Repository: storm Updated Branches: refs/heads/master d3a74eec5 -> 1c7361982
STORM-2906 Pick HBase delegation token properly while handling HBase auth via delegation token Project: http://git-wip-us.apache.org/repos/asf/storm/repo Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/d291f39c Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/d291f39c Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/d291f39c Branch: refs/heads/master Commit: d291f39c9aa6e29184a2712797e956b42cae3293 Parents: e6a423d Author: Jungtaek Lim <[email protected]> Authored: Tue Jan 23 13:34:22 2018 +0900 Committer: Jungtaek Lim <[email protected]> Committed: Tue Jan 23 13:34:22 2018 +0900 ---------------------------------------------------------------------- .../org/apache/storm/hbase/common/Utils.java | 21 +++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/storm/blob/d291f39c/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java ---------------------------------------------------------------------- diff --git a/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java b/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java index ab1ec37..f56f9e0 100644 --- a/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java +++ b/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java @@ -33,6 +33,7 @@ import java.security.PrivilegedExceptionAction; public class Utils { private static final Logger LOG = LoggerFactory.getLogger(Utils.class); + public static final String TOKEN_KIND_HBASE_AUTH_TOKEN = "HBASE_AUTH_TOKEN"; private Utils(){} @@ -47,14 +48,28 @@ public class Utils { ugi = UserGroupInformation.getCurrentUser(); LOG.debug("UGI for current USER : {}", ugi.getUserName()); + boolean foundHBaseAuthToken = false; for (Token<? extends TokenIdentifier> token : ugi.getTokens()) { LOG.debug("Token in UGI (delegation token): {} / {}", token.toString(), token.decodeIdentifier().getUser()); - // use UGI from token - ugi = token.decodeIdentifier().getUser(); - ugi.addToken(token); + // token.getKind() = Text, Text is annotated by @Stringable + // which ensures toString() implementation + if (token.getKind().toString().equals(TOKEN_KIND_HBASE_AUTH_TOKEN)) { + // use UGI from token + LOG.debug("Found HBASE_AUTH_TOKEN - using the token to replace current user."); + + ugi = token.decodeIdentifier().getUser(); + ugi.addToken(token); + + foundHBaseAuthToken = true; + } } + + if (!foundHBaseAuthToken) { + LOG.warn("Can't find HBase auth token in delegation tokens."); + } + } return ugi.doAs(new PrivilegedExceptionAction<HTable>() {
