commit 9b82c93ce0ac28249baba46e92c9aad8d9559efa Author: Vihang Karajgaonkar Date: Wed Nov 22 20:13:50 2017 -0800 HIVE-16708 : Exception while renewing a Delegation Token diff --git a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java index 1ab698f97fd7e4b6e6b2870c75c2028fd9b9f75d..eb8f1c91f034e0706185e66e8ec16022279f7fea 100644 --- a/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java +++ b/itests/hive-minikdc/src/test/java/org/apache/hive/minikdc/TestJdbcWithMiniKdc.java @@ -175,6 +175,22 @@ public void testTokenAuth() throws Exception { } @Test + public void testRenewDelegationToken() throws Exception { + UserGroupInformation currentUGI = miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER); + hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL()); + String currentUser = currentUGI.getUserName(); + // retrieve token and store in the cache + String token = ((HiveConnection) hs2Conn) + .getDelegationToken(MiniHiveKdc.HIVE_TEST_USER_1, + miniHiveKdc.getFullyQualifiedServicePrincipal(MiniHiveKdc.HIVE_TEST_SUPER_USER)); + assertTrue(token != null && !token.isEmpty()); + + ((HiveConnection) hs2Conn).renewDelegationToken(token); + + hs2Conn.close(); + } + + @Test public void testCancelRenewTokenFlow() throws Exception { miniHiveKdc.loginUser(MiniHiveKdc.HIVE_TEST_SUPER_USER); hs2Conn = DriverManager.getConnection(miniHS2.getJdbcURL()); diff --git a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java index a719f06ec2ee5b9bd98145dc32f9f4e0c43f83a1..af88107baa89cb689623e86ba4bd0f0d703aa243 100644 --- a/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java +++ b/standalone-metastore/src/main/java/org/apache/hadoop/hive/metastore/security/DelegationTokenSecretManager.java @@ -93,7 +93,13 @@ public synchronized void cancelDelegationToken(String tokenStrForm) throws IOExc public synchronized long renewDelegationToken(String tokenStrForm) throws IOException { Token t= new Token<>(); t.decodeFromUrlString(tokenStrForm); - String user = UserGroupInformation.getCurrentUser().getUserName(); + //when a token is created the renewer of the token is stored + //as shortName in AbstractDelegationTokenIdentifier.setRenewer() + //this seems like an inconsistency because while cancelling the token + //it uses the shortname to compare the renewer while it does not use + //shortname during token renewal. Use getShortUserName() until its fixed + //in HADOOP-15068 + String user = UserGroupInformation.getCurrentUser().getShortUserName(); return renewToken(t, user); }