diff --git a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java index 32a476173c..4c7119f112 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java +++ b/jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java @@ -760,29 +760,21 @@ SSLConnectionSocketFactory getTwoWaySSLSocketFactory() throws SQLException { } // Lookup the delegation token. First in the connection URL, then Configuration - private String getClientDelegationToken(Map jdbcConnConf) - throws SQLException { + private String getClientDelegationToken(Map jdbcConnConf) throws SQLException { String tokenStr = null; - if (JdbcConnectionParams.AUTH_TOKEN.equalsIgnoreCase(jdbcConnConf.get(JdbcConnectionParams.AUTH_TYPE))) { - // check delegation token in job conf if any + if (!JdbcConnectionParams.AUTH_TOKEN.equalsIgnoreCase(jdbcConnConf.get(JdbcConnectionParams.AUTH_TYPE))) { + return null; + } + DelegationTokenFetcher fetcher = new DelegationTokenFetcher(); + try { + tokenStr = fetcher.getTokenStringFromFile(); + } catch (IOException e) { + LOG.warn("Cannot get token from environment variable $HADOOP_TOKEN_FILE_LOCATION=" + + System.getenv(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION)); + } + if (tokenStr == null) { try { - if (System.getenv(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION) != null) { - try { - Credentials cred = new Credentials(); - DataInputStream dis = new DataInputStream(new FileInputStream(System.getenv(UserGroupInformation - .HADOOP_TOKEN_FILE_LOCATION))); - cred.readTokenStorageStream(dis); - dis.close(); - Token token = cred.getToken(new Text("hive")); - tokenStr = token.encodeToUrlString(); - } catch (IOException e) { - LOG.warn("Cannot get token from environment variable $HADOOP_TOKEN_FILE_LOCATION=" + - System.getenv(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION)); - } - } - if (tokenStr == null) { - tokenStr = SessionUtils.getTokenStrForm(HiveAuthConstants.HS2_CLIENT_TOKEN); - } + return fetcher.getTokenFromSession(); } catch (IOException e) { throw new SQLException("Error reading token ", e); } @@ -790,6 +782,34 @@ private String getClientDelegationToken(Map jdbcConnConf) return tokenStr; } + static class DelegationTokenFetcher { + String getTokenStringFromFile() throws IOException { + if (System.getenv(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION) == null) { + return null; + } + Credentials cred = new Credentials(); + try (DataInputStream dis = new DataInputStream(new FileInputStream(System.getenv(UserGroupInformation + .HADOOP_TOKEN_FILE_LOCATION)))) { + cred.readTokenStorageStream(dis); + } + return getTokenFromCredential(cred, "hive"); + } + + String getTokenFromCredential(Credentials cred, String key) throws IOException { + Token token = cred.getToken(new Text(key)); + if (token == null) { + LOG.warn("Delegation token with key: [hive] cannot be found."); + return null; + } + return token.encodeToUrlString(); + } + + String getTokenFromSession() throws IOException { + LOG.debug("Fetching delegation token from session."); + return SessionUtils.getTokenStrForm(HiveAuthConstants.HS2_CLIENT_TOKEN); + } + } + private void openSession() throws SQLException { TOpenSessionReq openReq = new TOpenSessionReq(); diff --git a/jdbc/src/test/org/apache/hive/jdbc/TestHiveConnection.java b/jdbc/src/test/org/apache/hive/jdbc/TestHiveConnection.java new file mode 100644 index 0000000000..a3327cf566 --- /dev/null +++ b/jdbc/src/test/org/apache/hive/jdbc/TestHiveConnection.java @@ -0,0 +1,42 @@ +package org.apache.hive.jdbc; + +import org.apache.hadoop.io.Text; +import org.apache.hadoop.security.Credentials; +import org.apache.hadoop.security.token.Token; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +import java.io.IOException; + +public class TestHiveConnection { + + private static final String EXISTING_TOKEN = "ExistingToken"; + public static final String EXPECTED_TOKEN_STRING_FORM = "AAAAAA"; + private static HiveConnection.DelegationTokenFetcher fetcher; + + @BeforeClass + public static void init() { + fetcher = new HiveConnection.DelegationTokenFetcher(); + } + + @Test + public void testIfNPEThrownWhileGettingDelegationToken() throws IOException { + try { + String tokenStr = fetcher.getTokenFromCredential(new Credentials(), "hive"); + Assert.assertEquals("Token with id: hive shall not be found.",null, tokenStr); + } catch (NullPointerException e) { + Assert.fail("This NPE is not handled in the code elsewhere so user is not notified about it!"); + e.printStackTrace(); + } + } + + @Test + public void testIfGettingDelegationTokenFromCredentialWorks() throws IOException { + Credentials creds = new Credentials(); + creds.addToken(new Text(EXISTING_TOKEN), new Token<>()); + + String tokenStr = fetcher.getTokenFromCredential(creds, EXISTING_TOKEN); + Assert.assertEquals("Token string form is not as expected.", EXPECTED_TOKEN_STRING_FORM, tokenStr); + } +}