hive-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vihan...@apache.org
Subject [3/3] hive git commit: HIVE-17371 : Move tokenstores to metastore module (Vihang Karajgaonkar, reviewed by Alan Gates, Thejas M Nair)
Date Tue, 17 Oct 2017 02:43:05 GMT
HIVE-17371 : Move tokenstores to metastore module (Vihang Karajgaonkar, reviewed by Alan Gates, Thejas M Nair)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/8fea1176
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/8fea1176
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/8fea1176

Branch: refs/heads/master
Commit: 8fea117695a6d5257c1f915b5f9f24e119c6523c
Parents: 9975131
Author: Vihang Karajgaonkar <vihang@cloudera.com>
Authored: Mon Sep 18 22:46:09 2017 -0700
Committer: Vihang Karajgaonkar <vihang@cloudera.com>
Committed: Mon Oct 16 19:37:02 2017 -0700

----------------------------------------------------------------------
 .../org/apache/hive/beeline/ProxyAuthTest.java  |   3 +-
 .../apache/hive/hcatalog/common/HCatUtil.java   |   2 +-
 .../hive/hcatalog/mapreduce/Security.java       |   2 +-
 .../templeton/tool/TempletonControllerJob.java  |   4 +-
 .../hive/minikdc/TestHiveAuthFactory.java       |   6 +-
 .../hive/minikdc/TestJdbcWithDBTokenStore.java  |   1 +
 .../hive/minikdc/TestJdbcWithMiniKdc.java       |   3 +-
 .../metastore/security/TestDBTokenStore.java    |  95 +++
 .../security/TestZooKeeperTokenStore.java       | 180 +++++
 .../hadoop/hive/thrift/TestDBTokenStore.java    |  95 ---
 .../hive/thrift/TestZooKeeperTokenStore.java    | 179 -----
 .../org/apache/hive/jdbc/HiveConnection.java    |   7 +-
 jdbc/src/java/org/apache/hive/jdbc/Utils.java   |  19 +
 .../hadoop/hive/metastore/HiveMetaStore.java    |   3 +-
 .../hive/metastore/HiveMetaStoreClient.java     |   5 +-
 .../hadoop/hive/metastore/MetaStoreUtils.java   |   4 +-
 .../hive/service/auth/HiveAuthFactory.java      |  26 +-
 .../apache/hive/service/auth/HttpAuthUtils.java |   5 +-
 .../hive/service/auth/KerberosSaslHelper.java   |   9 +-
 .../cli/session/HiveSessionImplwithUGI.java     |   3 +-
 .../hive/service/cli/session/SessionUtils.java  |  97 +++
 .../hive/thrift/HadoopThriftAuthBridge23.java   | 107 ---
 .../apache/hadoop/hive/shims/ShimLoader.java    |  10 -
 .../org/apache/hadoop/hive/shims/Utils.java     |  82 +--
 .../apache/hadoop/hive/thrift/DBTokenStore.java | 192 ------
 .../hive/thrift/DelegationTokenIdentifier.java  |  52 --
 .../thrift/DelegationTokenSecretManager.java    | 125 ----
 .../hive/thrift/DelegationTokenSelector.java    |  33 -
 .../hive/thrift/DelegationTokenStore.java       | 118 ----
 .../hive/thrift/HadoopThriftAuthBridge.java     | 689 -------------------
 .../hive/thrift/HiveDelegationTokenManager.java | 172 -----
 .../hadoop/hive/thrift/MemoryTokenStore.java    | 137 ----
 .../TokenStoreDelegationTokenSecretManager.java | 335 ---------
 .../hadoop/hive/thrift/ZooKeeperTokenStore.java | 476 -------------
 .../hive/metastore/security/DBTokenStore.java   | 192 ++++++
 .../security/DelegationTokenSelector.java       |  33 +
 .../security/DelegationTokenStore.java          |   6 +-
 .../metastore/security/MemoryTokenStore.java    |   3 +-
 .../MetastoreDelegationTokenManager.java        |  31 +-
 .../TokenStoreDelegationTokenSecretManager.java |   1 +
 .../metastore/security/ZooKeeperTokenStore.java | 474 +++++++++++++
 .../hive/metastore/utils/SecurityUtils.java     | 172 +++++
 42 files changed, 1336 insertions(+), 2852 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/beeline/src/test/org/apache/hive/beeline/ProxyAuthTest.java
----------------------------------------------------------------------
diff --git a/beeline/src/test/org/apache/hive/beeline/ProxyAuthTest.java b/beeline/src/test/org/apache/hive/beeline/ProxyAuthTest.java
index 318857d..70fabfd 100644
--- a/beeline/src/test/org/apache/hive/beeline/ProxyAuthTest.java
+++ b/beeline/src/test/org/apache/hive/beeline/ProxyAuthTest.java
@@ -30,6 +30,7 @@ import org.apache.commons.io.IOUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hive.jdbc.HiveConnection;
 import org.apache.hive.service.auth.HiveAuthConstants;
+import org.apache.hive.service.cli.session.SessionUtils;
 import org.apache.hive.beeline.BeeLine;
 import org.apache.hadoop.hive.shims.ShimLoader;
 import org.apache.hadoop.hive.shims.Utils;
@@ -202,7 +203,7 @@ public class ProxyAuthTest {
   }
 
   private static void storeTokenInJobConf(String tokenStr) throws Exception {
-    Utils.setTokenStr(Utils.getUGI(),
+    SessionUtils.setTokenStr(Utils.getUGI(),
           tokenStr, HiveAuthConstants.HS2_CLIENT_TOKEN);
     System.out.println("Stored token " + tokenStr);
   }

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java
----------------------------------------------------------------------
diff --git a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java
index 81804cf..4ace16c 100644
--- a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java
+++ b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/common/HCatUtil.java
@@ -49,6 +49,7 @@ import org.apache.hadoop.hive.metastore.Warehouse;
 import org.apache.hadoop.hive.metastore.api.FieldSchema;
 import org.apache.hadoop.hive.metastore.api.MetaException;
 import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
+import org.apache.hadoop.hive.metastore.security.DelegationTokenIdentifier;
 import org.apache.hadoop.hive.ql.exec.Utilities;
 import org.apache.hadoop.hive.ql.io.IgnoreKeyTextOutputFormat;
 import org.apache.hadoop.hive.ql.metadata.HiveStorageHandler;
@@ -58,7 +59,6 @@ import org.apache.hadoop.hive.ql.plan.TableDesc;
 import org.apache.hadoop.hive.serde.serdeConstants;
 import org.apache.hadoop.hive.serde2.typeinfo.TypeInfo;
 import org.apache.hadoop.hive.serde2.typeinfo.TypeInfoUtils;
-import org.apache.hadoop.hive.thrift.DelegationTokenIdentifier;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.mapred.JobClient;
 import org.apache.hadoop.mapred.JobConf;

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/Security.java
----------------------------------------------------------------------
diff --git a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/Security.java b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/Security.java
index 3e05a0e..834a281 100644
--- a/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/Security.java
+++ b/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/Security.java
@@ -28,8 +28,8 @@ import java.util.Map.Entry;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hive.metastore.IMetaStoreClient;
 import org.apache.hadoop.hive.metastore.api.MetaException;
+import org.apache.hadoop.hive.metastore.security.DelegationTokenSelector;
 import org.apache.hadoop.hive.shims.ShimLoader;
-import org.apache.hadoop.hive.thrift.DelegationTokenSelector;
 import org.apache.hadoop.io.Text;
 import org.apache.hadoop.mapreduce.Job;
 import org.apache.hadoop.mapreduce.JobContext;

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/tool/TempletonControllerJob.java
----------------------------------------------------------------------
diff --git a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/tool/TempletonControllerJob.java b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/tool/TempletonControllerJob.java
index f4c4b76..7dc678e 100644
--- a/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/tool/TempletonControllerJob.java
+++ b/hcatalog/webhcat/svr/src/main/java/org/apache/hive/hcatalog/templeton/tool/TempletonControllerJob.java
@@ -161,8 +161,8 @@ public class TempletonControllerJob extends Configured implements Tool, JobSubmi
     if(!secureMetastoreAccess) {
       return null;
     }
-    Token<org.apache.hadoop.hive.thrift.DelegationTokenIdentifier> hiveToken =
-            new Token<org.apache.hadoop.hive.thrift.DelegationTokenIdentifier>();
+    Token<org.apache.hadoop.hive.metastore.security.DelegationTokenIdentifier> hiveToken =
+            new Token<org.apache.hadoop.hive.metastore.security.DelegationTokenIdentifier>();
     String metastoreTokenStrForm = buildHcatDelegationToken(user);
     hiveToken.decodeFromUrlString(metastoreTokenStrForm);
     job.getCredentials().addToken(new

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java
----------------------------------------------------------------------
diff --git a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java
index e3a5190..d355777 100644
--- a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java
+++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestHiveAuthFactory.java
@@ -59,7 +59,7 @@ public class TestHiveAuthFactory {
 
     HiveAuthFactory authFactory = new HiveAuthFactory(hiveConf);
     Assert.assertNotNull(authFactory);
-    Assert.assertEquals("org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory",
+    Assert.assertEquals("org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory",
         authFactory.getAuthTransFactory().getClass().getName());
   }
 
