[HADOOP-11181] o.a.h.security.token.delegation.DelegationTokenManager should be more generalized to handle other DelegationTokenIdentifier - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.0
Component/s: security
Labels:
None

Target Version/s:

2.6.0
Hadoop Flags:

Reviewed

Description

While DelegationTokenManager can set external secretManager, it have the assumption that the token is going to be o.a.h.security.token.delegation.DelegationTokenIdentifier, and use DelegationTokenIdentifier method to decode a token.

  @SuppressWarnings("unchecked")
  public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier>
      token) throws IOException {
    ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
    DataInputStream dis = new DataInputStream(buf);
    DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind);
    id.readFields(dis);
    dis.close();
    secretManager.verifyToken(id, token.getPassword());
    return id.getUser();
  }

It's not going to work it the token kind is other than web.DelegationTokenIdentifier. For example, RM want to reuse it but hook it to RMDelegationTokenSecretManager and RMDelegationTokenIdentifier, which has the customized way to decode a token.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11181.1.patch
10/Oct/14 03:52
17 kB
Zhijie Shen
HADOOP-11181.2.patch
13/Oct/14 22:04
18 kB
Zhijie Shen
HADOOP-11181.3.patch
13/Oct/14 23:18
21 kB
Zhijie Shen
HADOOP-11181.4.patch
14/Oct/14 03:24
21 kB
Zhijie Shen
HADOOP-11181.5.patch
14/Oct/14 04:39
22 kB
Zhijie Shen

Issue Links

blocks

YARN-2656 RM web services authentication filter should add support for proxy user

Closed

Activity

People

Assignee:: Zhijie Shen

Reporter:: Zhijie Shen

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 09/Oct/14 07:34

Updated:: 01/Dec/14 03:08

Resolved:: 14/Oct/14 18:40