hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Parth Brahmbhatt <pbrahmbh...@hortonworks.com>
Subject getting delegation token for hbase
Date Wed, 13 Aug 2014 19:36:50 GMT

I am working on https://issues.apache.org/jira/browse/STORM-444. The task is very similar
to https://issues.apache.org/jira/browse/OOZIE-961. Basically in storm secure mode we would
like to fetch topology/job submitter user’s credentials on behalf of them on our master
node and auto populate these credentials on worker nodes. However I noticed that the only
allowed methods supported by User class requires either a jobConf or a combination of kind
and service (not real sure what those are). We do not have any job configuration because the
user is probably just trying to talk to Hbase outside of any  map reduce context. The questions
I have are 

Is there any value in adding a user.getDelegationToken that just returns all the tokens?
In absence of the above API, given User class is just a wrapper around the UserGroupInformation
class should the following be sufficient?
            if(UserGroupInformation.isSecurityEnabled) {
                  Configuration hbaseConf = HBaseConfiguration.create();
                  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
                  UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(topologyOrJobSubmitterUser,
                  User u = User.create(ugi);
                  if(u.isHBaseSecurityEnabled()) {
                         Credentials credentials= proxyUser.getCredentials();
            return credentails;

Appreciate the help.

NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message