Merge branch 'trunk' into HDFS-7240
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/3231ead8 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/3231ead8 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/3231ead8 Branch: refs/heads/HDFS-7240 Commit: 3231ead84ba57b390ccc041fcee6def6aa866860 Parents: 6556445 0cab572 Author: Anu Engineer <[email protected]> Authored: Wed Apr 12 16:36:41 2017 -0700 Committer: Anu Engineer <[email protected]> Committed: Wed Apr 12 16:36:41 2017 -0700 ---------------------------------------------------------------------- BUILDING.txt | 2 +- LICENSE.txt | 9 +- dev-support/bin/yetus-wrapper | 44 +- dev-support/docker/Dockerfile | 16 +- .../hadoop-client-integration-tests/pom.xml | 5 + .../hadoop-client-minicluster/pom.xml | 4 - .../util/RandomSignerSecretProvider.java | 9 +- .../util/ZKSignerSecretProvider.java | 10 +- .../util/TestRandomSignerSecretProvider.java | 68 ++- .../util/TestZKSignerSecretProvider.java | 154 +++++- hadoop-common-project/hadoop-common/pom.xml | 5 - .../hadoop-common/src/main/bin/hadoop | 69 +-- .../hadoop-common/src/main/bin/hadoop-config.sh | 10 +- .../src/main/bin/hadoop-functions.sh | 217 ++++++-- .../hadoop-common/src/main/conf/hadoop-env.sh | 13 +- .../java/org/apache/hadoop/fs/FileSystem.java | 3 +- .../org/apache/hadoop/fs/FsServerDefaults.java | 30 +- .../hadoop/fs/MD5MD5CRC32FileChecksum.java | 62 --- .../org/apache/hadoop/fs/ftp/FtpConfigKeys.java | 4 +- .../apache/hadoop/fs/local/LocalConfigKeys.java | 5 +- .../apache/hadoop/io/erasurecode/CodecUtil.java | 135 +++-- .../hadoop/metrics2/lib/MetricsRegistry.java | 26 + .../hadoop/metrics2/lib/MutableGaugeFloat.java | 80 +++ .../metrics2/lib/MutableMetricsFactory.java | 3 + .../security/ssl/SSLHostnameVerifier.java | 21 +- .../java/org/apache/hadoop/util/KMSUtil.java | 20 +- .../apache/hadoop/util/LightWeightCache.java | 20 +- .../main/java/org/apache/hadoop/util/Time.java | 10 + .../main/java/org/apache/hadoop/util/Timer.java | 10 + .../org/apache/hadoop/util/VersionInfo.java | 27 +- .../src/main/resources/core-default.xml | 99 +++- .../src/site/markdown/SecureMode.md | 20 +- .../src/site/markdown/UnixShellGuide.md | 31 +- .../conf/TestCommonConfigurationFields.java | 2 +- .../fs/contract/AbstractContractMkdirTest.java | 42 ++ .../erasurecode/TestCodecRawCoderMapping.java | 71 ++- .../coder/TestHHXORErasureCoder.java | 2 +- .../erasurecode/coder/TestRSErasureCoder.java | 2 +- .../metrics2/lib/TestMetricsAnnotations.java | 3 + .../metrics2/lib/TestMetricsRegistry.java | 4 +- .../hadoop/metrics2/lib/TestMutableMetrics.java | 2 + .../java/org/apache/hadoop/util/FakeTimer.java | 25 +- .../hadoop/util/TestLightWeightCache.java | 19 +- .../scripts/hadoop_build_custom_subcmd_var.bats | 21 + .../test/scripts/hadoop_detect_priv_subcmd.bats | 34 ++ .../test/scripts/hadoop_get_verify_uservar.bats | 21 - .../src/test/scripts/hadoop_verify_user.bats | 53 -- .../test/scripts/hadoop_verify_user_perm.bats | 53 ++ .../scripts/hadoop_verify_user_resolves.bats | 44 ++ .../java/org/apache/hadoop/hdfs/DFSClient.java | 101 +++- .../org/apache/hadoop/hdfs/DFSOutputStream.java | 44 +- .../org/apache/hadoop/hdfs/DFSUtilClient.java | 13 + .../hadoop/hdfs/DistributedFileSystem.java | 47 +- .../org/apache/hadoop/hdfs/HAUtilClient.java | 55 ++ .../apache/hadoop/hdfs/KeyProviderCache.java | 17 +- .../hadoop/hdfs/NameNodeProxiesClient.java | 15 +- .../hdfs/client/HdfsClientConfigKeys.java | 1 + .../hadoop/hdfs/protocol/ClientProtocol.java | 6 +- .../hadoop/hdfs/protocol/HdfsConstants.java | 6 - .../protocol/SystemErasureCodingPolicies.java | 121 ++++ .../protocol/datatransfer/PacketReceiver.java | 2 +- .../ClientNamenodeProtocolTranslatorPB.java | 5 +- .../hadoop/hdfs/protocolPB/PBHelperClient.java | 38 +- .../namenode/ha/ClientHAProxyFactory.java | 44 ++ .../ha/ConfiguredFailoverProxyProvider.java | 183 ++++++ .../hdfs/server/namenode/ha/HAProxyFactory.java | 44 ++ .../namenode/ha/IPFailoverProxyProvider.java | 126 +++++ .../ha/RequestHedgingProxyProvider.java | 234 ++++++++ .../src/main/proto/ClientNamenodeProtocol.proto | 1 + .../src/main/proto/hdfs.proto | 8 +- .../ha/TestRequestHedgingProxyProvider.java | 476 ++++++++++++++++ hadoop-hdfs-project/hadoop-hdfs-httpfs/pom.xml | 5 + .../org/apache/hadoop/test/TestHdfsHelper.java | 5 +- hadoop-hdfs-project/hadoop-hdfs-nfs/pom.xml | 10 +- hadoop-hdfs-project/hadoop-hdfs/pom.xml | 10 +- .../hadoop-hdfs/src/main/bin/hdfs | 97 +--- .../hadoop-hdfs/src/main/bin/hdfs-config.sh | 5 + .../org/apache/hadoop/hdfs/DFSConfigKeys.java | 3 +- .../java/org/apache/hadoop/hdfs/DFSUtil.java | 15 +- .../java/org/apache/hadoop/hdfs/HAUtil.java | 57 +- .../org/apache/hadoop/hdfs/NameNodeProxies.java | 3 +- ...tNamenodeProtocolServerSideTranslatorPB.java | 3 +- .../hadoop/hdfs/server/common/Storage.java | 6 +- .../hdfs/server/datanode/BPOfferService.java | 19 +- .../hdfs/server/datanode/BPServiceActor.java | 25 +- .../hdfs/server/datanode/BlockPoolManager.java | 8 +- .../hdfs/server/datanode/DataXceiver.java | 4 +- .../datanode/checker/ThrottledAsyncChecker.java | 25 +- .../apache/hadoop/hdfs/server/mover/Mover.java | 11 +- .../hadoop/hdfs/server/namenode/DfsServlet.java | 50 +- .../namenode/ErasureCodingPolicyManager.java | 78 +-- .../server/namenode/FSDirErasureCodingOp.java | 60 +- .../hdfs/server/namenode/FSDirWriteFileOp.java | 17 +- .../server/namenode/FSImageFormatPBINode.java | 3 +- .../hdfs/server/namenode/FSNamesystem.java | 25 +- .../hadoop/hdfs/server/namenode/INodeFile.java | 8 +- .../hdfs/server/namenode/INodesInPath.java | 6 +- .../hdfs/server/namenode/NameNodeRpcServer.java | 6 +- .../ha/ConfiguredFailoverProxyProvider.java | 216 -------- .../namenode/ha/IPFailoverProxyProvider.java | 132 ----- .../namenode/ha/NameNodeHAProxyFactory.java | 45 ++ .../ha/RequestHedgingProxyProvider.java | 241 -------- .../src/main/webapps/hdfs/robots.txt | 2 + .../src/main/webapps/journal/robots.txt | 2 + .../src/main/webapps/secondary/robots.txt | 2 + .../src/site/markdown/ArchivalStorage.md | 2 +- .../src/site/markdown/HdfsNfsGateway.md | 14 +- .../src/site/markdown/TransparentEncryption.md | 1 + .../org/apache/hadoop/hdfs/DFSTestUtil.java | 7 +- .../apache/hadoop/hdfs/StripedFileTestUtil.java | 6 +- .../hadoop/hdfs/TestDFSClientFailover.java | 4 +- .../hadoop/hdfs/TestDFSClientRetries.java | 5 +- .../apache/hadoop/hdfs/TestDFSOutputStream.java | 126 +++++ .../TestDFSRSDefault10x4StripedInputStream.java | 7 +- ...TestDFSRSDefault10x4StripedOutputStream.java | 7 +- ...fault10x4StripedOutputStreamWithFailure.java | 7 +- .../hadoop/hdfs/TestDFSStripedInputStream.java | 2 +- .../hadoop/hdfs/TestDFSStripedOutputStream.java | 2 +- .../TestDFSStripedOutputStreamWithFailure.java | 2 +- .../org/apache/hadoop/hdfs/TestDFSUtil.java | 2 +- .../hdfs/TestDFSXORStripedInputStream.java | 7 +- .../hdfs/TestDFSXORStripedOutputStream.java | 7 +- ...estDFSXORStripedOutputStreamWithFailure.java | 7 +- .../apache/hadoop/hdfs/TestEncryptionZones.java | 208 ++++++- .../hadoop/hdfs/TestErasureCodingPolicies.java | 71 ++- .../apache/hadoop/hdfs/TestFileCreation.java | 4 +- .../hadoop/hdfs/TestKeyProviderCache.java | 21 +- .../java/org/apache/hadoop/hdfs/TestLease.java | 3 +- .../hadoop/hdfs/TestReconstructStripedFile.java | 2 +- .../TestUnsetAndChangeDirectoryEcPolicy.java | 13 +- .../hadoop/hdfs/protocolPB/TestPBHelper.java | 117 +++- .../server/datanode/TestBPOfferService.java | 2 +- .../server/datanode/TestBlockPoolManager.java | 4 +- .../hdfs/server/datanode/TestBlockRecovery.java | 4 +- .../TestDatasetVolumeCheckerTimeout.java | 2 +- .../checker/TestThrottledAsyncChecker.java | 118 ++-- .../TestThrottledAsyncCheckerTimeout.java | 45 +- .../hadoop/hdfs/server/mover/TestMover.java | 42 ++ .../server/namenode/NNThroughputBenchmark.java | 16 +- .../hdfs/server/namenode/TestAddBlockRetry.java | 4 +- ...stBlockPlacementPolicyRackFaultTolerant.java | 4 +- .../TestDefaultBlockPlacementPolicy.java | 2 +- .../server/namenode/TestEnabledECPolicies.java | 17 +- .../hdfs/server/namenode/TestFSImage.java | 13 +- .../hdfs/server/namenode/TestINodeFile.java | 7 +- .../server/namenode/TestNamenodeRetryCache.java | 17 +- .../hdfs/server/namenode/TestStartup.java | 57 +- .../server/namenode/TestStripedINodeFile.java | 8 +- .../namenode/ha/TestDelegationTokensWithHA.java | 4 +- .../ha/TestRequestHedgingProxyProvider.java | 470 ---------------- .../namenode/ha/TestRetryCacheWithHA.java | 3 +- .../TestOfflineImageViewer.java | 11 +- .../hadoop/hdfs/util/TestStripedBlockUtil.java | 4 +- .../org/apache/hadoop/hdfs/web/TestWebHDFS.java | 10 +- hadoop-mapreduce-project/bin/mapred | 64 +-- hadoop-mapreduce-project/bin/mapred-config.sh | 1 + .../hadoop/mapreduce/JobResourceUploader.java | 103 +++- .../mapreduce/TestJobResourceUploader.java | 481 +++++++++++++--- .../mapred/TestMRTimelineEventHandling.java | 2 +- .../apache/hadoop/mapred/TestNetworkedJob.java | 3 + .../hadoop/mapreduce/v2/MiniMRYarnCluster.java | 6 +- .../hadoop-mapreduce-client/pom.xml | 5 + hadoop-project/pom.xml | 19 +- .../org/apache/hadoop/fs/s3a/S3AFileSystem.java | 3 +- .../java/org/apache/hadoop/fs/s3a/S3AUtils.java | 8 +- ...haredInstanceProfileCredentialsProvider.java | 67 --- .../src/site/markdown/tools/hadoop-aws/index.md | 33 +- .../fs/s3a/TestS3AAWSCredentialsProvider.java | 4 +- .../org/apache/hadoop/fs/adl/AdlConfKeys.java | 2 + .../org/apache/hadoop/fs/adl/AdlFileSystem.java | 3 +- .../apache/hadoop/fs/adl/AdlMockWebServer.java | 3 + .../hadoop/fs/adl/TestAzureADTokenProvider.java | 3 + .../hadoop/fs/adl/TestCustomTokenProvider.java | 4 + .../fs/adl/TestRelativePathFormation.java | 4 + .../hadoop/fs/azure/NativeAzureFileSystem.java | 129 +++-- .../fs/azure/RemoteWasbAuthorizerImpl.java | 11 +- .../fs/azure/WasbAuthorizationOperations.java | 2 - .../hadoop/fs/azure/MockWasbAuthorizerImpl.java | 22 +- .../TestNativeAzureFileSystemAuthorization.java | 554 ++++++++++++++++--- .../fs/azure/TestWasbRemoteCallHelper.java | 6 +- .../TestAzureFileSystemInstrumentation.java | 3 +- hadoop-tools/hadoop-kafka/pom.xml | 26 - .../hadoop/metrics2/impl/TestKafkaMetrics.java | 4 +- hadoop-yarn-project/hadoop-yarn/bin/yarn | 62 +-- .../hadoop-yarn/bin/yarn-config.sh | 1 + .../hadoop/yarn/conf/YarnConfiguration.java | 3 +- .../pom.xml | 5 + .../hadoop/yarn/client/ProtocolHATestBase.java | 6 +- .../hadoop/yarn/client/cli/TestLogsCLI.java | 58 +- .../hadoop/yarn/client/cli/TestRMAdminCLI.java | 32 +- .../impl/pb/ContainerLaunchContextPBImpl.java | 13 + .../logaggregation/AggregatedLogFormat.java | 29 +- .../TestApplicationClientProtocolRecords.java | 29 + .../logaggregation/TestAggregatedLogFormat.java | 123 ++-- .../logaggregation/TestAggregatedLogsBlock.java | 25 +- .../logaggregation/TestContainerLogsUtils.java | 15 +- .../server/nodemanager/DirectoryCollection.java | 3 +- .../yarn/server/nodemanager/NodeManager.java | 26 +- .../containermanager/ContainerManagerImpl.java | 18 +- .../localizer/ContainerLocalizer.java | 3 +- .../localizer/ResourceLocalizationService.java | 16 +- .../logaggregation/AppLogAggregatorImpl.java | 70 ++- .../nodemanager/metrics/NodeManagerMetrics.java | 41 ++ .../nodemanager/DummyContainerManager.java | 5 +- .../TestContainerManagerWithLCE.java | 299 +--------- .../nodemanager/TestNodeManagerResync.java | 2 +- .../containermanager/TestContainerManager.java | 45 ++ .../TestContainerManagerRecovery.java | 11 +- .../localizer/TestLocalCacheCleanup.java | 17 +- .../TestLocalCacheDirectoryManager.java | 8 +- .../TestResourceLocalizationService.java | 412 ++++++++------ .../TestAppLogAggregatorImpl.java | 8 +- .../conf/capacity-scheduler.xml | 24 +- .../hadoop-yarn-server-resourcemanager/pom.xml | 5 + .../metrics/TimelineServiceV2Publisher.java | 11 +- .../nodelabels/RMNodeLabelsManager.java | 12 + .../recovery/FileSystemRMStateStore.java | 8 +- .../rmcontainer/RMContainer.java | 3 +- .../rmcontainer/RMContainerImpl.java | 2 +- .../scheduler/AppSchedulingInfo.java | 47 +- .../scheduler/SchedulerApplicationAttempt.java | 5 + .../scheduler/SchedulerNode.java | 6 +- .../scheduler/capacity/AbstractCSQueue.java | 20 +- .../scheduler/capacity/CSQueue.java | 14 - .../scheduler/capacity/CSQueueMetrics.java | 21 + .../scheduler/capacity/CSQueueUtils.java | 32 +- .../CapacitySchedulerConfiguration.java | 