incubator-hcatalog-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ga...@apache.org
Subject svn commit: r1433688 - in /incubator/hcatalog/trunk: ./ src/docs/src/documentation/content/xdocs/ webhcat/svr/src/main/java/org/apache/hadoop/mapred/ webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ webhcat/svr/src/main/java/org/apache/hcatalog...
Date Tue, 15 Jan 2013 22:05:39 GMT
Author: gates
Date: Tue Jan 15 22:05:38 2013
New Revision: 1433688

URL: http://svn.apache.org/viewvc?rev=1433688&view=rev
Log:
HCATALOG-509 Webhcat security work

Modified:
    incubator/hcatalog/trunk/CHANGES.txt
    incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
    incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java

Modified: incubator/hcatalog/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/CHANGES.txt?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/CHANGES.txt (original)
+++ incubator/hcatalog/trunk/CHANGES.txt Tue Jan 15 22:05:38 2013
@@ -24,6 +24,8 @@ Trunk (unreleased changes)
   NEW FEATURES
   HCAT-546 Rework HCatalog's JMS Notifications (mithunr via gates) 
 
+  HCAT-509 Webhcat security work (thejas via gates)
+
   IMPROVEMENTS
 
   OPTIMIZATIONS

Modified: incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml (original)
+++ incubator/hcatalog/trunk/src/docs/src/documentation/content/xdocs/configuration.xml Tue
Jan 15 22:05:38 2013
@@ -158,7 +158,10 @@ ${env.PIG_HOME}/bin/pig
 <code>hive.metastore.local=false,
 hive.metastore.uris=thrift://localhost:9933,
 hive.metastore.sasl.enabled=false</code></td>
-    <td>Properties to set when running hive.</td>
+    <td>Properties to set when running hive. To use it in a cluster with 
+kerberos security enabled set hive.metastore.sasl.enabled=false and add hive.metastore.execute.setugi=true
+Using localhost in metastore uri does not work with kerberos security.
+</td>
   </tr>
 
   <tr>

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hadoop/mapred/TempletonJobTracker.java
Tue Jan 15 22:05:38 2013
@@ -20,6 +20,7 @@ package org.apache.hadoop.mapred;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
+import java.security.PrivilegedExceptionAction;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.ipc.RPC;
@@ -30,23 +31,29 @@ import org.apache.hadoop.security.UserGr
  * Communicate with the JobTracker as a specific user.
  */
 public class TempletonJobTracker {
-    private JobSubmissionProtocol cnx;
+    private final JobSubmissionProtocol cnx;
 
     /**
      * Create a connection to the Job Tracker.
      */
-    public TempletonJobTracker(UserGroupInformation ugi,
-                               InetSocketAddress addr,
-                               Configuration conf)
-        throws IOException {
-        cnx = (JobSubmissionProtocol)
-            RPC.getProxy(JobSubmissionProtocol.class,
-                JobSubmissionProtocol.versionID,
-                addr,
-                ugi,
-                conf,
-                NetUtils.getSocketFactory(conf,
-                    JobSubmissionProtocol.class));
+    public TempletonJobTracker(final InetSocketAddress addr,
+                               final Configuration conf)
+        throws IOException, InterruptedException {
+
+        UserGroupInformation ugi = UserGroupInformation.getLoginUser();
+        cnx = 
+            ugi.doAs(new PrivilegedExceptionAction<JobSubmissionProtocol>() {
+                    public JobSubmissionProtocol run ()
+                        throws IOException, InterruptedException {
+                        return (JobSubmissionProtocol)
+                            RPC.getProxy(JobSubmissionProtocol.class,
+                                        JobSubmissionProtocol.versionID,
+                                        addr,
+                                        conf,
+                                        NetUtils.getSocketFactory(conf,
+                                                JobSubmissionProtocol.class));
+                    }
+                });
     }
 
