Esempio n. 1
0
        /// <exception cref="System.Exception"/>
        public virtual void TestUGIAuthMethodInRealUser()
        {
            UserGroupInformation ugi      = UserGroupInformation.GetCurrentUser();
            UserGroupInformation proxyUgi = UserGroupInformation.CreateProxyUser("proxy", ugi
                                                                                 );

            UserGroupInformation.AuthenticationMethod am = UserGroupInformation.AuthenticationMethod
                                                           .Kerberos;
            ugi.SetAuthenticationMethod(am);
            Assert.Equal(am, ugi.GetAuthenticationMethod());
            Assert.Equal(UserGroupInformation.AuthenticationMethod.Proxy,
                         proxyUgi.GetAuthenticationMethod());
            Assert.Equal(am, UserGroupInformation.GetRealAuthenticationMethod
                             (proxyUgi));
            proxyUgi.DoAs(new _PrivilegedExceptionAction_690(am));
            UserGroupInformation proxyUgi2 = new UserGroupInformation(proxyUgi.GetSubject());

            proxyUgi2.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Proxy
                                              );
            Assert.Equal(proxyUgi, proxyUgi2);
            // Equality should work if authMethod is null
            UserGroupInformation realugi   = UserGroupInformation.GetCurrentUser();
            UserGroupInformation proxyUgi3 = UserGroupInformation.CreateProxyUser("proxyAnother"
                                                                                  , realugi);
            UserGroupInformation proxyUgi4 = new UserGroupInformation(proxyUgi3.GetSubject());

            Assert.Equal(proxyUgi3, proxyUgi4);
        }
Esempio n. 2
0
        /// <summary>
        /// Get
        /// <see cref="Org.Apache.Hadoop.Security.UserGroupInformation"/>
        /// and possibly the delegation token out of
        /// the request.
        /// </summary>
        /// <param name="context">the ServletContext that is serving this request.</param>
        /// <param name="request">the http request</param>
        /// <param name="conf">configuration</param>
        /// <param name="secureAuthMethod">the AuthenticationMethod used in secure mode.</param>
        /// <param name="tryUgiParameter">Should it try the ugi parameter?</param>
        /// <returns>a new user from the request</returns>
        /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if the request has no token
        ///     </exception>
        /// <exception cref="System.IO.IOException"/>
        public static UserGroupInformation GetUGI(ServletContext context, HttpServletRequest
                                                  request, Configuration conf, UserGroupInformation.AuthenticationMethod secureAuthMethod
                                                  , bool tryUgiParameter)
        {
            UserGroupInformation ugi = null;
            string usernameFromQuery = GetUsernameFromQuery(request, tryUgiParameter);
            string doAsUserFromQuery = request.GetParameter(DoAsParam.Name);
            string remoteUser;

            if (UserGroupInformation.IsSecurityEnabled())
            {
                remoteUser = request.GetRemoteUser();
                string tokenString = request.GetParameter(DelegationParameterName);
                if (tokenString != null)
                {
                    // Token-based connections need only verify the effective user, and
                    // disallow proxying to different user.  Proxy authorization checks
                    // are not required since the checks apply to issuing a token.
                    ugi = GetTokenUGI(context, request, tokenString, conf);
                    CheckUsername(ugi.GetShortUserName(), usernameFromQuery);
                    CheckUsername(ugi.GetShortUserName(), doAsUserFromQuery);
                }
                else
                {
                    if (remoteUser == null)
                    {
                        throw new IOException("Security enabled but user not authenticated by filter");
                    }
                }
            }
            else
            {
                // Security's not on, pull from url or use default web user
                remoteUser = (usernameFromQuery == null) ? GetDefaultWebUserName(conf) : usernameFromQuery;
            }
            // not specified in request
            if (ugi == null)
            {
                // security is off, or there's no token
                ugi = UserGroupInformation.CreateRemoteUser(remoteUser);
                CheckUsername(ugi.GetShortUserName(), usernameFromQuery);
                if (UserGroupInformation.IsSecurityEnabled())
                {
                    // This is not necessarily true, could have been auth'ed by user-facing
                    // filter
                    ugi.SetAuthenticationMethod(secureAuthMethod);
                }
                if (doAsUserFromQuery != null)
                {
                    // create and attempt to authorize a proxy user
                    ugi = UserGroupInformation.CreateProxyUser(doAsUserFromQuery, ugi);
                    ProxyUsers.Authorize(ugi, GetRemoteAddr(request));
                }
            }
            if (Log.IsDebugEnabled())
            {
                Log.Debug("getUGI is returning: " + ugi.GetShortUserName());
            }
            return(ugi);
        }
Esempio n. 3
0
        /// <exception cref="System.IO.IOException"/>
        public virtual void TestSecureProxyAuthParamsInUrl()
        {
            Configuration conf = new Configuration();

