MAPREDUCE-5884. History server uses short user name when canceling tokens. Contributed by Mohammad Kamrul Islam
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1593422 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
47f03bc9fe
commit
e2c18809d3
@ -213,6 +213,9 @@ Release 2.5.0 - UNRELEASED
|
||||
MAPREDUCE-5749. TestRMContainerAllocator#testReportedAppProgress Failed
|
||||
(jlowe)
|
||||
|
||||
MAPREDUCE-5884. History server uses short user name when canceling tokens
|
||||
(Mohammad Kamrul Islam via jlowe)
|
||||
|
||||
Release 2.4.1 - UNRELEASED
|
||||
|
||||
INCOMPATIBLE CHANGES
|
||||
|
@ -396,7 +396,7 @@ public CancelDelegationTokenResponse cancelDelegationToken(
|
||||
.array(), new Text(protoToken.getKind()), new Text(
|
||||
protoToken.getService()));
|
||||
|
||||
String user = UserGroupInformation.getCurrentUser().getShortUserName();
|
||||
String user = UserGroupInformation.getCurrentUser().getUserName();
|
||||
jhsDTSecretManager.cancelToken(token, user);
|
||||
return Records.newRecord(CancelDelegationTokenResponse.class);
|
||||
}
|
||||
|
@ -30,6 +30,8 @@
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.io.Text;
|
||||
import org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier;
|
||||
import org.apache.hadoop.security.AccessControlException;
|
||||
import org.apache.hadoop.security.authentication.util.KerberosName;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.security.token.delegation.DelegationKey;
|
||||
import org.junit.Test;
|
||||
@ -87,6 +89,24 @@ public void testRecovery() throws IOException {
|
||||
assertEquals("sequence number restore", tokenId2.getSequenceNumber() + 1,
|
||||
tokenId3.getSequenceNumber());
|
||||
mgr.cancelToken(token1, "tokenOwner");
|
||||
|
||||
// Testing with full principal name
|
||||
MRDelegationTokenIdentifier tokenIdFull = new MRDelegationTokenIdentifier(
|
||||
new Text("tokenOwner/localhost@LOCALHOST"), new Text("tokenRenewer"),
|
||||
new Text("tokenUser"));
|
||||
KerberosName.setRules("RULE:[1:$1]\nRULE:[2:$1]");
|
||||
Token<MRDelegationTokenIdentifier> tokenFull = new Token<MRDelegationTokenIdentifier>(
|
||||
tokenIdFull, mgr);
|
||||
// Negative test
|
||||
try {
|
||||
mgr.cancelToken(tokenFull, "tokenOwner");
|
||||
} catch (AccessControlException ace) {
|
||||
assertTrue(ace.getMessage().contains(
|
||||
"is not authorized to cancel the token"));
|
||||
}
|
||||
// Succeed to cancel with full principal
|
||||
mgr.cancelToken(tokenFull, tokenIdFull.getOwner().toString());
|
||||
|
||||
long tokenRenewDate3 = mgr.getAllTokens().get(tokenId3).getRenewDate();
|
||||
mgr.stopThreads();
|
||||
|
||||
|
@ -198,6 +198,11 @@ protected void initializeWebApp(Configuration conf) {
|
||||
fail("Unexpected exception" + e);
|
||||
}
|
||||
cancelDelegationToken(loggedInUser, hsService, token);
|
||||
|
||||
// Testing the token with different renewer to cancel the token
|
||||
Token tokenWithDifferentRenewer = getDelegationToken(loggedInUser,
|
||||
hsService, "yarn");
|
||||
cancelDelegationToken(loggedInUser, hsService, tokenWithDifferentRenewer);
|
||||
if (clientUsingDT != null) {
|
||||
// RPC.stopProxy(clientUsingDT);
|
||||
clientUsingDT = null;
|
||||
|
Loading…
Reference in New Issue
Block a user