Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11181

o.a.h.security.token.delegation.DelegationTokenManager should be more generalized to handle other DelegationTokenIdentifier

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      While DelegationTokenManager can set external secretManager, it have the assumption that the token is going to be o.a.h.security.token.delegation.DelegationTokenIdentifier, and use DelegationTokenIdentifier method to decode a token.

        @SuppressWarnings("unchecked")
        public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier>
            token) throws IOException {
          ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
          DataInputStream dis = new DataInputStream(buf);
          DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind);
          id.readFields(dis);
          dis.close();
          secretManager.verifyToken(id, token.getPassword());
          return id.getUser();
        }
      

      It's not going to work it the token kind is other than web.DelegationTokenIdentifier. For example, RM want to reuse it but hook it to RMDelegationTokenSecretManager and RMDelegationTokenIdentifier, which has the customized way to decode a token.

        Attachments

        1. HADOOP-11181.5.patch
          22 kB
          Zhijie Shen
        2. HADOOP-11181.4.patch
          21 kB
          Zhijie Shen
        3. HADOOP-11181.3.patch
          21 kB
          Zhijie Shen
        4. HADOOP-11181.2.patch
          18 kB
          Zhijie Shen
        5. HADOOP-11181.1.patch
          17 kB
          Zhijie Shen

          Issue Links

            Activity

              People

              • Assignee:
                zjshen Zhijie Shen
                Reporter:
                zjshen Zhijie Shen
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: