/// <summary>Opens a url with read and connect timeouts</summary>
/// <param name="url">URL to open</param>
/// <param name="isSpnego">whether the url should be authenticated via SPNEGO</param>
/// <returns>URLConnection</returns>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public virtual URLConnection OpenConnection(Uri url, bool isSpnego)
{
if (isSpnego)
{
if (Log.IsDebugEnabled())
{
Log.Debug("open AuthenticatedURL connection" + url);
}
UserGroupInformation.GetCurrentUser().CheckTGTAndReloginFromKeytab();
AuthenticatedURL.Token authToken = new AuthenticatedURL.Token();
return(new AuthenticatedURL(new KerberosUgiAuthenticator(), connConfigurator).OpenConnection
(url, authToken));
}
else
{
if (Log.IsDebugEnabled())
{
Log.Debug("open URL connection");
}
URLConnection connection = url.OpenConnection();
if (connection is HttpURLConnection)
{
connConfigurator.Configure((HttpURLConnection)connection);
}
return(connection);
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
{
if (!HasDelegationToken(url, token))
{
authenticator.Authenticate(url, token);
}
}
/// <summary>
/// Renews a delegation token from the server end-point using the
/// configured <code>Authenticator</code> for authentication.
/// </summary>
/// <param name="url">
/// the URL to renew the delegation token from. Only HTTP/S URLs are
/// supported.
/// </param>
/// <param name="token">the authentication token with the Delegation Token to renew.</param>
/// <param name="doAsUser">the user to do as, which will be the token owner.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">if an authentication exception occurred.</exception>
public virtual long RenewDelegationToken(Uri url, AuthenticatedURL.Token token, Org.Apache.Hadoop.Security.Token.Token
<AbstractDelegationTokenIdentifier> dToken, string doAsUser)
{
IDictionary json = DoDelegationTokenOperation(url, token, DelegationTokenAuthenticator.DelegationTokenOperation
.Renewdelegationtoken, null, dToken, true, doAsUser);
return((long)json[RenewDelegationTokenJson]);
}
/// <exception cref="System.Exception"/>
public Void Call()
{
Uri url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"
);
AuthenticatedURL aUrl = new AuthenticatedURL();
AuthenticatedURL.Token aToken = new AuthenticatedURL.Token();
HttpURLConnection conn = aUrl.OpenConnection(url, aToken);
NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk);
return(null);
}
/// <summary>Cancels a delegation token from the server end-point.</summary>
/// <remarks>
/// Cancels a delegation token from the server end-point. It does not require
/// being authenticated by the configured <code>Authenticator</code>.
/// </remarks>
/// <param name="url">
/// the URL to cancel the delegation token from. Only HTTP/S URLs
/// are supported.
/// </param>
/// <param name="token">the authentication token with the Delegation Token to cancel.