@@ -79,11 +79,11 @@ public class TestHiveAuthFactory {
     Assert.assertNotNull(keyTabFile);
     hiveConf.setVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB, keyTabFile);
 
-    hiveConf.setVar(ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS, "org.apache.hadoop.hive.thrift.DBTokenStore");
+    hiveConf.setVar(ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS, "org.apache.hadoop.hive.metastore.security.DBTokenStore");
 
     HiveAuthFactory authFactory = new HiveAuthFactory(hiveConf);
     Assert.assertNotNull(authFactory);
-    Assert.assertEquals("org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory",
+    Assert.assertEquals("org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge$Server$TUGIAssumingTransportFactory",
         authFactory.getAuthTransFactory().getClass().getName());
   }
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithDBTokenStore.java
----------------------------------------------------------------------
diff --git a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithDBTokenStore.java b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithDBTokenStore.java
index 8de94a9..8695232 100644
--- a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithDBTokenStore.java
+++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithDBTokenStore.java
@@ -37,6 +37,7 @@ public class TestJdbcWithDBTokenStore extends TestJdbcWithMiniKdc{
         SessionHookTest.class.getName());
 
     HiveConf hiveConf = new HiveConf();
+    //using old config value tests backwards compatibility
     hiveConf.setVar(ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS, "org.apache.hadoop.hive.thrift.DBTokenStore");
     miniHiveKdc = MiniHiveKdc.getMiniHiveKdc(hiveConf);
     miniHS2 = MiniHiveKdc.getMiniHS2WithKerbWithRemoteHMS(miniHiveKdc, hiveConf);

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
----------------------------------------------------------------------
diff --git a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
index 60dbce1..1ab698f 100644
--- a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
+++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java
@@ -36,6 +36,7 @@ import org.apache.hive.service.auth.HiveAuthConstants;
 import org.apache.hive.service.cli.HiveSQLException;
 import org.apache.hive.service.cli.session.HiveSessionHook;
 import org.apache.hive.service.cli.session.HiveSessionHookContext;
+import org.apache.hive.service.cli.session.SessionUtils;
 import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
@@ -279,7 +280,7 @@ public class TestJdbcWithMiniKdc {
   // Store the given token in the UGI
   protected void storeToken(String tokenStr, UserGroupInformation ugi)
       throws Exception {
-    Utils.setTokenStr(ugi,
+    SessionUtils.setTokenStr(ugi,
         tokenStr, HiveAuthConstants.HS2_CLIENT_TOKEN);
   }
 