12 + .../capacity/CapacitySchedulerQueueManager.java | 33 ++ .../scheduler/capacity/LeafQueue.java | 18 +- .../scheduler/capacity/ParentQueue.java | 19 +- .../scheduler/capacity/PlanQueue.java | 4 +- .../scheduler/capacity/ReservationQueue.java | 2 +- .../allocator/RegularContainerAllocator.java | 41 +- .../scheduler/fair/FSAppAttempt.java | 20 +- .../scheduler/fair/FSOpDurations.java | 8 - .../scheduler/fair/FSPreemptionThread.java | 25 +- .../scheduler/fair/FSSchedulerNode.java | 133 ++++- .../scheduler/fair/FairScheduler.java | 49 +- .../LocalitySchedulingPlacementSet.java | 8 +- .../resourcemanager/TestSignalContainer.java | 13 +- .../TestCapacitySchedulerPlanFollower.java | 7 + .../TestFairSchedulerPlanFollower.java | 4 + .../TestSchedulerPlanFollowerBase.java | 9 +- .../capacity/TestCapacityScheduler.java | 262 +++++++++ .../TestCapacitySchedulerDynamicBehavior.java | 11 + .../scheduler/capacity/TestLeafQueue.java | 167 +++++- .../fair/TestContinuousScheduling.java | 36 ++ .../scheduler/fair/TestFSSchedulerNode.java | 403 ++++++++++++++ .../fair/TestFairSchedulerPreemption.java | 19 + .../scheduler/fair/TestSchedulingPolicy.java | 1 - .../webapp/TestRMWebServicesApps.java | 123 ++-- .../hadoop/yarn/server/MiniYARNCluster.java | 22 +- .../hadoop/yarn/server/TestMiniYarnCluster.java | 34 +- .../pom.xml | 5 + .../src/site/markdown/DockerContainers.md | 4 +- .../hadoop-yarn/hadoop-yarn-ui/pom.xml | 4 +- .../webapp/app/components/app-attempt-table.js | 7 - .../main/webapp/app/components/timeline-view.js | 199 ++++++- .../main/webapp/app/helpers/prepend-protocol.js | 29 + .../src/main/webapp/app/services/hosts.js | 6 +- .../templates/components/app-attempt-table.hbs | 36 +- .../templates/components/container-table.hbs | 22 +- .../app/templates/components/timeline-view.hbs | 61 +- .../tests/unit/helpers/prepend-protocol-test.js | 28 + 264 files changed, 7292 insertions(+), 3710 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocolPB/PBHelperClient.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-hdfs-project/hadoop-hdfs-client/src/main/proto/hdfs.proto ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-hdfs-project/hadoop-hdfs/pom.xml ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-hdfs-project/hadoop-hdfs/src/main/bin/hdfs ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/BlockPoolManager.java ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-project/pom.xml ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azure/RemoteWasbAuthorizerImpl.java ---------------------------------------------------------------------- diff --cc hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azure/RemoteWasbAuthorizerImpl.java index e22a3a2,8576377..4effb0d --- a/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azure/RemoteWasbAuthorizerImpl.java +++ b/hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azure/RemoteWasbAuthorizerImpl.java @@@ -132,84 -132,91 +132,91 @@@ public class RemoteWasbAuthorizerImpl i @Override public boolean authorize(String wasbAbsolutePath, String accessType) throws