            // fake turning on security so api thinks it should use tokens
            SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
                                                 , conf);
            UserGroupInformation.SetConfiguration(conf);
            UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("test-user");

            ugi.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos);
            ugi = UserGroupInformation.CreateProxyUser("test-proxy-user", ugi);
            UserGroupInformation.SetLoginUser(ugi);
            WebHdfsFileSystem webhdfs = GetWebHdfsFileSystem(ugi, conf);
            Path   fsPath             = new Path("/");
            string tokenString        = webhdfs.GetDelegationToken().EncodeToUrlString();
            // send real+effective
            Uri getTokenUrl = webhdfs.ToUrl(GetOpParam.OP.Getdelegationtoken, fsPath);

            CheckQueryParams(new string[] { GetOpParam.OP.Getdelegationtoken.ToQueryString(),
                                            new UserParam(ugi.GetRealUser().GetShortUserName()).ToString(), new DoAsParam(ugi
                                                                                                                          .GetShortUserName()).ToString() }, getTokenUrl);
            // send real+effective
            Uri renewTokenUrl = webhdfs.ToUrl(PutOpParam.OP.Renewdelegationtoken, fsPath, new
                                              TokenArgumentParam(tokenString));

            CheckQueryParams(new string[] { PutOpParam.OP.Renewdelegationtoken.ToQueryString(
                                                ), new UserParam(ugi.GetRealUser().GetShortUserName()).ToString(), new DoAsParam
                                                (ugi.GetShortUserName()).ToString(), new TokenArgumentParam(tokenString).ToString
                                                () }, renewTokenUrl);
            // send token
            Uri cancelTokenUrl = webhdfs.ToUrl(PutOpParam.OP.Canceldelegationtoken, fsPath, new
                                               TokenArgumentParam(tokenString));

            CheckQueryParams(new string[] { PutOpParam.OP.Canceldelegationtoken.ToQueryString
                                                (), new UserParam(ugi.GetRealUser().GetShortUserName()).ToString(), new DoAsParam
                                                (ugi.GetShortUserName()).ToString(), new TokenArgumentParam(tokenString).ToString
                                                () }, cancelTokenUrl);
            // send token
            Uri fileStatusUrl = webhdfs.ToUrl(GetOpParam.OP.Getfilestatus, fsPath);

            CheckQueryParams(new string[] { GetOpParam.OP.Getfilestatus.ToQueryString(), new
                                            DelegationParam(tokenString).ToString() }, fileStatusUrl);
            // wipe out internal token to simulate auth always required
            webhdfs.SetDelegationToken(null);
            // send real+effective
            cancelTokenUrl = webhdfs.ToUrl(PutOpParam.OP.Canceldelegationtoken, fsPath, new TokenArgumentParam
                                               (tokenString));
            CheckQueryParams(new string[] { PutOpParam.OP.Canceldelegationtoken.ToQueryString
                                                (), new UserParam(ugi.GetRealUser().GetShortUserName()).ToString(), new DoAsParam
                                                (ugi.GetShortUserName()).ToString(), new TokenArgumentParam(tokenString).ToString
                                                () }, cancelTokenUrl);
            // send real+effective
            fileStatusUrl = webhdfs.ToUrl(GetOpParam.OP.Getfilestatus, fsPath);
            CheckQueryParams(new string[] { GetOpParam.OP.Getfilestatus.ToQueryString(), new
                                            UserParam(ugi.GetRealUser().GetShortUserName()).ToString(), new DoAsParam(ugi.GetShortUserName
                                                                                                                          ()).ToString() }, fileStatusUrl);
        }
Esempio n. 4
0
        /// <exception cref="System.Exception"/>
        public virtual void TestUGIAuthMethod()
        {
            UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

            UserGroupInformation.AuthenticationMethod am = UserGroupInformation.AuthenticationMethod
                                                           .Kerberos;
            ugi.SetAuthenticationMethod(am);
            Assert.Equal(am, ugi.GetAuthenticationMethod());
            ugi.DoAs(new _PrivilegedExceptionAction_668(am));
        }
Esempio n. 5
0
        /// <exception cref="System.Exception"/>
        public virtual void TestTestAuthMethod()
        {
            UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();

