use_ip */ public static Text buildTokenService(URI uri) { return buildTokenService(NetUtils.createSocketAddr(uri.getAuthority())); }
/** * create the service name for a Delegation token * @param uri of the service * @param defPort is used if the uri lacks a port * @return the token service, or null if no authority * @see #buildTokenService(InetSocketAddress) */ public static String buildDTServiceName(URI uri, int defPort) { String authority = uri.getAuthority(); if (authority == null) { return null; } InetSocketAddress addr = NetUtils.createSocketAddr(authority, defPort); return buildTokenService(addr).toString(); }
/** * Set the given token's service to the format expected by the RPC client * @param token a delegation token * @param addr the socket for the rpc connection */ public static void setTokenService(Token<?> token, InetSocketAddress addr) { Text service = buildTokenService(addr); if (token != null) { token.setService(service); if (LOG.isDebugEnabled()) { LOG.debug("Acquired token "+token); // Token#toString() prints service } } else { LOG.warn("Failed to get token for service "+service); } }
/** * Select a delegation token from all tokens in credentials, based on url. */ @InterfaceAudience.Private public org.apache.hadoop.security.token.Token<? extends TokenIdentifier> selectDelegationToken(URL url, Credentials creds) { final InetSocketAddress serviceAddr = new InetSocketAddress(url.getHost(), url.getPort()); final Text service = SecurityUtil.buildTokenService(serviceAddr); org.apache.hadoop.security.token.Token<? extends TokenIdentifier> dToken = creds.getToken(service); LOG.debug("Using delegation token {} from service:{}", dToken, service); return dToken; }
/** * Try to locate the required token for the server. * * @param authType of the SASL client * @return Token for server, or null if no token available * @throws IOException - token selector cannot be instantiated */ private Token<?> getServerToken(SaslAuth authType) throws IOException { TokenInfo tokenInfo = SecurityUtil.getTokenInfo(protocol, conf); LOG.debug("Get token info proto:" + protocol + " info:" + tokenInfo); if (tokenInfo == null) { // protocol has no support for tokens return null; } TokenSelector<?> tokenSelector = null; try { tokenSelector = tokenInfo.value().newInstance(); } catch (InstantiationException | IllegalAccessException e) { throw new IOException(e.toString(), e); } return tokenSelector.selectToken( SecurityUtil.buildTokenService(serverAddr), ugi.getTokens()); }
canonicalService = SecurityUtil.buildTokenService(serviceUri);
TokenSelector<? extends TokenIdentifier> jtTokenSelector = new org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenSelector(); Token jtToken = jtTokenSelector.selectToken(org.apache.hadoop.security.SecurityUtil.buildTokenService( ShimLoader.getHadoopShims().getHCatShim().getResourceManagerAddress(conf)), ugi.getTokens()); if (jtToken == null) {
Token<DelegationTokenIdentifier> delegationToken() throws IOException { String delegation = param(DelegationParam.NAME); final Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(); token.decodeFromUrlString(delegation); URI nnUri = URI.create(HDFS_URI_SCHEME + "://" + namenodeId()); boolean isLogical = HAUtilClient.isLogicalUri(conf, nnUri); if (isLogical) { token.setService( HAUtilClient.buildTokenServiceForLogicalUri(nnUri, HDFS_URI_SCHEME)); } else { token.setService(SecurityUtil.buildTokenService(nnUri)); } return token; }
UserGroupInformation ugi, boolean withRetries, AtomicBoolean fallbackToSimpleAuth) throws IOException { Text dtService = SecurityUtil.buildTokenService(nnAddr);
/** * See the documentation of {@Link #getNamenodeAddr(URI)} for the logic * behind selecting the canonical service name. * @return */ @Override public String getCanonicalServiceName() { return SecurityUtil.buildTokenService(nnUri).toString(); }
private Text getDelegationTokenService() throws IOException { URL url = new URL(kmsUrl); InetSocketAddress addr = new InetSocketAddress(url.getHost(), url.getPort()); Text dtService = SecurityUtil.buildTokenService(addr); return dtService; }
/** * Construct the service key for a token * @param uri of remote connection with a token * @return "ip:port" or "host:port" depending on the value of * hadoop.security.token.service.use_ip */ public static Text buildTokenService(URI uri) { return buildTokenService(NetUtils.createSocketAddr(uri.getAuthority())); }
public static Text buildTimelineTokenService(Configuration conf) { InetSocketAddress timelineServiceAddr = getTimelineTokenServiceAddress(conf); return SecurityUtil.buildTokenService(timelineServiceAddr); } }
/** * Construct the service key for a token * @param uri of remote connection with a token * @return "ip:port" or "host:port" depending on the value of * hadoop.security.token.service.use_ip */ public static Text buildTokenService(URI uri) { return buildTokenService(NetUtils.createSocketAddr(uri.getAuthority())); }
public static Text buildTimelineTokenService(Configuration conf) { InetSocketAddress timelineServiceAddr = getTimelineTokenServiceAddress(conf); return SecurityUtil.buildTokenService(timelineServiceAddr); }
@Override public void initialize(URI name, Configuration conf) throws IOException { super.initialize(name, conf); setConf(conf); this.uri = URI.create(name.getScheme() + "://" + name.getAuthority()); tokenAspect = new TokenAspect<DummyFs>(this, SecurityUtil.buildTokenService(uri), TOKEN_KIND); if (emulateSecurityEnabled || UserGroupInformation.isSecurityEnabled()) { tokenAspect.initDelegationToken(ugi); } }
public static Token newContainerToken(NodeId nodeId, byte[] password, ContainerTokenIdentifier tokenIdentifier) { // RPC layer client expects ip:port as service for tokens InetSocketAddress addr = NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort()); // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token Token containerToken = Token.newInstance(tokenIdentifier.getBytes(), ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil .buildTokenService(addr).toString()); return containerToken; }
public static Token newContainerToken(NodeId nodeId, byte[] password, ContainerTokenIdentifier tokenIdentifier) { // RPC layer client expects ip:port as service for tokens InetSocketAddress addr = NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort()); // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token Token containerToken = Token.newInstance(tokenIdentifier.getBytes(), ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil .buildTokenService(addr).toString()); return containerToken; }
public static Token newContainerToken(NodeId nodeId, byte[] password, ContainerTokenIdentifier tokenIdentifier) { // RPC layer client expects ip:port as service for tokens InetSocketAddress addr = NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort()); // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token Token containerToken = Token.newInstance(tokenIdentifier.getBytes(), ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil .buildTokenService(addr).toString()); return containerToken; }
public static Token newContainerToken(NodeId nodeId, byte[] password, ContainerTokenIdentifier tokenIdentifier) { // RPC layer client expects ip:port as service for tokens InetSocketAddress addr = NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort()); // NOTE: use SecurityUtil.setTokenService if this becomes a "real" token Token containerToken = Token.newInstance(tokenIdentifier.getBytes(), ContainerTokenIdentifier.KIND.toString(), password, SecurityUtil .buildTokenService(addr).toString()); return containerToken; }