diff --git a/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java b/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java index 79800da..470ee6d 100644 --- a/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java +++ b/llap-client/src/java/org/apache/hadoop/hive/llap/tezplugins/helpers/LlapTaskUmbilicalServer.java @@ -21,10 +21,14 @@ import java.util.concurrent.atomic.AtomicBoolean; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeysPublic; import org.apache.hadoop.hive.llap.protocol.LlapTaskUmbilicalProtocol; import org.apache.hadoop.ipc.RPC; import org.apache.hadoop.ipc.Server; +import org.apache.hadoop.mapreduce.MRJobConfig; import org.apache.hadoop.net.NetUtils; +import org.apache.hadoop.security.authorize.PolicyProvider; +import org.apache.hadoop.security.authorize.Service; import org.apache.hadoop.security.token.Token; import org.apache.tez.common.security.JobTokenIdentifier; import org.apache.tez.common.security.JobTokenSecretManager; @@ -53,6 +57,10 @@ public LlapTaskUmbilicalServer(Configuration conf, LlapTaskUmbilicalProtocol umb .setNumHandlers(numHandlers) .setSecretManager(jobTokenSecretManager).build(); + if (conf.getBoolean(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHORIZATION, false)) { + server.refreshServiceAcl(conf, new LlapUmbilicalExternalPolicyProvider()); + } + server.start(); this.address = NetUtils.getConnectAddress(server); LOG.info( @@ -70,4 +78,18 @@ public void shutdownServer() { server.stop(); } } + + public static class LlapUmbilicalExternalPolicyProvider extends PolicyProvider { + + private static final Service[] services = { + new Service( + MRJobConfig.MR_AM_SECURITY_SERVICE_AUTHORIZATION_TASK_UMBILICAL, + LlapTaskUmbilicalProtocol.class) + }; + + @Override + public Service[] getServices() { + return services.clone(); + } + } }