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestDBTokenStore.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestDBTokenStore.java b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestDBTokenStore.java
new file mode 100644
index 0000000..14c245d
--- /dev/null
+++ b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestDBTokenStore.java
@@ -0,0 +1,95 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.metastore.security;
+
+import java.io.IOException;
+import java.util.List;
+
+import junit.framework.TestCase;
+
+import org.apache.hadoop.hive.metastore.HiveMetaStore.HMSHandler;
+import org.apache.hadoop.hive.metastore.api.MetaException;
+import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
+import org.apache.hadoop.hive.metastore.security.DBTokenStore;
+import org.apache.hadoop.hive.metastore.security.DelegationTokenStore.TokenStoreException;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation;
+import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
+import org.junit.Assert;
+
+public class TestDBTokenStore extends TestCase{
+
+  public void testDBTokenStore() throws TokenStoreException, MetaException, IOException {
+
+    DelegationTokenStore ts = new DBTokenStore();
+    ts.init(new HMSHandler("Test handler"), HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
+    assertEquals(0, ts.getMasterKeys().length);
+    assertEquals(false,ts.removeMasterKey(-1));
+    try{
+      ts.updateMasterKey(-1, "non-existent-key");
+      fail("Updated non-existent key.");
+    } catch (TokenStoreException e) {
+      assertTrue(e.getCause() instanceof NoSuchObjectException);
+    }
+    int keySeq = ts.addMasterKey("key1Data");
+    int keySeq2 = ts.addMasterKey("key2Data");
+    int keySeq2same = ts.addMasterKey("key2Data");
+    assertEquals("keys sequential", keySeq + 1, keySeq2);
+    assertEquals("keys sequential", keySeq + 2, keySeq2same);
+    assertEquals("expected number of keys", 3, ts.getMasterKeys().length);
+    assertTrue(ts.removeMasterKey(keySeq));
+    assertTrue(ts.removeMasterKey(keySeq2same));
+    assertEquals("expected number of keys", 1, ts.getMasterKeys().length);
+    assertEquals("key2Data",ts.getMasterKeys()[0]);
+    ts.updateMasterKey(keySeq2, "updatedData");
+    assertEquals("updatedData",ts.getMasterKeys()[0]);
+    assertTrue(ts.removeMasterKey(keySeq2));
+
+    // tokens
+    assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
+    DelegationTokenIdentifier tokenId = new DelegationTokenIdentifier(
+        new Text("owner"), new Text("renewer"), new Text("realUser"));
+    assertNull(ts.getToken(tokenId));
+    assertFalse(ts.removeToken(tokenId));
+    DelegationTokenInformation tokenInfo = new DelegationTokenInformation(
+        99, "password".getBytes());
+    assertTrue(ts.addToken(tokenId, tokenInfo));
+    assertFalse(ts.addToken(tokenId, tokenInfo));
+    DelegationTokenInformation tokenInfoRead = ts.getToken(tokenId);
+    assertEquals(tokenInfo.getRenewDate(), tokenInfoRead.getRenewDate());
+    assertNotSame(tokenInfo, tokenInfoRead);
+    Assert.assertArrayEquals(HiveDelegationTokenSupport
+        .encodeDelegationTokenInformation(tokenInfo),
+        HiveDelegationTokenSupport
+            .encodeDelegationTokenInformation(tokenInfoRead));
+
+    List<DelegationTokenIdentifier> allIds = ts
+        .getAllDelegationTokenIdentifiers();
+    assertEquals(1, allIds.size());
+    Assert.assertEquals(TokenStoreDelegationTokenSecretManager
+        .encodeWritable(tokenId),
+        TokenStoreDelegationTokenSecretManager.encodeWritable(allIds
+            .get(0)));
+
+    assertTrue(ts.removeToken(tokenId));
+    assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
+    assertNull(ts.getToken(tokenId));
+    ts.close();
+  }
+}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestZooKeeperTokenStore.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestZooKeeperTokenStore.java b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestZooKeeperTokenStore.java
new file mode 100644
index 0000000..7aa8e31
--- /dev/null
+++ b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/metastore/security/TestZooKeeperTokenStore.java
@@ -0,0 +1,180 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.hive.metastore.security;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+
+import junit.framework.TestCase;
+
+import org.apache.curator.framework.CuratorFramework;
+import org.apache.curator.framework.CuratorFrameworkFactory;
+import org.apache.curator.retry.ExponentialBackoffRetry;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hbase.zookeeper.MiniZooKeeperCluster;
+import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge.Server.ServerMode;
+import org.apache.hadoop.hive.metastore.security.ZooKeeperTokenStore;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation;
+import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
+import org.apache.zookeeper.KeeperException;
+import org.apache.zookeeper.data.ACL;
+import org.junit.Assert;
+
+public class TestZooKeeperTokenStore extends TestCase {
+
+  private MiniZooKeeperCluster zkCluster = null;
+  private CuratorFramework zkClient = null;
+  private int zkPort = -1;
+  private ZooKeeperTokenStore ts;
+
+  @Override
+  protected void setUp() throws Exception {
+    File zkDataDir = new File(System.getProperty("test.tmp.dir"));
+    if (this.zkCluster != null) {
+      throw new IOException("Cluster already running");
+    }
+    this.zkCluster = new MiniZooKeeperCluster();
+    this.zkPort = this.zkCluster.startup(zkDataDir);
+    this.zkClient =
+        CuratorFrameworkFactory.builder().connectString("localhost:" + zkPort)
+            .retryPolicy(new ExponentialBackoffRetry(1000, 3)).build();
+    this.zkClient.start();
+  }
+
+  @Override
+  protected void tearDown() throws Exception {
+    this.zkClient.close();
+    if (ts != null) {
+      ts.close();
+    }
+    this.zkCluster.shutdown();
+    this.zkCluster = null;
+  }
+
+  private Configuration createConf(String zkPath) {
+    Configuration conf = new Configuration();
+    conf.set(MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR, "localhost:"
+        + this.zkPort);
+    conf.set(MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ZNODE, zkPath);
+    return conf;
+  }
+
+  public void testTokenStorage() throws Exception {
+    String ZK_PATH = "/zktokenstore-testTokenStorage";
+    ts = new ZooKeeperTokenStore();
+    Configuration conf = createConf(ZK_PATH);
+    conf.set(MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL, "world:anyone:cdrwa");
+    ts.setConf(conf);
+    ts.init(null, HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
+
+
+    String metastore_zk_path = ZK_PATH + ServerMode.METASTORE;
+    int keySeq = ts.addMasterKey("key1Data");
+    byte[] keyBytes = zkClient.getData().forPath(
+        metastore_zk_path + "/keys/" + String.format(ZooKeeperTokenStore.ZK_SEQ_FORMAT, keySeq));
+    assertNotNull(keyBytes);
+    assertEquals(new String(keyBytes), "key1Data");
+
+    int keySeq2 = ts.addMasterKey("key2Data");
+    assertEquals("keys sequential", keySeq + 1, keySeq2);
+    assertEquals("expected number keys", 2, ts.getMasterKeys().length);
+
+    ts.removeMasterKey(keySeq);
+    assertEquals("expected number keys", 1, ts.getMasterKeys().length);
+
+    // tokens
+    DelegationTokenIdentifier tokenId = new DelegationTokenIdentifier(
+        new Text("owner"), new Text("renewer"), new Text("realUser"));
+    DelegationTokenInformation tokenInfo = new DelegationTokenInformation(
+        99, "password".getBytes());
+    ts.addToken(tokenId, tokenInfo);
+    DelegationTokenInformation tokenInfoRead = ts.getToken(tokenId);
+    assertEquals(tokenInfo.getRenewDate(), tokenInfoRead.getRenewDate());
+    assertNotSame(tokenInfo, tokenInfoRead);
+    Assert.assertArrayEquals(HiveDelegationTokenSupport
+        .encodeDelegationTokenInformation(tokenInfo),
+        HiveDelegationTokenSupport
+            .encodeDelegationTokenInformation(tokenInfoRead));
+
+    List<DelegationTokenIdentifier> allIds = ts.getAllDelegationTokenIdentifiers();
+    assertEquals(1, allIds.size());
+    Assert.assertEquals(TokenStoreDelegationTokenSecretManager
+        .encodeWritable(tokenId),
+        TokenStoreDelegationTokenSecretManager.encodeWritable(allIds
+            .get(0)));
+
+    assertTrue(ts.removeToken(tokenId));
+    assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
+    assertNull(ts.getToken(tokenId));
+  }
+
+  public void testAclNoAuth() throws Exception {
+    String ZK_PATH = "/zktokenstore-testAclNoAuth";
+    Configuration conf = createConf(ZK_PATH);
+    conf.set(
+        MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL,
+        "ip:127.0.0.1:r");
+
+    ts = new ZooKeeperTokenStore();
+    try {
+      ts.setConf(conf);
+      ts.init(null, HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
+      fail("expected ACL exception");
+    } catch (DelegationTokenStore.TokenStoreException e) {
+      assertEquals(KeeperException.NoAuthException.class, e.getCause().getClass());
+    }
+  }
+
+  public void testAclInvalid() throws Exception {
+    String ZK_PATH = "/zktokenstore-testAclInvalid";
+    String aclString = "sasl:hive/host@TEST.DOMAIN:cdrwa, fail-parse-ignored";
+    Configuration conf = createConf(ZK_PATH);
+    conf.set(
+        MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL,
+        aclString);
+
+    List<ACL> aclList = ZooKeeperTokenStore.parseACLs(aclString);
+    assertEquals(1, aclList.size());
+
+    ts = new ZooKeeperTokenStore();
+    try {
+      ts.setConf(conf);
+      ts.init(null, HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
+      fail("expected ACL exception");
+    } catch (DelegationTokenStore.TokenStoreException e) {
+      assertEquals(KeeperException.InvalidACLException.class, e.getCause().getClass());
+    }
+  }
+
+  public void testAclPositive() throws Exception {
+    String ZK_PATH = "/zktokenstore-testAcl";
+    Configuration conf = createConf(ZK_PATH);
+    conf.set(
+        MetastoreDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL,
+        "ip:127.0.0.1:cdrwa,world:anyone:cdrwa");
+    ts = new ZooKeeperTokenStore();
+    ts.setConf(conf);
+    ts.init(null, HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
+    List<ACL> acl = zkClient.getACL().forPath(ZK_PATH + ServerMode.METASTORE);
+    assertEquals(2, acl.size());
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestDBTokenStore.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestDBTokenStore.java b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestDBTokenStore.java
deleted file mode 100644
index 4bfa224..0000000
--- a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestDBTokenStore.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.hive.thrift;
-
-import java.io.IOException;
-import java.util.List;
-
-import junit.framework.TestCase;
-
-import org.apache.hadoop.hive.metastore.HiveMetaStore.HMSHandler;
-import org.apache.hadoop.hive.metastore.api.MetaException;
-import org.apache.hadoop.hive.metastore.api.NoSuchObjectException;
-import org.apache.hadoop.hive.thrift.DelegationTokenStore.TokenStoreException;
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server.ServerMode;
-import org.apache.hadoop.io.Text;
-import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation;
-import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
-import org.junit.Assert;
-
-public class TestDBTokenStore extends TestCase{
-
-  public void testDBTokenStore() throws TokenStoreException, MetaException, IOException {
-
-    DelegationTokenStore ts = new DBTokenStore();
-    ts.init(new HMSHandler("Test handler"), ServerMode.METASTORE);
-    assertEquals(0, ts.getMasterKeys().length);
-    assertEquals(false,ts.removeMasterKey(-1));
-    try{
-      ts.updateMasterKey(-1, "non-existent-key");
-      fail("Updated non-existent key.");
-    } catch (TokenStoreException e) {
-      assertTrue(e.getCause() instanceof NoSuchObjectException);
-    }
-    int keySeq = ts.addMasterKey("key1Data");
-    int keySeq2 = ts.addMasterKey("key2Data");
-    int keySeq2same = ts.addMasterKey("key2Data");
-    assertEquals("keys sequential", keySeq + 1, keySeq2);
-    assertEquals("keys sequential", keySeq + 2, keySeq2same);
-    assertEquals("expected number of keys", 3, ts.getMasterKeys().length);
-    assertTrue(ts.removeMasterKey(keySeq));
-    assertTrue(ts.removeMasterKey(keySeq2same));
-    assertEquals("expected number of keys", 1, ts.getMasterKeys().length);
-    assertEquals("key2Data",ts.getMasterKeys()[0]);
-    ts.updateMasterKey(keySeq2, "updatedData");
-    assertEquals("updatedData",ts.getMasterKeys()[0]);
-    assertTrue(ts.removeMasterKey(keySeq2));
-
-    // tokens
-    assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
-    DelegationTokenIdentifier tokenId = new DelegationTokenIdentifier(
-        new Text("owner"), new Text("renewer"), new Text("realUser"));
-    assertNull(ts.getToken(tokenId));
-    assertFalse(ts.removeToken(tokenId));
-    DelegationTokenInformation tokenInfo = new DelegationTokenInformation(
-        99, "password".getBytes());
-    assertTrue(ts.addToken(tokenId, tokenInfo));
-    assertFalse(ts.addToken(tokenId, tokenInfo));
-    DelegationTokenInformation tokenInfoRead = ts.getToken(tokenId);
-    assertEquals(tokenInfo.getRenewDate(), tokenInfoRead.getRenewDate());
-    assertNotSame(tokenInfo, tokenInfoRead);
-    Assert.assertArrayEquals(HiveDelegationTokenSupport
-        .encodeDelegationTokenInformation(tokenInfo),
-        HiveDelegationTokenSupport
-            .encodeDelegationTokenInformation(tokenInfoRead));
-
-    List<DelegationTokenIdentifier> allIds = ts
-        .getAllDelegationTokenIdentifiers();
-    assertEquals(1, allIds.size());
-    Assert.assertEquals(TokenStoreDelegationTokenSecretManager
-        .encodeWritable(tokenId),
-        TokenStoreDelegationTokenSecretManager.encodeWritable(allIds
-            .get(0)));
-
-    assertTrue(ts.removeToken(tokenId));
-    assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
-    assertNull(ts.getToken(tokenId));
-    ts.close();
-  }
-}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestZooKeeperTokenStore.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestZooKeeperTokenStore.java b/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestZooKeeperTokenStore.java
deleted file mode 100644
index 7800416..0000000
--- a/itests/hive-unit/src/test/java/org/apache/hadoop/hive/thrift/TestZooKeeperTokenStore.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.hive.thrift;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-
-import junit.framework.TestCase;
-
-import org.apache.curator.framework.CuratorFramework;
-import org.apache.curator.framework.CuratorFrameworkFactory;
-import org.apache.curator.retry.ExponentialBackoffRetry;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.hbase.zookeeper.MiniZooKeeperCluster;
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server.ServerMode;
-import org.apache.hadoop.io.Text;
-import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation;
-import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
-import org.apache.zookeeper.KeeperException;
-import org.apache.zookeeper.data.ACL;
-import org.junit.Assert;
-
-public class TestZooKeeperTokenStore extends TestCase {
-
-  private MiniZooKeeperCluster zkCluster = null;
-  private CuratorFramework zkClient = null;
-  private int zkPort = -1;
-  private ZooKeeperTokenStore ts;
-
-  @Override
-  protected void setUp() throws Exception {
-    File zkDataDir = new File(System.getProperty("test.tmp.dir"));
-    if (this.zkCluster != null) {
-      throw new IOException("Cluster already running");
-    }
-    this.zkCluster = new MiniZooKeeperCluster();
-    this.zkPort = this.zkCluster.startup(zkDataDir);
-    this.zkClient =
-        CuratorFrameworkFactory.builder().connectString("localhost:" + zkPort)
-            .retryPolicy(new ExponentialBackoffRetry(1000, 3)).build();
-    this.zkClient.start();
-  }
-
-  @Override
-  protected void tearDown() throws Exception {
-    this.zkClient.close();
-    if (ts != null) {
-      ts.close();
-    }
-    this.zkCluster.shutdown();
-    this.zkCluster = null;
-  }
-
-  private Configuration createConf(String zkPath) {
-    Configuration conf = new Configuration();
-    conf.set(HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_CONNECT_STR, "localhost:"
-        + this.zkPort);
-    conf.set(HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ZNODE, zkPath);
-    return conf;
-  }
-
-  public void testTokenStorage() throws Exception {
-    String ZK_PATH = "/zktokenstore-testTokenStorage";
-    ts = new ZooKeeperTokenStore();
-    Configuration conf = createConf(ZK_PATH);
-    conf.set(HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL, "world:anyone:cdrwa");
-    ts.setConf(conf);
-    ts.init(null, ServerMode.METASTORE);
-
-
-    String metastore_zk_path = ZK_PATH + ServerMode.METASTORE;
-    int keySeq = ts.addMasterKey("key1Data");
-    byte[] keyBytes = zkClient.getData().forPath(
-        metastore_zk_path + "/keys/" + String.format(ZooKeeperTokenStore.ZK_SEQ_FORMAT, keySeq));
-    assertNotNull(keyBytes);
-    assertEquals(new String(keyBytes), "key1Data");
-
-    int keySeq2 = ts.addMasterKey("key2Data");
-    assertEquals("keys sequential", keySeq + 1, keySeq2);
-    assertEquals("expected number keys", 2, ts.getMasterKeys().length);
-
-    ts.removeMasterKey(keySeq);
-    assertEquals("expected number keys", 1, ts.getMasterKeys().length);
-
-    // tokens
-    DelegationTokenIdentifier tokenId = new DelegationTokenIdentifier(
-        new Text("owner"), new Text("renewer"), new Text("realUser"));
-    DelegationTokenInformation tokenInfo = new DelegationTokenInformation(
-        99, "password".getBytes());
-    ts.addToken(tokenId, tokenInfo);
-    DelegationTokenInformation tokenInfoRead = ts.getToken(tokenId);
-    assertEquals(tokenInfo.getRenewDate(), tokenInfoRead.getRenewDate());
-    assertNotSame(tokenInfo, tokenInfoRead);
-    Assert.assertArrayEquals(HiveDelegationTokenSupport
-        .encodeDelegationTokenInformation(tokenInfo),
-        HiveDelegationTokenSupport
-            .encodeDelegationTokenInformation(tokenInfoRead));
-
-    List<DelegationTokenIdentifier> allIds = ts.getAllDelegationTokenIdentifiers();
-    assertEquals(1, allIds.size());
-    Assert.assertEquals(TokenStoreDelegationTokenSecretManager
-        .encodeWritable(tokenId),
-        TokenStoreDelegationTokenSecretManager.encodeWritable(allIds
-            .get(0)));
-
-    assertTrue(ts.removeToken(tokenId));
-    assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
-    assertNull(ts.getToken(tokenId));
-  }
-
-  public void testAclNoAuth() throws Exception {
-    String ZK_PATH = "/zktokenstore-testAclNoAuth";
-    Configuration conf = createConf(ZK_PATH);
-    conf.set(
-        HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL,
-        "ip:127.0.0.1:r");
-
-    ts = new ZooKeeperTokenStore();
-    try {
-      ts.setConf(conf);
-      ts.init(null, ServerMode.METASTORE);
-      fail("expected ACL exception");
-    } catch (DelegationTokenStore.TokenStoreException e) {
-      assertEquals(KeeperException.NoAuthException.class, e.getCause().getClass());
-    }
-  }
-
-  public void testAclInvalid() throws Exception {
-    String ZK_PATH = "/zktokenstore-testAclInvalid";
-    String aclString = "sasl:hive/host@TEST.DOMAIN:cdrwa, fail-parse-ignored";
-    Configuration conf = createConf(ZK_PATH);
-    conf.set(
-        HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL,
-        aclString);
-
-    List<ACL> aclList = ZooKeeperTokenStore.parseACLs(aclString);
-    assertEquals(1, aclList.size());
-
-    ts = new ZooKeeperTokenStore();
-    try {
-      ts.setConf(conf);
-      ts.init(null, ServerMode.METASTORE);
-      fail("expected ACL exception");
-    } catch (DelegationTokenStore.TokenStoreException e) {
-      assertEquals(KeeperException.InvalidACLException.class, e.getCause().getClass());
-    }
-  }
-
-  public void testAclPositive() throws Exception {
-    String ZK_PATH = "/zktokenstore-testAcl";
-    Configuration conf = createConf(ZK_PATH);
-    conf.set(
-        HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL,
-        "ip:127.0.0.1:cdrwa,world:anyone:cdrwa");
-    ts = new ZooKeeperTokenStore();
-    ts.setConf(conf);
-    ts.init(null, ServerMode.METASTORE);
-    List<ACL> acl = zkClient.getACL().forPath(ZK_PATH + ServerMode.METASTORE);
-    assertEquals(2, acl.size());
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
index a9a4f2c..edf9385 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java
@@ -26,6 +26,7 @@ import org.apache.hive.service.auth.HiveAuthConstants;
 import org.apache.hive.service.auth.KerberosSaslHelper;
 import org.apache.hive.service.auth.PlainSaslHelper;
 import org.apache.hive.service.auth.SaslQOP;
+import org.apache.hive.service.cli.session.SessionUtils;
 import org.apache.hive.service.cli.thrift.EmbeddedThriftBinaryCLIService;
 import org.apache.hive.service.rpc.thrift.TCLIService;
 import org.apache.hive.service.rpc.thrift.TCancelDelegationTokenReq;
@@ -164,7 +165,7 @@ public class HiveConnection implements java.sql.Connection {
     // sess_var_list -> sessConfMap
     // hive_conf_list -> hiveConfMap
     // hive_var_list -> hiveVarMap
-    host = ShimLoader.getHadoopThriftAuthBridge().getCanonicalHostName(connParams.getHost());
+    host = Utils.getCanonicalHostName(connParams.getHost());
     port = connParams.getPort();
     sessConfMap = connParams.getSessionVars();
     isEmbeddedMode = connParams.isEmbeddedMode();
@@ -229,7 +230,7 @@ public class HiveConnection implements java.sql.Connection {
             }
             // Update with new values
             jdbcUriString = connParams.getJdbcUriString();
-            host = ShimLoader.getHadoopThriftAuthBridge().getCanonicalHostName(connParams.getHost());
+            host = Utils.getCanonicalHostName(connParams.getHost());
             port = connParams.getPort();
           } else {
             errMsg = warnMsg;
@@ -652,7 +653,7 @@ public class HiveConnection implements java.sql.Connection {
     if (JdbcConnectionParams.AUTH_TOKEN.equalsIgnoreCase(jdbcConnConf.get(JdbcConnectionParams.AUTH_TYPE))) {
       // check delegation token in job conf if any
       try {
-        tokenStr = org.apache.hadoop.hive.shims.Utils.getTokenStrForm(HiveAuthConstants.HS2_CLIENT_TOKEN);
+        tokenStr = SessionUtils.getTokenStrForm(HiveAuthConstants.HS2_CLIENT_TOKEN);
       } catch (IOException e) {
         throw new SQLException("Error reading token ", e);
       }

