falcon git commit: FALCON-2025 Periodic revalidation of kerberos credentials should be done on loginUser

[balu]

Repository: falcon
Updated Branches:
  refs/heads/0.10 df6b53c83 -> 11ca2a0eb


FALCON-2025 Periodic revalidation of kerberos credentials should be done on 
loginUser

Author: bvellanki <bvella...@hortonworks.com>

Reviewers: "sandeepSamudrala <sandys...@gmail.com>, Praveen Adlakha 
<adlakha.prav...@gmail.com>, Sowmya Ramesh <sowmya...@apache.org>, Venkat 
Ranganathan <ven...@hortonworks.com>"

Closes #183 from bvellanki/FALCON-2025

(cherry picked from commit 00a07d561fdee4aba5be24cfe841c438b17a0e69)
Signed-off-by: bvellanki <bvella...@hortonworks.com>


Project: http://git-wip-us.apache.org/repos/asf/falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/falcon/commit/11ca2a0e
Tree: http://git-wip-us.apache.org/repos/asf/falcon/tree/11ca2a0e
Diff: http://git-wip-us.apache.org/repos/asf/falcon/diff/11ca2a0e

Branch: refs/heads/0.10
Commit: 11ca2a0eb51821a03bd31b192c89e36530fb0961
Parents: df6b53c
Author: bvellanki <bvella...@hortonworks.com>
Authored: Tue Jun 14 08:57:51 2016 -0700
Committer: bvellanki <bvella...@hortonworks.com>
Committed: Tue Jun 14 08:58:13 2016 -0700

----------------------------------------------------------------------
 .../apache/falcon/hadoop/HadoopClientFactory.java |  4 +++-
 .../AuthenticationInitializationService.java      | 18 ++++++++++++------
 2 files changed, 15 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/falcon/blob/11ca2a0e/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
----------------------------------------------------------------------
diff --git 
a/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java 
b/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
index d70c4b9..e30f51e 100644
--- a/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
+++ b/common/src/main/java/org/apache/falcon/hadoop/HadoopClientFactory.java
@@ -262,7 +262,9 @@ public final class HadoopClientFactory {
 
         try {
             if (UserGroupInformation.isSecurityEnabled()) {
-                ugi.checkTGTAndReloginFromKeytab();
+                LOG.debug("Revalidating Auth Token with auth method {}",
+                        
UserGroupInformation.getLoginUser().getAuthenticationMethod().name());
+                
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
             }
         } catch (IOException ioe) {
             throw new FalconException("Exception while getting FileSystem. 
Unable to check TGT for user "

http://git-wip-us.apache.org/repos/asf/falcon/blob/11ca2a0e/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
----------------------------------------------------------------------
diff --git 
a/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
 
b/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
index f7b2155..31be07a 100644
--- 
a/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
+++ 
b/common/src/main/java/org/apache/falcon/security/AuthenticationInitializationService.java
@@ -67,6 +67,7 @@ public class AuthenticationInitializationService implements 
FalconService {
 
     private Timer timer = new Timer();
     private static final String SERVICE_NAME = "Authentication initialization 
service";
+    private static final long DEFAULT_VALIDATE_FREQUENCY_SECS = 86300;
 
     @Override
     public String getName() {
@@ -83,8 +84,13 @@ public class AuthenticationInitializationService implements 
FalconService {
             String authTokenValidity = 
StartupProperties.get().getProperty(AUTH_TOKEN_VALIDITY_SECONDS);
             long validateFrequency;
             try {
+                // -100 so that revalidation is done before expiry.
                 validateFrequency = (StringUtils.isNotEmpty(authTokenValidity))
-                        ? Long.parseLong(authTokenValidity) : 86400;
+                        ? (Long.parseLong(authTokenValidity) - 100) : 
DEFAULT_VALIDATE_FREQUENCY_SECS;
+                if (validateFrequency < 0) {
+                    throw new NumberFormatException("Value provided for 
startup property \""
+                            + AUTH_TOKEN_VALIDITY_SECONDS + "\" should be 
greater than 100.");
+                }
             } catch (NumberFormatException nfe) {
                 throw new FalconException("Invalid value provided for startup 
property \""
                         + AUTH_TOKEN_VALIDITY_SECONDS + "\", please provide a 
valid long number", nfe);
@@ -149,12 +155,12 @@ public class AuthenticationInitializationService 
implements FalconService {
         @Override
         public void run() {
             try {
-                LOG.info("Validating Auth Token: {}", new Date());
-                initializeKerberos();
+                LOG.debug("Revalidating Auth Token at : {} with auth method 
{}", new Date(),
+                        
UserGroupInformation.getLoginUser().getAuthenticationMethod().name());
+                
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
             } catch (Throwable t) {
-                LOG.error("Error in Auth Token Validation task: ", t);
-                GenericAlert.initializeKerberosFailed(
-                        "Exception in Auth Token Validation : ", t);
+                LOG.error("Error in Auth Token revalidation task: ", t);
+                GenericAlert.initializeKerberosFailed("Exception in Auth Token 
revalidation : ", t);
             }
         }
     }