WasbAuthorizationException, IOException { + - try { + try { + + /* Make an exception for the internal -RenamePending files */ - if (wasbAbsolutePath.endsWith(NativeAzureFileSystem.FolderRenamePending.SUFFIX)) { - return true; - } - - URIBuilder uriBuilder = new URIBuilder(remoteAuthorizerServiceUrl); - uriBuilder.setPath("/" + CHECK_AUTHORIZATION_OP); - uriBuilder.addParameter(WASB_ABSOLUTE_PATH_QUERY_PARAM_NAME, - wasbAbsolutePath); - uriBuilder.addParameter(ACCESS_OPERATION_QUERY_PARAM_NAME, - accessType); - if (isSecurityEnabled && StringUtils.isNotEmpty(delegationToken)) { - uriBuilder.addParameter(DELEGATION_TOKEN_QUERY_PARAM_NAME, - delegationToken); - } - - String responseBody = null; - UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); - UserGroupInformation connectUgi = ugi.getRealUser(); - if (connectUgi == null) { - connectUgi = ugi; - } else { - uriBuilder.addParameter(Constants.DOAS_PARAM, ugi.getShortUserName()); - } - if (isSecurityEnabled && !connectUgi.hasKerberosCredentials()) { - connectUgi = UserGroupInformation.getLoginUser(); - } - connectUgi.checkTGTAndReloginFromKeytab(); - - try { - responseBody = connectUgi - .doAs(new PrivilegedExceptionAction<String>() { - @Override - public String run() throws Exception { - AuthenticatedURL.Token token = null; - HttpGet httpGet = new HttpGet(uriBuilder.build()); - if (isKerberosSupportEnabled && UserGroupInformation - .isSecurityEnabled() && (delegationToken == null - || delegationToken.isEmpty())) { - token = new AuthenticatedURL.Token(); - final Authenticator kerberosAuthenticator = new KerberosDelegationTokenAuthenticator(); - try { - kerberosAuthenticator - .authenticate(uriBuilder.build().toURL(), token); - Validate.isTrue(token.isSet(), - "Authenticated Token is NOT present. The request cannot proceed."); - } catch (AuthenticationException e){ - throw new IOException("Authentication failed in check authorization", e); - } - if (token != null) { - httpGet.setHeader("Cookie", - AuthenticatedURL.AUTH_COOKIE + "=" + token); - } ++ if (wasbAbsolutePath.endsWith(NativeAzureFileSystem.FolderRenamePending.SUFFIX)) { ++ return true; ++ } ++ + URIBuilder uriBuilder = new URIBuilder(remoteAuthorizerServiceUrl); + uriBuilder.setPath("/" + CHECK_AUTHORIZATION_OP); + uriBuilder.addParameter(WASB_ABSOLUTE_PATH_QUERY_PARAM_NAME, + wasbAbsolutePath); + uriBuilder.addParameter(ACCESS_OPERATION_QUERY_PARAM_NAME, + accessType); + if (isSecurityEnabled && StringUtils.isNotEmpty(delegationToken)) { + uriBuilder.addParameter(DELEGATION_TOKEN_QUERY_PARAM_NAME, + delegationToken); + } + + String responseBody = null; + UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); + UserGroupInformation connectUgi = ugi.getRealUser(); + if (connectUgi == null) { + connectUgi = ugi; + } else { + uriBuilder.addParameter(Constants.DOAS_PARAM, ugi.getShortUserName()); + } + if (isSecurityEnabled && !connectUgi.hasKerberosCredentials()) { + connectUgi = UserGroupInformation.getLoginUser(); + } + connectUgi.checkTGTAndReloginFromKeytab(); + + try { + responseBody = connectUgi + .doAs(new PrivilegedExceptionAction<String>() { + @Override + public String run() throws Exception { + AuthenticatedURL.Token token = null; + HttpGet httpGet = new HttpGet(uriBuilder.build()); + if (isKerberosSupportEnabled && UserGroupInformation + .isSecurityEnabled() && (delegationToken == null + || delegationToken.isEmpty())) { + token = new AuthenticatedURL.Token(); + final Authenticator kerberosAuthenticator = new KerberosDelegationTokenAuthenticator(); + try { + kerberosAuthenticator + .authenticate(uriBuilder.build().toURL(), token); + Validate.isTrue(token.isSet(), + "Authenticated Token is NOT present. The request cannot proceed."); + } catch (AuthenticationException e){ + throw new IOException("Authentication failed in check authorization", e); + } + if (token != null) { + httpGet.setHeader("Cookie", + AuthenticatedURL.AUTH_COOKIE + "=" + token); } - return remoteCallHelper.makeRemoteGetRequest(httpGet); } - }); - } catch (InterruptedException e) { - LOG.error("Error in check authorization", e); - throw new WasbAuthorizationException("Error in check authorize", e); - } - - ObjectMapper objectMapper = new ObjectMapper(); - RemoteAuthorizerResponse authorizerResponse = - objectMapper - .readValue(responseBody, RemoteAuthorizerResponse.class); - - if (authorizerResponse == null) { - throw new WasbAuthorizationException( - "RemoteAuthorizerResponse object null from remote call"); - } else if (authorizerResponse.getResponseCode() - == REMOTE_CALL_SUCCESS_CODE) { - return authorizerResponse.getAuthorizationResult(); - } else { - throw new WasbAuthorizationException("Remote authorization" - + " service encountered an error " - + authorizerResponse.getResponseMessage()); - } - } catch (URISyntaxException | WasbRemoteCallException - | JsonParseException | JsonMappingException ex) { - throw new WasbAuthorizationException(ex); + return remoteCallHelper.makeRemoteGetRequest(httpGet); + } + }); + } catch (InterruptedException e) { + LOG.error("Error in check authorization", e); + throw new WasbAuthorizationException("Error in check authorize", e); } + + ObjectMapper objectMapper = new ObjectMapper(); + RemoteAuthorizerResponse authorizerResponse = + objectMapper + .readValue(responseBody, RemoteAuthorizerResponse.class); + + if (authorizerResponse == null) { + throw new WasbAuthorizationException( + "RemoteAuthorizerResponse object null from remote call"); + } else if (authorizerResponse.getResponseCode() + == REMOTE_CALL_SUCCESS_CODE) { + return authorizerResponse.getAuthorizationResult(); + } else { + throw new WasbAuthorizationException("Remote authorization" - + " serivce encountered an error " ++ + " service encountered an error " + + authorizerResponse.getResponseMessage()); + } + } catch (URISyntaxException | WasbRemoteCallException + | JsonParseException | JsonMappingException ex) { + throw new WasbAuthorizationException(ex); + } } } http://git-wip-us.apache.org/repos/asf/hadoop/blob/3231ead8/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/pom.xml ---------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