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/jdbc/src/java/org/apache/hive/jdbc/Utils.java
----------------------------------------------------------------------
diff --git a/jdbc/src/java/org/apache/hive/jdbc/Utils.java b/jdbc/src/java/org/apache/hive/jdbc/Utils.java
index 574fb7e..855de88 100644
--- a/jdbc/src/java/org/apache/hive/jdbc/Utils.java
+++ b/jdbc/src/java/org/apache/hive/jdbc/Utils.java
@@ -18,7 +18,9 @@
 
 package org.apache.hive.jdbc;
 
+import java.net.InetAddress;
 import java.net.URI;
+import java.net.UnknownHostException;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -663,4 +665,21 @@ public class Utils {
     }
     return null;
   }
+
+  /**
+   * Method to get canonical-ized hostname, given a hostname (possibly a CNAME).
+   * This should allow for service-principals to use simplified CNAMEs.
+   * @param hostName The hostname to be canonical-ized.
+   * @return Given a CNAME, the canonical-ized hostname is returned. If not found, the original hostname is returned.
+   */
+  public static String getCanonicalHostName(String hostName) {
+    try {
+      return InetAddress.getByName(hostName).getCanonicalHostName();
+    }
+    catch(UnknownHostException exception) {
+      LOG.warn("Could not retrieve canonical hostname for " + hostName, exception);
+      return hostName;
+    }
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
----------------------------------------------------------------------
diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
index 12faf82..23033fa 100644
--- a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
+++ b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
@@ -7676,8 +7676,7 @@ public class HiveMetaStore extends ThriftHiveMetastore {
             conf.getVar(HiveConf.ConfVars.METASTORE_CLIENT_KERBEROS_PRINCIPAL));
         // Start delegation token manager
         delegationTokenManager = new MetastoreDelegationTokenManager();
-        delegationTokenManager.startDelegationTokenSecretManager(conf, baseHandler,
-            HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
+        delegationTokenManager.startDelegationTokenSecretManager(conf, baseHandler, HadoopThriftAuthBridge.Server.ServerMode.METASTORE);
         saslServer.setSecretManager(delegationTokenManager.getSecretManager());
         transFactory = saslServer.createTransportFactory(
                 MetaStoreUtils.getMetaStoreSaslProperties(conf, useSSL));

