hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11181) o.a.h.security.token.delegation.DelegationTokenManager should be more generalized to handle other DelegationTokenIdentifier
Date Tue, 14 Oct 2014 18:43:36 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14171353#comment-14171353
] 

Hudson commented on HADOOP-11181:
---------------------------------

FAILURE: Integrated in Hadoop-trunk-Commit #6260 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/6260/])
HADOOP-11181. Generalized o.a.h.s.t.d.DelegationTokenManager to handle all sub-classes of
AbstractDelegationTokenIdentifier. Contributed by Zhijie Shen. (zjshen: rev cdce88376a60918dfe2f3bcd82a7666d74992a19)
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java
* hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java
* hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/test/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/TestRMWebServicesDelegationTokens.java
* hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/TestZKDelegationTokenSecretManager.java
* hadoop-common-project/hadoop-common/CHANGES.txt
* hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenManager.java
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenIdentifier.java
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java
* hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java


> o.a.h.security.token.delegation.DelegationTokenManager should be more generalized to
handle other DelegationTokenIdentifier
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11181
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11181
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>             Fix For: 2.6.0
>
>         Attachments: HADOOP-11181.1.patch, HADOOP-11181.2.patch, HADOOP-11181.3.patch,
HADOOP-11181.4.patch, HADOOP-11181.5.patch
>
>
> While DelegationTokenManager can set external secretManager, it have the assumption that
the token is going to be o.a.h.security.token.delegation.DelegationTokenIdentifier, and use
DelegationTokenIdentifier method to decode a token. 
> {code}
>   @SuppressWarnings("unchecked")
>   public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier>
>       token) throws IOException {
>     ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
>     DataInputStream dis = new DataInputStream(buf);
>     DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind);
>     id.readFields(dis);
>     dis.close();
>     secretManager.verifyToken(id, token.getPassword());
>     return id.getUser();
>   }
> {code}
> It's not going to work it the token kind is other than web.DelegationTokenIdentifier.
For example, RM want to reuse it but hook it to RMDelegationTokenSecretManager and RMDelegationTokenIdentifier,
which has the customized way to decode a token.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message