     /**

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/AppConfig.java
Tue Jan 15 22:05:38 2013
@@ -62,7 +62,7 @@ import org.apache.hcatalog.templeton.too
  */
 public class AppConfig extends Configuration {
     public static final String[] HADOOP_CONF_FILENAMES = {
-        "core-default.xml", "core-site.xml", "mapred-default.xml", "mapred-site.xml"
+        "core-default.xml", "core-site.xml", "mapred-default.xml", "mapred-site.xml", "hdfs-site.xml"
     };
 
     public static final String[] HADOOP_PREFIX_VARS = {

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/DeleteDelegator.java
Tue Jan 15 22:05:38 2013
@@ -34,14 +34,13 @@ public class DeleteDelegator extends Tem
     }
 
     public QueueStatusBean run(String user, String id)
-        throws NotAuthorizedException, BadParam, IOException
+        throws NotAuthorizedException, BadParam, IOException, InterruptedException
     {
         UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
         TempletonJobTracker tracker = null;
         JobState state = null;
         try {
-            tracker = new TempletonJobTracker(ugi,
-                                              JobTracker.getAddress(appConf),
+            tracker = new TempletonJobTracker(JobTracker.getAddress(appConf),
                                               appConf);
             JobID jobid = StatusDelegator.StringToJobID(id);
             if (jobid == null)

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/HiveDelegator.java
Tue Jan 15 22:05:38 2013
@@ -23,7 +23,9 @@ import java.io.IOException;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.List;
+
 import org.apache.commons.exec.ExecuteException;
+import org.apache.hcatalog.templeton.tool.TempletonControllerJob;
 import org.apache.hcatalog.templeton.tool.TempletonUtils;
 
 /**
@@ -59,8 +61,14 @@ public class HiveDelegator extends Launc
             args.addAll(makeBasicArgs(execute, srcFile, statusdir, completedUrl));
             args.add("--");
             args.add(appConf.hivePath());
+            
             args.add("--service");
             args.add("cli");
+
+            //the token file location as initial hiveconf arg
+            args.add("--hiveconf");
+            args.add(TempletonControllerJob.TOKEN_FILE_ARG_PLACEHOLDER);
+
             for (String prop : appConf.getStrings(AppConfig.HIVE_PROPS_NAME)) {
                 args.add("--hiveconf");
                 args.add(prop);

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/JarDelegator.java
Tue Jan 15 22:05:38 2013
@@ -25,6 +25,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.commons.exec.ExecuteException;
+import org.apache.hcatalog.templeton.tool.TempletonControllerJob;
 import org.apache.hcatalog.templeton.tool.TempletonUtils;
 
 /**
@@ -79,7 +80,9 @@ public class JarDelegator extends Launch
                 args.add(TempletonUtils.hadoopFsListAsString(files, appConf,
                     runAs));
             }
-
+            //the token file location comes after mainClass, as a -Dprop=val
+            args.add("-D" + TempletonControllerJob.TOKEN_FILE_ARG_PLACEHOLDER);
+            
             for (String d : defines)
                 args.add("-D" + d);
 

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/ListDelegator.java
Tue Jan 15 22:05:38 2013
@@ -37,13 +37,13 @@ public class ListDelegator extends Templ
     }
 
     public List<String> run(String user)
-        throws NotAuthorizedException, BadParam, IOException {
+        throws NotAuthorizedException, BadParam, IOException, InterruptedException {
+        
         UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
         TempletonJobTracker tracker = null;
         try {
-            tracker = new TempletonJobTracker(ugi,
-                JobTracker.getAddress(appConf),
-                appConf);
+            tracker = new TempletonJobTracker(JobTracker.getAddress(appConf),
+                    appConf);
 
             ArrayList<String> ids = new ArrayList<String>();
 

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Main.java
Tue Jan 15 22:05:38 2013
@@ -147,12 +147,33 @@ public class Main {
         ServletContextHandler root = new ServletContextHandler(server, "/");
 
         // Add the Auth filter
-        root.addFilter(makeAuthFilter(), "/*", FilterMapping.REQUEST);
+        FilterHolder fHolder = makeAuthFilter();
+
+        /* 
+         * We add filters for each of the URIs supported by templeton.
+         * If we added the entire sub-structure using '/*', the mapreduce 
+         * notification cannot give the callback to templeton in secure mode.
+         * This is because mapreduce does not use secure credentials for 
+         * callbacks. So jetty would fail the request as unauthorized.
+         */ 
+        root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/ddl/*", 
+                       FilterMapping.REQUEST);
+        root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/pig/*", 
+                       FilterMapping.REQUEST);
+        root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/hive/*", 
+                       FilterMapping.REQUEST);
+        root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/queue/*", 
+                       FilterMapping.REQUEST);
+        root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/mapreduce/*", 
+                       FilterMapping.REQUEST);
+        root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/status/*", 
+                       FilterMapping.REQUEST);
+        root.addFilter(fHolder, "/" + SERVLET_PATH + "/v1/version/*", 
+                       FilterMapping.REQUEST);
 