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
----------------------------------------------------------------------
diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
index 95e3d75..3f5f80e 100644
--- a/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
+++ b/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
@@ -66,6 +66,7 @@ import org.apache.hadoop.hive.metastore.conf.MetastoreConf;
 import org.apache.hadoop.hive.metastore.partition.spec.PartitionSpecProxy;
 import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge;
 import org.apache.hadoop.hive.metastore.txn.TxnUtils;
+import org.apache.hadoop.hive.metastore.utils.SecurityUtils;
 import org.apache.hadoop.hive.shims.Utils;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.StringUtils;
@@ -242,7 +243,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient, AutoCloseable {
             });
         String delegationTokenPropString = "DelegationTokenForHiveMetaStoreServer";
         String delegationTokenStr = getDelegationToken(proxyUser, proxyUser);
-        Utils.setTokenStr(UserGroupInformation.getCurrentUser(), delegationTokenStr,
+        SecurityUtils.setTokenStr(UserGroupInformation.getCurrentUser(), delegationTokenStr,
             delegationTokenPropString);
         this.conf.setVar(ConfVars.METASTORE_TOKEN_SIGNATURE, delegationTokenPropString);
         close();
@@ -455,7 +456,7 @@ public class HiveMetaStoreClient implements IMetaStoreClient, AutoCloseable {
               // submission.
               String tokenSig = conf.getVar(ConfVars.METASTORE_TOKEN_SIGNATURE);
               // tokenSig could be null
-              tokenStrForm = Utils.getTokenStrForm(tokenSig);
+              tokenStrForm = SecurityUtils.getTokenStrForm(tokenSig);
 
               if(tokenStrForm != null) {
                 LOG.info("HMSC::open(): Found delegation token. Creating DIGEST-based thrift connection.");

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
----------------------------------------------------------------------
diff --git a/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java b/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
index 5354e70..ef097ac 100644
--- a/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
+++ b/metastore/src/java/org/apache/hadoop/hive/metastore/MetaStoreUtils.java
@@ -63,7 +63,7 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.hive.metastore.api.Decimal;
 import org.apache.hadoop.hive.metastore.api.Order;
 import org.apache.hadoop.hive.metastore.api.SkewedInfo;
-import org.apache.hadoop.hive.shims.ShimLoader;
+import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.hadoop.conf.Configuration;
@@ -1638,7 +1638,7 @@ public class MetaStoreUtils {
               + hadoopRpcProtectionVal + " to " + hadoopRpcProtectionAuth + " because SSL is enabled");
       conf.set(CommonConfigurationKeysPublic.HADOOP_RPC_PROTECTION, hadoopRpcProtectionAuth);
     }
-    return ShimLoader.getHadoopThriftAuthBridge().getHadoopSaslProperties(conf);
+    return HadoopThriftAuthBridge.getBridge().getHadoopSaslProperties(conf);
   }
 
 

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
index 0f4a4d8..6528ca0 100644
--- a/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
+++ b/service/src/java/org/apache/hive/service/auth/HiveAuthFactory.java
@@ -27,15 +27,21 @@ import javax.security.auth.login.LoginException;
 import javax.security.sasl.AuthenticationException;
 import javax.security.sasl.Sasl;
 
+import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
+import org.apache.hadoop.hive.conf.HiveConfUtil;
 import org.apache.hadoop.hive.ql.metadata.Hive;
 import org.apache.hadoop.hive.shims.HadoopShims.KerberosNameShim;
 import org.apache.hadoop.hive.shims.ShimLoader;
-import org.apache.hadoop.hive.thrift.DBTokenStore;
-import org.apache.hadoop.hive.thrift.HiveDelegationTokenManager;
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server.ServerMode;
+import org.apache.hadoop.hive.metastore.security.DBTokenStore;
+import org.apache.hadoop.hive.metastore.security.DelegationTokenStore;
+import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge;
+import org.apache.hadoop.hive.metastore.security.MemoryTokenStore;
+import org.apache.hadoop.hive.metastore.security.MetastoreDelegationTokenManager;
+import org.apache.hadoop.hive.metastore.security.ZooKeeperTokenStore;
+import org.apache.hadoop.hive.metastore.utils.SecurityUtils;
 import org.apache.hadoop.security.SaslRpcServer.AuthMethod;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
@@ -61,7 +67,7 @@ public class HiveAuthFactory {
   private final String transportMode;
   private final HiveConf conf;
   private String hadoopAuth;
-  private HiveDelegationTokenManager delegationTokenManager = null;
+  private MetastoreDelegationTokenManager delegationTokenManager = null;
 
   public HiveAuthFactory(HiveConf conf) throws TTransportException {
     this.conf = conf;
@@ -82,16 +88,16 @@ public class HiveAuthFactory {
     }
     if (isSASLWithKerberizedHadoop()) {
       saslServer =
-          ShimLoader.getHadoopThriftAuthBridge().createServer(
+          HadoopThriftAuthBridge.getBridge().createServer(
               conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_KEYTAB),
               conf.getVar(ConfVars.HIVE_SERVER2_KERBEROS_PRINCIPAL),
               conf.getVar(ConfVars.HIVE_SERVER2_CLIENT_KERBEROS_PRINCIPAL));
 
       // Start delegation token manager
-      delegationTokenManager = new HiveDelegationTokenManager();
+      delegationTokenManager = new MetastoreDelegationTokenManager();
       try {
         Object baseHandler = null;
-        String tokenStoreClass = conf.getVar(HiveConf.ConfVars.METASTORE_CLUSTER_DELEGATION_TOKEN_STORE_CLS);
+        String tokenStoreClass = SecurityUtils.getTokenStoreClassName(conf);
 
         if (tokenStoreClass.equals(DBTokenStore.class.getName())) {
           // IMetaStoreClient is needed to access token store if DBTokenStore is to be used. It
@@ -105,7 +111,8 @@ public class HiveAuthFactory {
           baseHandler = Hive.class;
         }
 
-        delegationTokenManager.startDelegationTokenSecretManager(conf, baseHandler, ServerMode.HIVESERVER2);
+        delegationTokenManager.startDelegationTokenSecretManager(conf, baseHandler,
+            HadoopThriftAuthBridge.Server.ServerMode.HIVESERVER2);
         saslServer.setSecretManager(delegationTokenManager.getSecretManager());
       }
       catch (IOException e) {
@@ -325,5 +332,4 @@ public class HiveAuthFactory {
         "Failed to validate proxy privilege of " + realUser + " for " + proxyUser, "08S01", e);
     }
   }
-
 }

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java b/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
index 8b5661a..7b3040d 100644
--- a/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
+++ b/service/src/java/org/apache/hive/service/auth/HttpAuthUtils.java
@@ -32,6 +32,7 @@ import java.util.StringTokenizer;
 import javax.security.auth.Subject;
 
 import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge;
 import org.apache.hadoop.hive.shims.ShimLoader;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.http.protocol.BasicHttpContext;
@@ -66,7 +67,7 @@ public final class HttpAuthUtils {
   public static String getKerberosServiceTicket(String principal, String host,
       String serverHttpUrl, boolean assumeSubject) throws Exception {
     String serverPrincipal =
-        ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host);
+        HadoopThriftAuthBridge.getBridge().getServerPrincipal(principal, host);
     if (assumeSubject) {
       // With this option, we're assuming that the external application,
       // using the JDBC driver has done a JAAS kerberos login already
@@ -79,7 +80,7 @@ public final class HttpAuthUtils {
     } else {
       // JAAS login from ticket cache to setup the client UserGroupInformation
       UserGroupInformation clientUGI =
-          ShimLoader.getHadoopThriftAuthBridge().getCurrentUGIWithConf("kerberos");
+          HadoopThriftAuthBridge.getBridge().getCurrentUGIWithConf("kerberos");
       return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl));
     }
   }

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java b/service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java
index ea2c689..3f549ba 100644
--- a/service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java
+++ b/service/src/java/org/apache/hive/service/auth/KerberosSaslHelper.java
@@ -22,9 +22,8 @@ import java.util.Map;
 
 import javax.security.sasl.SaslException;
 
-import org.apache.hadoop.hive.shims.ShimLoader;
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server;
+import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge;
+import org.apache.hadoop.hive.metastore.security.HadoopThriftAuthBridge.Server;
 import org.apache.hive.service.cli.thrift.ThriftCLIService;
 import org.apache.hive.service.rpc.thrift.TCLIService;
 import org.apache.hive.service.rpc.thrift.TCLIService.Iface;
@@ -53,7 +52,7 @@ public final class KerberosSaslHelper {
         return createSubjectAssumedTransport(principal, underlyingTransport, saslProps);
       } else {
         HadoopThriftAuthBridge.Client authBridge =
-          ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos");
+          HadoopThriftAuthBridge.getBridge().createClientWithConf("kerberos");
         return authBridge.createClientTransport(principal, host, "KERBEROS", null,
                                                 underlyingTransport, saslProps);
       }
@@ -78,7 +77,7 @@ public final class KerberosSaslHelper {
   public static TTransport getTokenTransport(String tokenStr, String host,
     TTransport underlyingTransport, Map<String, String> saslProps) throws SaslException {
     HadoopThriftAuthBridge.Client authBridge =
-      ShimLoader.getHadoopThriftAuthBridge().createClientWithConf("kerberos");
+      HadoopThriftAuthBridge.getBridge().createClientWithConf("kerberos");
 
     try {
       return authBridge.createClientTransport(null, host, "DIGEST", tokenStr, underlyingTransport,