/// </param>
/// <param name="doAsUser">the user to do as, which will be the token owner.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
public virtual void CancelDelegationToken(Uri url, AuthenticatedURL.Token token,
Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken
, string doAsUser)
{
try
{
DoDelegationTokenOperation(url, token, DelegationTokenAuthenticator.DelegationTokenOperation
.Canceldelegationtoken, null, dToken, false, doAsUser);
}
catch (AuthenticationException ex)
{
throw new IOException("This should not happen: " + ex.Message, ex);
}
}
/// <exception cref="System.Exception"/>
public Void Call()
{
//get delegation token doing SPNEGO authentication
Uri url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETDELEGATIONTOKEN"
);
AuthenticatedURL aUrl = new AuthenticatedURL();
AuthenticatedURL.Token aToken = new AuthenticatedURL.Token();
HttpURLConnection conn = aUrl.OpenConnection(url, aToken);
NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk);
JSONObject json = (JSONObject) new JSONParser().Parse(new InputStreamReader(conn.GetInputStream
()));
json = (JSONObject)json[DelegationTokenAuthenticator.DelegationTokenJson];
string tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson
];
//access httpfs using the delegation token
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk);
//try to renew the delegation token without SPNEGO credentials
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestMethod("PUT");
NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpUnauthorized
);
//renew the delegation token with SPNEGO credentials
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=RENEWDELEGATIONTOKEN&token="
+ tokenStr);
conn = aUrl.OpenConnection(url, aToken);
conn.SetRequestMethod("PUT");
NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk);
//cancel delegation token, no need for SPNEGO credentials
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=CANCELDELEGATIONTOKEN&token="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
conn.SetRequestMethod("PUT");
NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpOk);
//try to access httpfs with the canceled delegation token
url = new Uri(TestJettyHelper.GetJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY&delegation="
+ tokenStr);
conn = (HttpURLConnection)url.OpenConnection();
NUnit.Framework.Assert.AreEqual(conn.GetResponseCode(), HttpURLConnection.HttpUnauthorized
);
return(null);
}
private bool HasDelegationToken(Uri url, AuthenticatedURL.Token token)
{
bool hasDt = false;
if (token is DelegationTokenAuthenticatedURL.Token)
{
hasDt = ((DelegationTokenAuthenticatedURL.Token)token).GetDelegationToken() != null;
}
if (!hasDt)
{
string queryStr = url.GetQuery();
hasDt = (queryStr != null) && queryStr.Contains(DelegationParam + "=");
}
return(hasDt);
}
public static void Main(string[] args)
{
try
{
if (args.Length != 1)
{
System.Console.Error.WriteLine("Usage: <URL>");
System.Environment.Exit(-1);
}
AuthenticatedURL.Token token = new AuthenticatedURL.Token();
Uri url = new Uri(args[0]);
HttpURLConnection conn = new AuthenticatedURL().OpenConnection(url, token);
System.Console.Out.WriteLine();
System.Console.Out.WriteLine("Token value: " + token);
System.Console.Out.WriteLine("Status code: " + conn.GetResponseCode() + " " + conn
.GetResponseMessage());
System.Console.Out.WriteLine();
if (conn.GetResponseCode() == HttpURLConnection.HttpOk)
{
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.GetInputStream
(), Extensions.GetEncoding("UTF-8")));
string line = reader.ReadLine();
while (line != null)
{
System.Console.Out.WriteLine(line);
line = reader.ReadLine();
}
reader.Close();
}
System.Console.Out.WriteLine();
}
catch (Exception ex)
{
System.Console.Error.WriteLine("ERROR: " + ex.Message);
System.Environment.Exit(-1);
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
private IDictionary DoDelegationTokenOperation <_T0>(Uri url, AuthenticatedURL.Token
token, DelegationTokenAuthenticator.DelegationTokenOperation operation, string
renewer, Org.Apache.Hadoop.Security.Token.Token <_T0> dToken, bool hasResponse, string
doAsUser)
where _T0 : TokenIdentifier
{
IDictionary ret = null;
IDictionary <string, string> @params = new Dictionary <string, string>();
@params[OpParam] = operation.ToString();
if (renewer != null)
{
@params[RenewerParam] = renewer;
}
if (dToken != null)
{
@params[TokenParam] = dToken.EncodeToUrlString();
}
// proxyuser
if (doAsUser != null)
{
@params[DelegationTokenAuthenticatedURL.DoAs] = URLEncoder.Encode(doAsUser, "UTF-8"
);
}
string urlStr = url.ToExternalForm();
StringBuilder sb = new StringBuilder(urlStr);
string separator = (urlStr.Contains("?")) ? "&" : "?";
foreach (KeyValuePair <string, string> entry in @params)
{
sb.Append(separator).Append(entry.Key).Append("=").Append(URLEncoder.Encode(entry
.Value, "UTF8"));
separator = "&";
}
url = new Uri(sb.ToString());
AuthenticatedURL aUrl = new AuthenticatedURL(this, connConfigurator);
HttpURLConnection conn = aUrl.OpenConnection(url, token);
conn.SetRequestMethod(operation.GetHttpMethod());
HttpExceptionUtils.ValidateResponse(conn, HttpURLConnection.HttpOk);
if (hasResponse)
{
string contentType = conn.GetHeaderField(ContentType);
contentType = (contentType != null) ? StringUtils.ToLowerCase(contentType) : null;
if (contentType != null && contentType.Contains(ApplicationJsonMime))
{
try
{
ObjectMapper mapper = new ObjectMapper();
ret = mapper.ReadValue <IDictionary>(conn.GetInputStream());
}
catch (Exception ex)
{
throw new AuthenticationException(string.Format("'%s' did not handle the '%s' delegation token operation: %s"
, url.GetAuthority(), operation, ex.Message), ex);
}
}
else
{
throw new AuthenticationException(string.Format("'%s' did not " + "respond with JSON to the '%s' delegation token operation"
, url.GetAuthority(), operation));
}
}
return(ret);
}
/// <summary>Cancels a delegation token from the server end-point.</summary>
/// <remarks>
/// Cancels a delegation token from the server end-point. It does not require
/// being authenticated by the configured <code>Authenticator</code>.