         // Connect Jersey
         ServletHolder h = new ServletHolder(new ServletContainer(makeJerseyConfig()));
         root.addServlet(h, "/" + SERVLET_PATH + "/*");
-
         // Add any redirects
         addRedirects(server);
 

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/PigDelegator.java
Tue Jan 15 22:05:38 2013
@@ -26,6 +26,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import org.apache.commons.exec.ExecuteException;
+import org.apache.hcatalog.templeton.tool.TempletonControllerJob;
 import org.apache.hcatalog.templeton.tool.TempletonUtils;
 
 /**
@@ -73,6 +74,9 @@ public class PigDelegator extends Launch
 
             args.add("--");
             args.add(appConf.pigPath());
+            //the token file location should be first argument of pig
+            args.add("-D" + TempletonControllerJob.TOKEN_FILE_ARG_PLACEHOLDER);
+            
             args.addAll(pigArgs);
             if (TempletonUtils.isset(execute)) {
                 args.add("-execute");

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/Server.java
Tue Jan 15 22:05:38 2013
@@ -679,7 +679,8 @@ public class Server {
     @Path("queue/{jobid}")
     @Produces({MediaType.APPLICATION_JSON})
     public QueueStatusBean showQueueId(@PathParam("jobid") String jobid)
-        throws NotAuthorizedException, BadParam, IOException {
+        throws NotAuthorizedException, BadParam, IOException, InterruptedException {
+        
         verifyUser();
         verifyParam(jobid, ":jobid");
 
@@ -694,7 +695,8 @@ public class Server {
     @Path("queue/{jobid}")
     @Produces({MediaType.APPLICATION_JSON})
     public QueueStatusBean deleteQueueId(@PathParam("jobid") String jobid)
-        throws NotAuthorizedException, BadParam, IOException {
+        throws NotAuthorizedException, BadParam, IOException, InterruptedException {
+        
         verifyUser();
         verifyParam(jobid, ":jobid");
 
@@ -709,7 +711,8 @@ public class Server {
     @Path("queue")
     @Produces({MediaType.APPLICATION_JSON})
     public List<String> showQueueList()
-        throws NotAuthorizedException, BadParam, IOException {
+        throws NotAuthorizedException, BadParam, IOException, InterruptedException {
+        
         verifyUser();
 
         ListDelegator d = new ListDelegator(appConf);

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/StatusDelegator.java
Tue Jan 15 22:05:38 2013
@@ -27,7 +27,6 @@ import org.apache.hadoop.mapred.JobProfi
 import org.apache.hadoop.mapred.JobStatus;
 import org.apache.hadoop.mapred.JobTracker;
 import org.apache.hadoop.mapred.TempletonJobTracker;
-import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hcatalog.templeton.tool.JobState;
 
 /**
@@ -41,14 +40,13 @@ public class StatusDelegator extends Tem
     }
 
     public QueueStatusBean run(String user, String id)
-        throws NotAuthorizedException, BadParam, IOException {
-        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
+        throws NotAuthorizedException, BadParam, IOException, InterruptedException
+    {
         TempletonJobTracker tracker = null;
         JobState state = null;
         try {
-            tracker = new TempletonJobTracker(ugi,
-                JobTracker.getAddress(appConf),
-                appConf);
+            tracker = new TempletonJobTracker(JobTracker.getAddress(appConf),
+                                              appConf);
             JobID jobid = StatusDelegator.StringToJobID(id);
             if (jobid == null)
                 throw new BadParam("Invalid jobid: " + id);

