Examples of org.apache.hadoop.security.Credentials

• org.apache.hadoop.security.Credentials
  A class that provides the facilities of reading and writing secret keys and Tokens.

  }

  private Token<? extends TokenIdentifier> generateDelegationToken(
      final NameNode namenode, final UserGroupInformation ugi,
      final String renewer) throws IOException {
    final Credentials c = DelegationTokenSecretManager.createCredentials(
        namenode, ugi, renewer != null? renewer: ugi.getShortUserName());
    final Token<? extends TokenIdentifier> t = c.getAllTokens().iterator().next();
    t.setKind(WebHdfsFileSystem.TOKEN_KIND);
    SecurityUtil.setTokenService(t, namenode.getHttpAddress());
    return t;
  }

  @Override
  public Token<?> getDelegationToken(final String renewer) throws IOException {
    try {
      return ugi.doAs(new PrivilegedExceptionAction<Token<?>>() {
        public Token<?> run() throws IOException {
          Credentials c;
          try {
            c = DelegationTokenFetcher.getDTfromRemote(nnHttpUrl, renewer);
          } catch (Exception e) {
            LOG.info("Couldn't get a delegation token from " + nnHttpUrl +
            " using https.");
            LOG.debug("error was ", e);
            //Maybe the server is in unsecure mode (that's bad but okay)
            return null;
          }
          for (Token<? extends TokenIdentifier> t : c.getAllTokens()) {
            LOG.debug("Got dt for " + getUri() + ";t.service="
                      +t.getService());
            t.setService(new Text(getCanonicalServiceName()));
            return t;
          }

    File dir = new File(TEST_ROOT_DIR, jobId.toString());
    if(!dir.exists())
      assertTrue("faild to create dir="+dir.getAbsolutePath(), dir.mkdirs());
    // writing empty file, we don't need the keys for this test
    new Credentials().writeTokenStorageFile(new Path("file:///" + dir,
        TokenCache.JOB_TOKEN_HDFS_FILE), new Configuration());
  }

    URI uri = FileSystem.getDefaultUri(conf);
    String nnAddress =
      InetAddress.getByName(uri.getHost()).getHostAddress() + ":" + uri.getPort();
    token.setService(new Text(nnAddress));

    Credentials ts = new Credentials();
    ts.addToken(new Text(shortName), token);
    ts.writeTokenStorageToStream(out);
  }

      URL remoteURL = new URL(url.toString());
      SecurityUtil.fetchServiceTicket(remoteURL);
      URLConnection connection = remoteURL.openConnection();

      InputStream in = connection.getInputStream();
      Credentials ts = new Credentials();
      dis = new DataInputStream(in);
      ts.readFields(dis);
      return ts;
    } catch (Exception e) {
      throw new IOException("Unable to obtain remote token", e);
    } finally {
      if(dis != null) dis.close();

   * @param nnHttpAddr Namenode http addr, such as http://namenode:50070
   * @param filename Name of file to store token in
   */
  static private void getDTfromRemoteIntoFile(String nnAddr, String filename)
  throws IOException {
    Credentials ts = getDTfromRemote(nnAddr, null);

    DataOutputStream file = new DataOutputStream(new FileOutputStream(filename));
    ts.writeTokenStorageToStream(file);
    file.flush();
    System.out.println("Successfully wrote token of " + file.size()
        + " bytes  to " + filename);
  }

    // save local copy of JobToken file
    String localJobTokenFile = localizeJobTokenFile(t.getUser(), jobId);
    rjob.ugi = UserGroupInformation.createRemoteUser(t.getUser());

    Credentials ts = TokenCache.loadTokens(localJobTokenFile, fConf);
    Token<JobTokenIdentifier> jt = TokenCache.getJobToken(ts);
    if (jt != null) { //could be null in the case of some unit tests
      getJobTokenSecretManager().addTokenForJob(jobId.toString(), jt);
    }
    for (Token<? extends TokenIdentifier> token : ts.getAllTokens()) {
      rjob.ugi.addToken(token);
    }

    FileSystem userFs = getFS(jobFile, jobId, userConf);

    // two distinct Namenodes
    String nn1 = DelegationTokenRenewal.SCHEME + "://host1:0";
    String nn2 = DelegationTokenRenewal.SCHEME + "://host2:0";
    String nn3 = DelegationTokenRenewal.SCHEME + "://host3:0";

    Credentials ts = new Credentials();

    // register the token for renewal
    ts.addToken(new Text(nn1), token1);
    ts.addToken(new Text(nn2), token2);
    ts.addToken(new Text(nn3), token3);

    // register the tokens for renewal
    DelegationTokenRenewal.registerDelegationTokensForRenewal(
        new JobID("job1", 1), ts, conf);
    // first 3 initial renewals + 1 real
    int numberOfExpectedRenewals = 3+1;

    int attempts = 10;
    while(attempts-- > 0) {
      try {
        Thread.sleep(3*1000); // sleep 3 seconds, so it has time to renew
      } catch (InterruptedException e) {}

      // since we cannot guarantee timely execution - let's give few chances
      if(dfs.getCounter()==numberOfExpectedRenewals)
        break;
    }

    System.out.println("Counter = " + dfs.getCounter() + ";t="+
        dfs.getToken());
    assertEquals("renew wasn't called as many times as expected(4):",
        numberOfExpectedRenewals, dfs.getCounter());
    assertEquals("most recently renewed token mismatch", dfs.getToken(),
        token1);

    // Test 2.
    // add another token ( that expires in 2 secs). Then remove it, before
    // time is up.
    // Wait for 3 secs , and make sure no renews were called
    ts = new Credentials();
    MyToken token4 = dfs.getDelegationToken(new Text("user4"));

    //to cause this one to be set for renew in 2 secs
    dfs.setTokenToRenewIn2Sec(token4);
    System.out.println("token="+token4+" should be renewed for 2 secs");

    String nn4 = DelegationTokenRenewal.SCHEME + "://host4:0";
    ts.addToken(new Text(nn4), token4);


    JobID jid2 = new JobID("job2",1);
    DelegationTokenRenewal.registerDelegationTokensForRenewal(jid2, ts, conf);
    DelegationTokenRenewal.removeDelegationTokenRenewalForJob(jid2);

  //@InterfaceAudience.Private
  public static Credentials loadTokens(String jobTokenFile, JobConf conf)
  throws IOException {
    Path localJobTokenFile = new Path ("file:///" + jobTokenFile);

    Credentials ts =
      Credentials.readTokenStorageFile(localJobTokenFile, conf);

    if(LOG.isDebugEnabled()) {
      LOG.debug("Task: Loaded jobTokenFile from: "+
          localJobTokenFile.toUri().getPath()
        +"; num of sec keys  = " + ts.numberOfSecretKeys() +
        " Number of tokens " +
        ts.numberOfTokens());
    }
    return ts;
  }

          Token<DelegationTokenIdentifier> token =
            nn.getDelegationToken(new Text(renewerFinal));
          String s = NameNode.getAddress(conf).getAddress().getHostAddress()
                     + ":" + NameNode.getAddress(conf).getPort();
          token.setService(new Text(s));
          Credentials ts = new Credentials();
          ts.addToken(new Text(ugi.getShortUserName()), token);
          ts.write(dosFinal);
          dosFinal.close();
          return null;
        }
      });