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java b/service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java
index 00a7e74..8000a5b 100644
--- a/service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java
+++ b/service/src/java/org/apache/hive/service/cli/session/HiveSessionImplwithUGI.java
@@ -26,7 +26,6 @@ import org.apache.hadoop.hive.metastore.IMetaStoreClient;
 import org.apache.hadoop.hive.metastore.api.MetaException;
 import org.apache.hadoop.hive.ql.metadata.Hive;
 import org.apache.hadoop.hive.ql.metadata.HiveException;
-import org.apache.hadoop.hive.shims.Utils;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hive.service.auth.HiveAuthFactory;
 import org.apache.hive.service.cli.HiveSQLException;
@@ -113,7 +112,7 @@ public class HiveSessionImplwithUGI extends HiveSessionImpl {
     if (hmsDelegationTokenStr != null) {
       getHiveConf().setVar(HiveConf.ConfVars.METASTORE_TOKEN_SIGNATURE, HS2TOKEN);
       try {
-        Utils.setTokenStr(sessionUgi, hmsDelegationTokenStr, HS2TOKEN);
+        SessionUtils.setTokenStr(sessionUgi, hmsDelegationTokenStr, HS2TOKEN);
       } catch (IOException e) {
         throw new HiveSQLException("Couldn't setup delegation token in the ugi: " + e, e);
       }

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/service/src/java/org/apache/hive/service/cli/session/SessionUtils.java
----------------------------------------------------------------------
diff --git a/service/src/java/org/apache/hive/service/cli/session/SessionUtils.java b/service/src/java/org/apache/hive/service/cli/session/SessionUtils.java
new file mode 100644
index 0000000..00d3112
--- /dev/null
+++ b/service/src/java/org/apache/hive/service/cli/session/SessionUtils.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hive.service.cli.session;
+
+import java.io.IOException;
+
+import org.apache.hadoop.hive.metastore.security.DelegationTokenIdentifier;
+import org.apache.hadoop.hive.metastore.security.DelegationTokenSelector;
+import org.apache.hadoop.io.Text;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.token.Token;
+import org.apache.hadoop.security.token.TokenIdentifier;
+import org.apache.hadoop.security.token.TokenSelector;
+
+public class SessionUtils {
+  /**
+   * Get the string form of the token given a token signature. The signature is used as the value of
+   * the "service" field in the token for lookup. Ref: AbstractDelegationTokenSelector in Hadoop. If
+   * there exists such a token in the token cache (credential store) of the job, the lookup returns
+   * that. This is relevant only when running against a "secure" hadoop release The method gets hold
+   * of the tokens if they are set up by hadoop - this should happen on the map/reduce tasks if the
+   * client added the tokens into hadoop's credential store in the front end during job submission.
+   * The method will select the hive delegation token among the set of tokens and return the string
+   * form of it
+   * 
+   * @param tokenSignature
+   * @return the string form of the token found
+   * @throws IOException
+   */
+  public static String getTokenStrForm(String tokenSignature) throws IOException {
+    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
+    TokenSelector<? extends TokenIdentifier> tokenSelector = new DelegationTokenSelector();
+
+    Token<? extends TokenIdentifier> token = tokenSelector.selectToken(
+        tokenSignature == null ? new Text() : new Text(tokenSignature), ugi.getTokens());
+    return token != null ? token.encodeToUrlString() : null;
+  }
+
+  /**
+   * Create a delegation token object for the given token string and service. Add the token to given
+   * UGI
+   * 
+   * @param ugi
+   * @param tokenStr
+   * @param tokenService
+   * @throws IOException
+   */
+  public static void setTokenStr(UserGroupInformation ugi, String tokenStr, String tokenService)
+      throws IOException {
+    Token<DelegationTokenIdentifier> delegationToken = createToken(tokenStr, tokenService);
+    ugi.addToken(delegationToken);
+  }
+
+  /**
+   * Add a given service to delegation token string.
+   * 
+   * @param tokenStr
+   * @param tokenService
+   * @return
+   * @throws IOException
+   */
+  public static String addServiceToToken(String tokenStr, String tokenService) throws IOException {
+    Token<DelegationTokenIdentifier> delegationToken = createToken(tokenStr, tokenService);
+    return delegationToken.encodeToUrlString();
+  }
+
+  /**
+   * Create a new token using the given string and service
+   * 
+   * @param tokenStr
+   * @param tokenService
+   * @return
+   * @throws IOException
+   */
+  private static Token<DelegationTokenIdentifier> createToken(String tokenStr, String tokenService)
+      throws IOException {
+    Token<DelegationTokenIdentifier> delegationToken = new Token<DelegationTokenIdentifier>();
+    delegationToken.decodeFromUrlString(tokenStr);
+    delegationToken.setService(new Text(tokenService));
+    return delegationToken;
+  }
+}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/shims/0.23/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge23.java
----------------------------------------------------------------------
diff --git a/shims/0.23/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge23.java b/shims/0.23/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge23.java
deleted file mode 100644
index 5e21c9f..0000000
--- a/shims/0.23/src/main/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge23.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.hive.thrift;
-
-import java.lang.reflect.Field;
-import java.lang.reflect.Method;
-import java.util.Map;
-
-import org.apache.hadoop.conf.Configurable;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.SaslRpcServer;
-
-/**
- * Functions that bridge Thrift's SASL transports to Hadoop's SASL callback
- * handlers and authentication classes.
- *
- * This is a 0.23/2.x specific implementation
- */
-public class HadoopThriftAuthBridge23 extends HadoopThriftAuthBridge {
-
-  private static Field SASL_PROPS_FIELD;
-  private static Class<?> SASL_PROPERTIES_RESOLVER_CLASS;
-  private static Method RES_GET_INSTANCE_METHOD;
-  private static Method GET_DEFAULT_PROP_METHOD;
-  static {
-    SASL_PROPERTIES_RESOLVER_CLASS = null;
-    SASL_PROPS_FIELD = null;
-    final String SASL_PROP_RES_CLASSNAME = "org.apache.hadoop.security.SaslPropertiesResolver";
-    try {
-      SASL_PROPERTIES_RESOLVER_CLASS = Class.forName(SASL_PROP_RES_CLASSNAME);
-
-    } catch (ClassNotFoundException e) {
-    }
-
-    if (SASL_PROPERTIES_RESOLVER_CLASS != null) {
-      // found the class, so this would be hadoop version 2.4 or newer (See
-      // HADOOP-10221, HADOOP-10451)
-      try {
-        RES_GET_INSTANCE_METHOD = SASL_PROPERTIES_RESOLVER_CLASS.getMethod("getInstance",
-            Configuration.class);
-        GET_DEFAULT_PROP_METHOD = SASL_PROPERTIES_RESOLVER_CLASS.getMethod("getDefaultProperties");
-      } catch (Exception e) {
-        // this must be hadoop 2.4 , where getDefaultProperties was protected
-      }
-    }
-
-    if (SASL_PROPERTIES_RESOLVER_CLASS == null || GET_DEFAULT_PROP_METHOD == null) {
-      // this must be a hadoop 2.4 version or earlier.
-      // Resorting to the earlier method of getting the properties, which uses SASL_PROPS field
-      try {
-        SASL_PROPS_FIELD = SaslRpcServer.class.getField("SASL_PROPS");
-      } catch (NoSuchFieldException e) {
-        // Older version of hadoop should have had this field
-        throw new IllegalStateException("Error finding hadoop SASL_PROPS field in "
-            + SaslRpcServer.class.getSimpleName(), e);
-      }
-    }
-  }
-
-  /**
-   * Read and return Hadoop SASL configuration which can be configured using
-   * "hadoop.rpc.protection"
-   *
-   * @param conf
-   * @return Hadoop SASL configuration
-   */
-  @SuppressWarnings("unchecked")
-  @Override
-  public Map<String, String> getHadoopSaslProperties(Configuration conf) {
-    if (SASL_PROPS_FIELD != null) {
-      // hadoop 2.4 and earlier way of finding the sasl property settings
-      // Initialize the SaslRpcServer to ensure QOP parameters are read from
-      // conf
-      SaslRpcServer.init(conf);
-      try {
-        return (Map<String, String>) SASL_PROPS_FIELD.get(null);
-      } catch (Exception e) {
-        throw new IllegalStateException("Error finding hadoop SASL properties", e);
-      }
-    }
-    // 2.5 and later way of finding sasl property
-    try {
-      Configurable saslPropertiesResolver = (Configurable) RES_GET_INSTANCE_METHOD.invoke(null,
-          conf);
-      saslPropertiesResolver.setConf(conf);
-      return (Map<String, String>) GET_DEFAULT_PROP_METHOD.invoke(saslPropertiesResolver);
-    } catch (Exception e) {
-      throw new IllegalStateException("Error finding hadoop SASL properties", e);
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/shims/common/src/main/java/org/apache/hadoop/hive/shims/ShimLoader.java
----------------------------------------------------------------------
diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/shims/ShimLoader.java b/shims/common/src/main/java/org/apache/hadoop/hive/shims/ShimLoader.java
index f15e7ff..1ea8b50 100644
--- a/shims/common/src/main/java/org/apache/hadoop/hive/shims/ShimLoader.java
+++ b/shims/common/src/main/java/org/apache/hadoop/hive/shims/ShimLoader.java
@@ -17,7 +17,6 @@
  */
 package org.apache.hadoop.hive.shims;
 