            // verify the reverse mappings works
            foreach (UserGroupInformation.AuthenticationMethod am in UserGroupInformation.AuthenticationMethod
                     .Values())
            {
                if (am.GetAuthMethod() != null)
                {
                    ugi.SetAuthenticationMethod(am.GetAuthMethod());
                    Assert.Equal(am, ugi.GetAuthenticationMethod());
                }
            }
        }
Esempio n. 6
0
        public virtual void TestGetRealAuthenticationMethod()
        {
            UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("user1");

            ugi.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Simple);
            Assert.Equal(UserGroupInformation.AuthenticationMethod.Simple,
                         ugi.GetAuthenticationMethod());
            Assert.Equal(UserGroupInformation.AuthenticationMethod.Simple,
                         ugi.GetRealAuthenticationMethod());
            ugi = UserGroupInformation.CreateProxyUser("user2", ugi);
            Assert.Equal(UserGroupInformation.AuthenticationMethod.Proxy,
                         ugi.GetAuthenticationMethod());
            Assert.Equal(UserGroupInformation.AuthenticationMethod.Simple,
                         ugi.GetRealAuthenticationMethod());
        }
Esempio n. 7
0
        public virtual void TestGetUserGroupInformationSecure()
        {
            string               userName       = "******";
            string               currentUser    = "******";
            NfsConfiguration     conf           = new NfsConfiguration();
            UserGroupInformation currentUserUgi = UserGroupInformation.CreateRemoteUser(currentUser
                                                                                        );

            currentUserUgi.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.
                                                   Kerberos);
            UserGroupInformation.SetLoginUser(currentUserUgi);
            DFSClientCache       cache     = new DFSClientCache(conf);
            UserGroupInformation ugiResult = cache.GetUserGroupInformation(userName, currentUserUgi
                                                                           );

            Assert.AssertThat(ugiResult.GetUserName(), IS.Is(userName));
            Assert.AssertThat(ugiResult.GetRealUser(), IS.Is(currentUserUgi));
            Assert.AssertThat(ugiResult.GetAuthenticationMethod(), IS.Is(UserGroupInformation.AuthenticationMethod
                                                                         .Proxy));
        }
Esempio n. 8
0
        public virtual void TestDelegationToken()
        {
            YarnConfiguration conf = new YarnConfiguration();

            conf.Set(YarnConfiguration.RmPrincipal, "testuser/[email protected]");
            conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos");
            UserGroupInformation.SetConfiguration(conf);
            ResourceScheduler scheduler = CreateMockScheduler(conf);
            long initialInterval        = 10000l;
            long maxLifetime            = 20000l;
            long renewInterval          = 10000l;
            RMDelegationTokenSecretManager rmDtSecretManager = CreateRMDelegationTokenSecretManager
                                                                   (initialInterval, maxLifetime, renewInterval);

            rmDtSecretManager.StartThreads();
            Log.Info("Creating DelegationTokenSecretManager with initialInterval: " + initialInterval
                     + ", maxLifetime: " + maxLifetime + ", renewInterval: " + renewInterval);
            ClientRMService clientRMService = new TestClientRMTokens.ClientRMServiceForTest(this
                                                                                            , conf, scheduler, rmDtSecretManager);

            clientRMService.Init(conf);
            clientRMService.Start();
            ApplicationClientProtocol clientRMWithDT = null;

            try
            {
                // Create a user for the renewr and fake the authentication-method
                UserGroupInformation loggedInUser = UserGroupInformation.CreateRemoteUser("*****@*****.**"
                                                                                          );
                NUnit.Framework.Assert.AreEqual("testrenewer", loggedInUser.GetShortUserName());
                // Default realm is APACHE.ORG
                loggedInUser.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
                                                     );
                Token token = GetDelegationToken(loggedInUser, clientRMService, loggedInUser.GetShortUserName
                                                     ());
                long tokenFetchTime = Runtime.CurrentTimeMillis();
                Log.Info("Got delegation token at: " + tokenFetchTime);
                // Now try talking to RMService using the delegation token
                clientRMWithDT = GetClientRMProtocolWithDT(token, clientRMService.GetBindAddress(
                                                               ), "loginuser1", conf);
                GetNewApplicationRequest request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <
                    GetNewApplicationRequest>();
                try
                {
                    clientRMWithDT.GetNewApplication(request);
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                catch (YarnException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                // Renew after 50% of token age.
                while (Runtime.CurrentTimeMillis() < tokenFetchTime + initialInterval / 2)
                {
                    Sharpen.Thread.Sleep(500l);
                }
                long nextExpTime = RenewDelegationToken(loggedInUser, clientRMService, token);
                long renewalTime = