[
https://issues.apache.org/jira/browse/HADOOP-11181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhijie Shen updated HADOOP-11181:
---------------------------------
Attachment: HADOOP-11181.2.patch
> o.a.h.security.token.delegation.DelegationTokenManager should be more
> generalized to handle other DelegationTokenIdentifier
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-11181
> URL: https://issues.apache.org/jira/browse/HADOOP-11181
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Zhijie Shen
> Assignee: Zhijie Shen
> Attachments: HADOOP-11181.1.patch, HADOOP-11181.2.patch
>
>
> While DelegationTokenManager can set external secretManager, it have the
> assumption that the token is going to be
> o.a.h.security.token.delegation.DelegationTokenIdentifier, and use
> DelegationTokenIdentifier method to decode a token.
> {code}
> @SuppressWarnings("unchecked")
> public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier>
> token) throws IOException {
> ByteArrayInputStream buf = new
> ByteArrayInputStream(token.getIdentifier());
> DataInputStream dis = new DataInputStream(buf);
> DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind);
> id.readFields(dis);
> dis.close();
> secretManager.verifyToken(id, token.getPassword());
> return id.getUser();
> }
> {code}
> It's not going to work it the token kind is other than
> web.DelegationTokenIdentifier. For example, RM want to reuse it but hook it
> to RMDelegationTokenSecretManager and RMDelegationTokenIdentifier, which has
> the customized way to decode a token.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