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge;
 import org.apache.hadoop.util.VersionInfo;
 import org.apache.log4j.AppenderSkeleton;
 import org.slf4j.Logger;
@@ -37,7 +36,6 @@ public abstract class ShimLoader {
   private static volatile HadoopShims hadoopShims;
   private static JettyShims jettyShims;
   private static AppenderSkeleton eventCounter;
-  private static HadoopThriftAuthBridge hadoopThriftAuthBridge;
   private static SchedulerShim schedulerShim;
 
   /**
@@ -103,14 +101,6 @@ public abstract class ShimLoader {
     return eventCounter;
   }
 
-  public static synchronized HadoopThriftAuthBridge getHadoopThriftAuthBridge() {
-    if (hadoopThriftAuthBridge == null) {
-      hadoopThriftAuthBridge = loadShims(HADOOP_THRIFT_AUTH_BRIDGE_CLASSES,
-          HadoopThriftAuthBridge.class);
-    }
-    return hadoopThriftAuthBridge;
-  }
-
   public static synchronized SchedulerShim getSchedulerShims() {
     if (schedulerShim == null) {
       schedulerShim = createShim(SCHEDULER_SHIM_CLASSE, SchedulerShim.class);

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/shims/common/src/main/java/org/apache/hadoop/hive/shims/Utils.java
----------------------------------------------------------------------
diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/shims/Utils.java b/shims/common/src/main/java/org/apache/hadoop/hive/shims/Utils.java
index 3c93186..d9ae336 100644
--- a/shims/common/src/main/java/org/apache/hadoop/hive/shims/Utils.java
+++ b/shims/common/src/main/java/org/apache/hadoop/hive/shims/Utils.java
@@ -26,8 +26,8 @@ import java.util.Map;
 import java.util.Set;
 
 import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.LoginException;
 import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
+import javax.security.auth.login.LoginException;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -37,19 +37,12 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.hadoop.hive.thrift.DelegationTokenIdentifier;
-import org.apache.hadoop.hive.thrift.DelegationTokenSelector;
-import org.apache.hadoop.io.Text;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authentication.util.KerberosUtil;
-import org.apache.hadoop.security.token.Token;
-import org.apache.hadoop.security.token.TokenIdentifier;
-import org.apache.hadoop.security.token.TokenSelector;
 import org.apache.zookeeper.client.ZooKeeperSaslClient;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class Utils {
 
@@ -73,72 +66,6 @@ public class Utils {
   }
 
   /**
-   * Get the string form of the token given a token signature.
-   * The signature is used as the value of the "service" field in the token for lookup.
-   * Ref: AbstractDelegationTokenSelector in Hadoop. If there exists such a token
-   * in the token cache (credential store) of the job, the lookup returns that.
-   * This is relevant only when running against a "secure" hadoop release
-   * The method gets hold of the tokens if they are set up by hadoop - this should
-   * happen on the map/reduce tasks if the client added the tokens into hadoop's
-   * credential store in the front end during job submission. The method will
-   * select the hive delegation token among the set of tokens and return the string
-   * form of it
-   * @param tokenSignature
-   * @return the string form of the token found
-   * @throws IOException
-   */
-  public static String getTokenStrForm(String tokenSignature) throws IOException {
-    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
-    TokenSelector<? extends TokenIdentifier> tokenSelector = new DelegationTokenSelector();
-
-    Token<? extends TokenIdentifier> token = tokenSelector.selectToken(
-        tokenSignature == null ? new Text() : new Text(tokenSignature), ugi.getTokens());
-    return token != null ? token.encodeToUrlString() : null;
-  }
-
-  /**
-   * Create a delegation token object for the given token string and service.
-   * Add the token to given UGI
-   * @param ugi
-   * @param tokenStr
-   * @param tokenService
-   * @throws IOException
-   */
-  public static void setTokenStr(UserGroupInformation ugi, String tokenStr, String tokenService)
-      throws IOException {
-    Token<DelegationTokenIdentifier> delegationToken = createToken(tokenStr, tokenService);
-    ugi.addToken(delegationToken);
-  }
-
-  /**
-   * Add a given service to delegation token string.
-   * @param tokenStr
-   * @param tokenService
-   * @return
-   * @throws IOException
-   */
-  public static String addServiceToToken(String tokenStr, String tokenService)
-      throws IOException {
-    Token<DelegationTokenIdentifier> delegationToken = createToken(tokenStr, tokenService);
-    return delegationToken.encodeToUrlString();
-  }
-
-  /**
-   * Create a new token using the given string and service
-   * @param tokenStr
-   * @param tokenService
-   * @return
-   * @throws IOException
-   */
-  private static Token<DelegationTokenIdentifier> createToken(String tokenStr, String tokenService)
-      throws IOException {
-    Token<DelegationTokenIdentifier> delegationToken = new Token<DelegationTokenIdentifier>();
-    delegationToken.decodeFromUrlString(tokenStr);
-    delegationToken.setService(new Text(tokenService));
-    return delegationToken;
-  }
-
-  /**
    * Dynamically sets up the JAAS configuration that uses kerberos
    * @param principal
    * @param keyTabFile
@@ -189,7 +116,7 @@ public class Utils {
           krbOptions.put("useKeyTab", "true");
           krbOptions.put("keyTab", keyTabFile);
         }
-	krbOptions.put("principal", principal);
+  krbOptions.put("principal", principal);
         krbOptions.put("refreshKrb5Config", "true");
         AppConfigurationEntry hiveZooKeeperClientEntry = new AppConfigurationEntry(
             KerberosUtil.getKrb5LoginModuleName(), LoginModuleControlFlag.REQUIRED, krbOptions);
@@ -203,6 +130,7 @@ public class Utils {
     }
   }
 
+  
   public static final String XSRF_CUSTOM_HEADER_PARAM = "custom-header";
   public static final String XSRF_CUSTOM_METHODS_TO_IGNORE_PARAM = "methods-to-ignore";
   private static final String XSRF_HEADER_DEFAULT = "X-XSRF-HEADER";

