Repository: hadoop Updated Branches: refs/heads/branch-2.8 408848d1e -> e84a9c976
HADOOP-13255. KMSClientProvider should check and renew tgt when doing delegation token operations. Contributed by Xiao Chen. (cherry picked from commit ddf66427ff92a3886f94954e21d59e998412059b) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/e84a9c97 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/e84a9c97 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/e84a9c97 Branch: refs/heads/branch-2.8 Commit: e84a9c976a04c6227de6c84a95ae99fc9dc265f1 Parents: 408848d Author: Xiaoyu Yao <x...@apache.org> Authored: Thu Jun 16 20:11:32 2016 -0700 Committer: Xiaoyu Yao <x...@apache.org> Committed: Thu Jun 16 20:12:55 2016 -0700 ---------------------------------------------------------------------- .../java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java | 2 -- .../token/delegation/web/DelegationTokenAuthenticator.java | 3 +++ .../hadoop-kms/src/test/resources/log4j.properties | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/e84a9c97/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java index ac2e718..4044870 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java @@ -536,8 +536,6 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension, UserGroupInformation.AuthenticationMethod.PROXY) ? currentUgi.getShortUserName() : null; - // check and renew TGT to handle potential expiration - actualUgi.checkTGTAndReloginFromKeytab(); // creating the HTTP connection using the current UGI at constructor time conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { @Override http://git-wip-us.apache.org/repos/asf/hadoop/blob/e84a9c97/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java index 46a0b1f..53978a6 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java @@ -20,6 +20,7 @@ package org.apache.hadoop.security.token.delegation.web; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.security.SecurityUtil; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authentication.client.AuthenticatedURL; import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.Authenticator; @@ -143,6 +144,8 @@ public abstract class DelegationTokenAuthenticator implements Authenticator { public void authenticate(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException { if (!hasDelegationToken(url, token)) { + // check and renew TGT to handle potential expiration + UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab(); authenticator.authenticate(url, token); } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/e84a9c97/hadoop-common-project/hadoop-kms/src/test/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-kms/src/test/resources/log4j.properties b/hadoop-common-project/hadoop-kms/src/test/resources/log4j.properties index 5cd037a..b347d27 100644 --- a/hadoop-common-project/hadoop-kms/src/test/resources/log4j.properties +++ b/hadoop-common-project/hadoop-kms/src/test/resources/log4j.properties @@ -22,7 +22,7 @@ log4j.appender.stdout.Target=System.out log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n -log4j.rootLogger=WARN, stdout +log4j.rootLogger=INFO, stdout log4j.logger.org.apache.hadoop.conf=ERROR log4j.logger.org.apache.hadoop.crytpo.key.kms.server=ALL log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org