Zhijie Shen created HADOOP-11181:
------------------------------------
Summary: o.a.h.security.token.delegation.DelegationTokenManager
should be more generalized to handle other DelegationTokenIdentifier
Key: HADOOP-11181
URL: https://issues.apache.org/jira/browse/HADOOP-11181
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Zhijie Shen
Assignee: Zhijie Shen
While DelegationTokenManager can set external secretManager, it have the
assumption that the token is going to be
o.a.h.security.token.delegation.DelegationTokenIdentifier, and use
DelegationTokenIdentifier method to decode a token.
{code}
@SuppressWarnings("unchecked")
public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier>
token) throws IOException {
ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
DataInputStream dis = new DataInputStream(buf);
DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind);
id.readFields(dis);
dis.close();
secretManager.verifyToken(id, token.getPassword());
return id.getUser();
}
{code}
It's not going to work it the token kind is other than
web.DelegationTokenIdentifier. For example, RM want to reuse it but hook it to
RMDelegationTokenSecretManager and RMDelegationTokenIdentifier, which has the
customized way to decode a token.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
