Repository: storm Updated Branches: refs/heads/1.x-branch 5be414d08 -> c1a1511f1
STORM-2906 Pick HBase delegation token properly while handling HBase auth via delegation token Project: http://git-wip-us.apache.org/repos/asf/storm/repo Commit: http://git-wip-us.apache.org/repos/asf/storm/commit/12a03e38 Tree: http://git-wip-us.apache.org/repos/asf/storm/tree/12a03e38 Diff: http://git-wip-us.apache.org/repos/asf/storm/diff/12a03e38 Branch: refs/heads/1.x-branch Commit: 12a03e3899b2c4c4377d2db26d95f8fbc22458f6 Parents: 5be414d Author: Jungtaek Lim <[email protected]> Authored: Tue Jan 23 13:34:22 2018 +0900 Committer: Jungtaek Lim <[email protected]> Committed: Thu Feb 1 23:16:59 2018 +0900 ---------------------------------------------------------------------- .../org/apache/storm/hbase/common/Utils.java | 26 +++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/storm/blob/12a03e38/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java ---------------------------------------------------------------------- diff --git a/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java b/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java index b4851f8..31ac655 100644 --- a/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java +++ b/external/storm-hbase/src/main/java/org/apache/storm/hbase/common/Utils.java @@ -33,6 +33,7 @@ import java.security.PrivilegedExceptionAction; public class Utils { private static final Logger LOG = LoggerFactory.getLogger(Utils.class); + public static final String TOKEN_KIND_HBASE_AUTH_TOKEN = "HBASE_AUTH_TOKEN"; private Utils(){} @@ -47,14 +48,33 @@ public class Utils { ugi = UserGroupInformation.getCurrentUser(); LOG.debug("UGI for current USER : {}", ugi.getUserName()); + boolean foundHBaseAuthToken = false; for (Token<? extends TokenIdentifier> token : ugi.getTokens()) { LOG.debug("Token in UGI (delegation token): {} / {}", token.toString(), token.decodeIdentifier().getUser()); - // use UGI from token - ugi = token.decodeIdentifier().getUser(); - ugi.addToken(token); + // token.getKind() = Text, Text is annotated by @Stringable + // which ensures toString() implementation + if (token.getKind().toString().equals(TOKEN_KIND_HBASE_AUTH_TOKEN)) { + // use UGI from token + if (!foundHBaseAuthToken) { + LOG.debug("Found HBASE_AUTH_TOKEN - using the token to replace current user."); + + ugi = token.decodeIdentifier().getUser(); + ugi.addToken(token); + + foundHBaseAuthToken = true; + } else { + LOG.warn("Found multiple HBASE_AUTH_TOKEN - will use already found token. " + + "Please enable DEBUG log level to track delegation tokens."); + } + } } + + if (!foundHBaseAuthToken) { + LOG.warn("Can't find HBase auth token in delegation tokens."); + } + } return ugi.doAs(new PrivilegedExceptionAction<HTable>() {