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DBTokenStore.java
----------------------------------------------------------------------
diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DBTokenStore.java b/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DBTokenStore.java
deleted file mode 100644
index 1b54946..0000000
--- a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DBTokenStore.java
+++ /dev/null
@@ -1,192 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.hive.thrift;
-
-import java.io.IOException;
-import java.lang.reflect.InvocationTargetException;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.Server.ServerMode;
-import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation;
-import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class DBTokenStore implements DelegationTokenStore {
-  private static final Logger LOG = LoggerFactory.getLogger(DBTokenStore.class);
-  private Configuration conf;
-
-  @Override
-  public int addMasterKey(String s) throws TokenStoreException {
-    if (LOG.isTraceEnabled()) {
-      LOG.trace("addMasterKey: s = " + s);
-    }
-    return (Integer)invokeOnTokenStore("addMasterKey", new Object[]{s},String.class);
-  }
-
-  @Override
-  public void updateMasterKey(int keySeq, String s) throws TokenStoreException {
-    if (LOG.isTraceEnabled()) {
-      LOG.trace("updateMasterKey: s = " + s + ", keySeq = " + keySeq);
-    }
-    invokeOnTokenStore("updateMasterKey", new Object[] {Integer.valueOf(keySeq), s},
-        Integer.class, String.class);
-  }
-
-  @Override
-  public boolean removeMasterKey(int keySeq) {
-    return (Boolean)invokeOnTokenStore("removeMasterKey", new Object[] {Integer.valueOf(keySeq)},
-      Integer.class);
-  }
-
-  @Override
-  public String[] getMasterKeys() throws TokenStoreException {
-    return (String[])invokeOnTokenStore("getMasterKeys", new Object[0]);
-  }
-
-  @Override
-  public boolean addToken(DelegationTokenIdentifier tokenIdentifier,
-      DelegationTokenInformation token) throws TokenStoreException {
-
-    try {
-      String identifier = TokenStoreDelegationTokenSecretManager.encodeWritable(tokenIdentifier);
-      String tokenStr = Base64.encodeBase64URLSafeString(
-        HiveDelegationTokenSupport.encodeDelegationTokenInformation(token));
-      boolean result = (Boolean)invokeOnTokenStore("addToken", new Object[] {identifier, tokenStr},
-        String.class, String.class);
-      if (LOG.isTraceEnabled()) {
-        LOG.trace("addToken: tokenIdentifier = " + tokenIdentifier + ", added = " + result);
-      }
-      return result;
-    } catch (IOException e) {
-      throw new TokenStoreException(e);
-    }
-  }
-
-  @Override
-  public DelegationTokenInformation getToken(DelegationTokenIdentifier tokenIdentifier)
-      throws TokenStoreException {
-    try {
-      String tokenStr = (String)invokeOnTokenStore("getToken", new Object[] {
-          TokenStoreDelegationTokenSecretManager.encodeWritable(tokenIdentifier)}, String.class);
-      DelegationTokenInformation result = null;
-      if (StringUtils.isNotEmpty(tokenStr)) {
-        result = HiveDelegationTokenSupport.decodeDelegationTokenInformation(Base64.decodeBase64(tokenStr));
-      }
-      if (LOG.isTraceEnabled()) {
-        LOG.trace("getToken: tokenIdentifier = " + tokenIdentifier + ", result = " + result);
-      }
-      return result;
-    } catch (IOException e) {
-      throw new TokenStoreException(e);
-    }
-  }
-
-  @Override
-  public boolean removeToken(DelegationTokenIdentifier tokenIdentifier) throws TokenStoreException{
-    try {
-      boolean result = (Boolean)invokeOnTokenStore("removeToken", new Object[] {
-        TokenStoreDelegationTokenSecretManager.encodeWritable(tokenIdentifier)}, String.class);
-      if (LOG.isTraceEnabled()) {
-        LOG.trace("removeToken: tokenIdentifier = " + tokenIdentifier + ", removed = " + result);
-      }
-      return result;
-    } catch (IOException e) {
-      throw new TokenStoreException(e);
-    }
-  }
-
-  @Override
-  public List<DelegationTokenIdentifier> getAllDelegationTokenIdentifiers() throws TokenStoreException{
-
-    List<String> tokenIdents = (List<String>)invokeOnTokenStore("getAllTokenIdentifiers", new Object[0]);
-    List<DelegationTokenIdentifier> delTokenIdents = new ArrayList<DelegationTokenIdentifier>(tokenIdents.size());
-
-    for (String tokenIdent : tokenIdents) {
-      DelegationTokenIdentifier delToken = new DelegationTokenIdentifier();
-      try {
-        TokenStoreDelegationTokenSecretManager.decodeWritable(delToken, tokenIdent);
-      } catch (IOException e) {
-        throw new TokenStoreException(e);
-      }
-      delTokenIdents.add(delToken);
-    }
-    return delTokenIdents;
-  }
-
-  private Object handler;
-  private ServerMode smode;
-
-  @Override
-  public void init(Object handler, ServerMode smode) throws TokenStoreException {
-    this.handler = handler;
-    this.smode = smode;
-  }
-
-  private Object invokeOnTokenStore(String methName, Object[] params, Class<?> ... paramTypes)
-      throws TokenStoreException{
-    Object tokenStore;
-    try {
-      switch (smode) {
-        case METASTORE :
-          tokenStore = handler.getClass().getMethod("getMS").invoke(handler);
-          break;
-        case HIVESERVER2 :
-          Object hiveObject = ((Class<?>)handler)
-            .getMethod("get", org.apache.hadoop.conf.Configuration.class, java.lang.Class.class)
-            .invoke(handler, conf, DBTokenStore.class);
-          tokenStore = ((Class<?>)handler).getMethod("getMSC").invoke(hiveObject);
-          break;
-       default:
-         throw new TokenStoreException(new Exception("unknown server mode"));
-      }
-      return tokenStore.getClass().getMethod(methName, paramTypes).invoke(tokenStore, params);
-    } catch (IllegalArgumentException e) {
-        throw new TokenStoreException(e);
-    } catch (SecurityException e) {
-        throw new TokenStoreException(e);
-    } catch (IllegalAccessException e) {
-        throw new TokenStoreException(e);
-    } catch (InvocationTargetException e) {
-        throw new TokenStoreException(e.getCause());
-    } catch (NoSuchMethodException e) {
-        throw new TokenStoreException(e);
-    }
-  }
-
-  @Override
-  public void setConf(Configuration conf) {
-    this.conf = conf;
-  }
-
-  @Override
-  public Configuration getConf() {
-    return conf;
-  }
-
-  @Override
-  public void close() throws IOException {
-    // No-op.
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenIdentifier.java
----------------------------------------------------------------------
diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenIdentifier.java b/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenIdentifier.java
deleted file mode 100644
index 4ca3c0b..0000000
--- a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenIdentifier.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.hive.thrift;
-
-import org.apache.hadoop.io.Text;
-import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
-
-/**
- * A delegation token identifier that is specific to Hive.
- */
-public class DelegationTokenIdentifier
-    extends AbstractDelegationTokenIdentifier {
-  public static final Text HIVE_DELEGATION_KIND = new Text("HIVE_DELEGATION_TOKEN");
-
-  /**
-   * Create an empty delegation token identifier for reading into.
-   */
-  public DelegationTokenIdentifier() {
-  }
-
-  /**
-   * Create a new delegation token identifier
-   * @param owner the effective username of the token owner
-   * @param renewer the username of the renewer
-   * @param realUser the real username of the token owner
-   */
-  public DelegationTokenIdentifier(Text owner, Text renewer, Text realUser) {
-    super(owner, renewer, realUser);
-  }
-
-  @Override
-  public Text getKind() {
-    return HIVE_DELEGATION_KIND;
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/hive/blob/8fea1176/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java
----------------------------------------------------------------------
diff --git a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java b/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java
deleted file mode 100644
index 5299e18..0000000
--- a/shims/common/src/main/java/org/apache/hadoop/hive/thrift/DelegationTokenSecretManager.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.hive.thrift;
-
-import java.io.ByteArrayInputStream;
-import java.io.DataInputStream;
-import java.io.IOException;
-
-import org.apache.hadoop.io.Text;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.token.Token;
-import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
-
-/**
- * A Hive specific delegation token secret manager.
- * The secret manager is responsible for generating and accepting the password
- * for each token.
- */
-public class DelegationTokenSecretManager
-    extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
-
-  /**
-   * Create a secret manager
-   * @param delegationKeyUpdateInterval the number of seconds for rolling new
-   *        secret keys.
-   * @param delegationTokenMaxLifetime the maximum lifetime of the delegation
-   *        tokens
-   * @param delegationTokenRenewInterval how often the tokens must be renewed
-   * @param delegationTokenRemoverScanInterval how often the tokens are scanned
-   *        for expired tokens
-   */
-  public DelegationTokenSecretManager(long delegationKeyUpdateInterval,
-                                      long delegationTokenMaxLifetime,
-                                      long delegationTokenRenewInterval,
-                                      long delegationTokenRemoverScanInterval) {
-    super(delegationKeyUpdateInterval, delegationTokenMaxLifetime,
-          delegationTokenRenewInterval, delegationTokenRemoverScanInterval);
-  }
-
-  @Override
-  public DelegationTokenIdentifier createIdentifier() {
-    return new DelegationTokenIdentifier();
-  }
-
-  /**
-   * Verify token string
-   * @param tokenStrForm
-   * @return user name
-   * @throws IOException
-   */
-  public synchronized String verifyDelegationToken(String tokenStrForm) throws IOException {
-    Token<DelegationTokenIdentifier> t = new Token<DelegationTokenIdentifier>();
-    t.decodeFromUrlString(tokenStrForm);
-
-    DelegationTokenIdentifier id = getTokenIdentifier(t);
-    verifyToken(id, t.getPassword());
-    return id.getUser().getShortUserName();
-  }
-
-  protected DelegationTokenIdentifier getTokenIdentifier(Token<DelegationTokenIdentifier> token)
-      throws IOException {
-    // turn bytes back into identifier for cache lookup
-    ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
-    DataInputStream in = new DataInputStream(buf);
-    DelegationTokenIdentifier id = createIdentifier();
-    id.readFields(in);
-    return id;
-  }
-
-  public synchronized void cancelDelegationToken(String tokenStrForm) throws IOException {
-    Token<DelegationTokenIdentifier> t= new Token<DelegationTokenIdentifier>();
-    t.decodeFromUrlString(tokenStrForm);
-    String user = UserGroupInformation.getCurrentUser().getUserName();
-    cancelToken(t, user);
-  }
-
-  public synchronized long renewDelegationToken(String tokenStrForm) throws IOException {
-    Token<DelegationTokenIdentifier> t= new Token<DelegationTokenIdentifier>();
-    t.decodeFromUrlString(tokenStrForm);
-    String user = UserGroupInformation.getCurrentUser().getUserName();
-    return renewToken(t, user);
-  }
-
-  public synchronized String getDelegationToken(String renewer) throws IOException {
-    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
-    Text owner = new Text(ugi.getUserName());
-    Text realUser = null;
-    if (ugi.getRealUser() != null) {
-      realUser = new Text(ugi.getRealUser().getUserName());
-    }
-    DelegationTokenIdentifier ident =
-      new DelegationTokenIdentifier(owner, new Text(renewer), realUser);
-    Token<DelegationTokenIdentifier> t = new Token<DelegationTokenIdentifier>(
-        ident, this);
-    return t.encodeToUrlString();
-  }
-
-  public String getUserFromToken(String tokenStr) throws IOException {
-    Token<DelegationTokenIdentifier> delegationToken = new Token<DelegationTokenIdentifier>();
-    delegationToken.decodeFromUrlString(tokenStr);
-
-    ByteArrayInputStream buf = new ByteArrayInputStream(delegationToken.getIdentifier());
-    DataInputStream in = new DataInputStream(buf);
-    DelegationTokenIdentifier id = createIdentifier();
-    id.readFields(in);
-    return id.getUser().getShortUserName();
-  }
-}
-


Mime
View raw message