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonControllerJob.java
Tue Jan 15 22:05:38 2013
@@ -26,6 +26,7 @@ import java.io.OutputStream;
 import java.io.PrintWriter;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -48,11 +49,11 @@ import org.apache.hadoop.mapreduce.Job;
 import org.apache.hadoop.mapreduce.JobID;
 import org.apache.hadoop.mapreduce.Mapper;
 import org.apache.hadoop.mapreduce.lib.output.NullOutputFormat;
+import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.util.Tool;
 import org.apache.hadoop.util.ToolRunner;
-import org.apache.hadoop.mapreduce.security.token.delegation.DelegationTokenIdentifier;
 
 /**
  * A Map Reduce job that will start another job.
@@ -70,7 +71,6 @@ public class TempletonControllerJob exte
     static enum ControllerCounters {SIMPLE_COUNTER}
 
     ;
-
     public static final String COPY_NAME = "templeton.copy";
     public static final String STATUSDIR_NAME = "templeton.statusdir";
     public static final String JAR_ARGS_NAME = "templeton.args";
@@ -82,7 +82,11 @@ public class TempletonControllerJob exte
 
     public static final int WATCHER_TIMEOUT_SECS = 10;
     public static final int KEEP_ALIVE_MSEC = 60 * 1000;
-
+    
+    public static final String TOKEN_FILE_ARG_PLACEHOLDER 
+        = "__WEBHCAT_TOKEN_FILE_LOCATION__";
+    
+    
     private static TrivialExecService execService = TrivialExecService.getInstance();
 
     private static final Log LOG = LogFactory.getLog(TempletonControllerJob.class);
@@ -104,8 +108,26 @@ public class TempletonControllerJob exte
                 overrideClasspath);
             List<String> jarArgsList = new LinkedList<String>(Arrays.asList(jarArgs));
             String tokenFile = System.getenv("HADOOP_TOKEN_FILE_LOCATION");
+
+
             if (tokenFile != null) {
-                jarArgsList.add(1, "-Dmapreduce.job.credentials.binary=" + tokenFile);
+                //Token is available, so replace the placeholder
+                String tokenArg = "mapreduce.job.credentials.binary=" + tokenFile;
+                for(int i=0; i<jarArgsList.size(); i++){
+                    String newArg = 
+                        jarArgsList.get(i).replace(TOKEN_FILE_ARG_PLACEHOLDER, tokenArg);
+                    jarArgsList.set(i, newArg);
+                }
+                
+            }else{
+                //No token, so remove the placeholder arg
+                Iterator<String> it = jarArgsList.iterator();
+                while(it.hasNext()){
+                    String arg = it.next();
+                    if(arg.contains(TOKEN_FILE_ARG_PLACEHOLDER)){
+                        it.remove();
+                    }
+                }
             }
             return execService.run(jarArgsList, removeEnv, env);
         }

Modified: incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java
URL: http://svn.apache.org/viewvc/incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java?rev=1433688&r1=1433687&r2=1433688&view=diff
==============================================================================
--- incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java
(original)
+++ incubator/hcatalog/trunk/webhcat/svr/src/main/java/org/apache/hcatalog/templeton/tool/TempletonUtils.java
Tue Jan 15 22:05:38 2013
@@ -25,6 +25,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.net.URLConnection;
+import java.security.PrivilegedExceptionAction;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
@@ -35,6 +36,7 @@ import java.util.regex.Pattern;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.util.StringUtils;
 
 /**
@@ -214,12 +216,24 @@ public class TempletonUtils {
         if (fname == null || conf == null) {
             return null;
         }
-        FileSystem defaultFs = FileSystem.get(new URI(fname), conf, user);
+
+        final Configuration fConf = new Configuration(conf);
+        final String finalFName = new String(fname);
+
+        UserGroupInformation ugi = UserGroupInformation.getLoginUser();
+        final FileSystem defaultFs = 
+                ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
+                    public FileSystem run() 
+                        throws URISyntaxException, FileNotFoundException, IOException,
+                            InterruptedException {
+                        return FileSystem.get(new URI(finalFName), fConf);
+                    }
+                });
+
         URI u = new URI(fname);
         Path p = new Path(u).makeQualified(defaultFs);
 
-        FileSystem fs = p.getFileSystem(conf);
-        if (hadoopFsIsMissing(fs, p))
+        if (hadoopFsIsMissing(defaultFs, p))
             throw new FileNotFoundException("File " + fname + " does not exist.");
 
         return p;



Mime
View raw message