1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security.token;
20
21 import java.io.IOException;
22
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.apache.hadoop.hbase.classification.InterfaceAudience;
26 import org.apache.hadoop.hbase.classification.InterfaceStability;
27 import org.apache.hadoop.fs.FileSystem;
28 import org.apache.hadoop.hbase.security.UserProvider;
29 import org.apache.hadoop.security.token.Token;
30
31
32
33
34
35
36 @InterfaceAudience.Private
37 @InterfaceStability.Evolving
38 public class FsDelegationToken {
39 private static final Log LOG = LogFactory.getLog(FsDelegationToken.class);
40
41 private final UserProvider userProvider;
42 private final String renewer;
43
44 private boolean hasForwardedToken = false;
45 private Token<?> userToken = null;
46 private FileSystem fs = null;
47
48
49
50
51 public FsDelegationToken(final UserProvider userProvider, final String renewer) {
52 this.userProvider = userProvider;
53 this.renewer = renewer;
54 }
55
56
57
58
59
60
61
62
63 public void acquireDelegationToken(final FileSystem fs)
64 throws IOException {
65 if (userProvider.isHadoopSecurityEnabled()) {
66 this.fs = fs;
67 userToken = userProvider.getCurrent().getToken("HDFS_DELEGATION_TOKEN",
68 fs.getCanonicalServiceName());
69 if (userToken == null) {
70 hasForwardedToken = false;
71 try {
72 userToken = fs.getDelegationToken(renewer);
73 } catch (NullPointerException npe) {
74
75 LOG.error("Failed to get token for " + renewer);
76 }
77 } else {
78 hasForwardedToken = true;
79 LOG.info("Use the existing token: " + userToken);
80 }
81 }
82 }
83
84
85
86
87 public void releaseDelegationToken() {
88 if (userProvider.isHadoopSecurityEnabled()) {
89 if (userToken != null && !hasForwardedToken) {
90 try {
91 userToken.cancel(this.fs.getConf());
92 } catch (Exception e) {
93 LOG.warn("Failed to cancel HDFS delegation token: " + userToken, e);
94 }
95 }
96 this.userToken = null;
97 this.fs = null;
98 }
99 }
100
101 public UserProvider getUserProvider() {
102 return userProvider;
103 }
104
105
106
107
108 public String getRenewer() {
109 return renewer;
110 }
111
112
113
114
115 public Token<?> getUserToken() {
116 return userToken;
117 }
118
119 public FileSystem getFileSystem() {
120 return fs;
121 }
122 }