hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhijie Shen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-11181) o.a.h.security.token.delegation.DelegationTokenManager should be more generalized to handle other DelegationTokenIdentifier
Date Thu, 09 Oct 2014 07:35:33 GMT
Zhijie Shen created HADOOP-11181:
------------------------------------

             Summary: o.a.h.security.token.delegation.DelegationTokenManager should be more
generalized to handle other DelegationTokenIdentifier
                 Key: HADOOP-11181
                 URL: https://issues.apache.org/jira/browse/HADOOP-11181
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Zhijie Shen
            Assignee: Zhijie Shen


While DelegationTokenManager can set external secretManager, it have the assumption that the
token is going to be o.a.h.security.token.delegation.DelegationTokenIdentifier, and use DelegationTokenIdentifier
method to decode a token. 
{code}
  @SuppressWarnings("unchecked")
  public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier>
      token) throws IOException {
    ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
    DataInputStream dis = new DataInputStream(buf);
    DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind);
    id.readFields(dis);
    dis.close();
    secretManager.verifyToken(id, token.getPassword());
    return id.getUser();
  }
{code}

It's not going to work it the token kind is other than web.DelegationTokenIdentifier. For
example, RM want to reuse it but hook it to RMDelegationTokenSecretManager and RMDelegationTokenIdentifier,
which has the customized way to decode a token.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message