diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java index af68492..f965216 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/client/api/impl/TimelineClientImpl.java @@ -47,6 +47,7 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.SecurityUtil; +import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.ConnectionConfigurator; import org.apache.hadoop.security.ssl.SSLFactory; import org.apache.hadoop.security.token.Token; @@ -108,7 +109,9 @@ private DelegationTokenAuthenticator authenticator; private DelegationTokenAuthenticatedURL.Token token; private URI resURI; - + private UserGroupInformation authUgi; + private String doAsUser; + @Private @VisibleForTesting TimelineClientConnectionRetry connectionRetry; @@ -252,6 +255,15 @@ public TimelineClientImpl() { } protected void serviceInit(Configuration conf) throws Exception { + UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); + UserGroupInformation realUgi = ugi.getRealUser(); + if (realUgi != null) { + authUgi = realUgi; + doAsUser = ugi.getShortUserName(); + } else { + authUgi = ugi; + doAsUser = null; + } ClientConfig cc = new DefaultClientConfig(); cc.getClasses().add(YarnJacksonJaxbJsonProvider.class); connConfigurator = newConnConfigurator(conf); @@ -301,16 +313,24 @@ public void putDomain(TimelineDomain domain) throws IOException, doPosting(domain, "domain"); } - private ClientResponse doPosting(Object obj, String path) throws IOException, YarnException { + private ClientResponse doPosting(final Object obj, final String path) + throws IOException, YarnException { ClientResponse resp; try { - resp = doPostingObject(obj, path); + resp = authUgi.doAs(new PrivilegedExceptionAction() { + @Override + public ClientResponse run() throws Exception { + return doPostingObject(obj, path); + } + }); } catch (RuntimeException re) { // runtime exception is expected if the client cannot connect the server String msg = "Failed to get the response from the timeline server."; LOG.error(msg, re); throw re; + } catch (InterruptedException ie) { + throw new IOException(ie); } if (resp == null || resp.getClientResponseStatus() != ClientResponse.Status.OK) { @@ -331,11 +351,6 @@ private ClientResponse doPosting(Object obj, String path) throws IOException, Ya @Override public Token getDelegationToken( final String renewer) throws IOException, YarnException { - boolean isProxyAccess = - UserGroupInformation.getCurrentUser().getAuthenticationMethod() - == UserGroupInformation.AuthenticationMethod.PROXY; - final String doAsUser = isProxyAccess ? - UserGroupInformation.getCurrentUser().getShortUserName() : null; PrivilegedExceptionAction> getDTAction = new PrivilegedExceptionAction>() { @@ -357,11 +372,6 @@ private ClientResponse doPosting(Object obj, String path) throws IOException, Ya public long renewDelegationToken( final Token timelineDT) throws IOException, YarnException { - boolean isProxyAccess = - UserGroupInformation.getCurrentUser().getAuthenticationMethod() - == UserGroupInformation.AuthenticationMethod.PROXY; - final String doAsUser = isProxyAccess ? - UserGroupInformation.getCurrentUser().getShortUserName() : null; boolean useHttps = YarnConfiguration.useHttps(this.getConfig()); final String scheme = useHttps ? "https" : "http"; final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT); @@ -393,11 +403,6 @@ public Long run() throws Exception { public void cancelDelegationToken( final Token timelineDT) throws IOException, YarnException { - boolean isProxyAccess = - UserGroupInformation.getCurrentUser().getAuthenticationMethod() - == UserGroupInformation.AuthenticationMethod.PROXY; - final String doAsUser = isProxyAccess ? - UserGroupInformation.getCurrentUser().getShortUserName() : null; boolean useHttps = YarnConfiguration.useHttps(this.getConfig()); final String scheme = useHttps ? "https" : "http"; final InetSocketAddress address = SecurityUtil.getTokenServiceAddr(timelineDT); @@ -433,14 +438,8 @@ private Object operateDelegationToken( @Override public Object run() throws IOException { // Try pass the request, if fail, keep retrying - boolean isProxyAccess = - UserGroupInformation.getCurrentUser().getAuthenticationMethod() - == UserGroupInformation.AuthenticationMethod.PROXY; - UserGroupInformation callerUGI = isProxyAccess ? - UserGroupInformation.getCurrentUser().getRealUser() - : UserGroupInformation.getCurrentUser(); try { - return callerUGI.doAs(action); + return authUgi.doAs(action); } catch (UndeclaredThrowableException e) { throw new IOException(e.getCause()); } catch (InterruptedException e) { @@ -480,30 +479,16 @@ public ClientResponse doPostingObject(Object object, String path) { @Override public HttpURLConnection getHttpURLConnection(final URL url) throws IOException { - boolean isProxyAccess = - UserGroupInformation.getCurrentUser().getAuthenticationMethod() - == UserGroupInformation.AuthenticationMethod.PROXY; - UserGroupInformation callerUGI = isProxyAccess ? - UserGroupInformation.getCurrentUser().getRealUser() - : UserGroupInformation.getCurrentUser(); - final String doAsUser = isProxyAccess ? - UserGroupInformation.getCurrentUser().getShortUserName() : null; try { - return callerUGI.doAs(new PrivilegedExceptionAction() { - @Override - public HttpURLConnection run() throws Exception { - return new DelegationTokenAuthenticatedURL( - authenticator, connConfigurator).openConnection(url, token, + return new DelegationTokenAuthenticatedURL( + authenticator, connConfigurator).openConnection(url, token, doAsUser); - } - }); } catch (UndeclaredThrowableException e) { throw new IOException(e.getCause()); - } catch (InterruptedException e) { - throw new IOException(e); + } catch (AuthenticationException ae) { + throw new IOException(ae); } } - } private static ConnectionConfigurator newConnConfigurator(Configuration conf) {