/// </remarks>
/// <param name="url">
/// the URL to cancel the delegation token from. Only HTTP/S URLs
/// are supported.
/// </param>
/// <param name="token">the authentication token with the Delegation Token to cancel.
/// </param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
public virtual void CancelDelegationToken(Uri url, AuthenticatedURL.Token token,
Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken
)
{
CancelDelegationToken(url, token, dToken, null);
}
/// <summary>
/// Renews a delegation token from the server end-point using the
/// configured <code>Authenticator</code> for authentication.
/// </summary>
/// <param name="url">
/// the URL to renew the delegation token from. Only HTTP/S URLs are
/// supported.
/// </param>
/// <param name="token">the authentication token with the Delegation Token to renew.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">if an authentication exception occurred.</exception>
public virtual long RenewDelegationToken(Uri url, AuthenticatedURL.Token token, Org.Apache.Hadoop.Security.Token.Token
<AbstractDelegationTokenIdentifier> dToken)
{
return(RenewDelegationToken(url, token, dToken, null));
}
> GetDelegationToken(Uri url, AuthenticatedURL.Token token, string renewer, string
doAsUser)
{
IDictionary json = DoDelegationTokenOperation(url, token, DelegationTokenAuthenticator.DelegationTokenOperation
.Getdelegationtoken, renewer, null, true, doAsUser);
json = (IDictionary)json[DelegationTokenJson];
string tokenStr = (string)json[DelegationTokenUrlStringJson];
Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dToken =
new Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier>();
dToken.DecodeFromUrlString(tokenStr);
IPEndPoint service = new IPEndPoint(url.GetHost(), url.Port);
SecurityUtil.SetTokenService(dToken, service);
return(dToken);
}
> GetDelegationToken(Uri url, AuthenticatedURL.Token token, string renewer)
{
return(GetDelegationToken(url, token, renewer, null));
}
/// <summary>
/// Returns an authenticated
/// <see cref="HttpURLConnection"/>
/// , it uses a Delegation
/// Token only if the given auth token is an instance of
/// <see cref="Token"/>
/// and
/// it contains a Delegation Token, otherwise use the configured
/// <see cref="DelegationTokenAuthenticator"/>
/// to authenticate the connection.
/// </summary>
/// <param name="url">the URL to connect to. Only HTTP/S URLs are supported.</param>
/// <param name="token">the authentication token being used for the user.</param>
/// <returns>
/// an authenticated
/// <see cref="HttpURLConnection"/>
/// .
/// </returns>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// ">if an authentication exception occurred.</exception>
public override HttpURLConnection OpenConnection(Uri url, AuthenticatedURL.Token
token)
{
return((token is DelegationTokenAuthenticatedURL.Token) ? OpenConnection(url, (DelegationTokenAuthenticatedURL.Token
)token) : base.OpenConnection(url, token));
}
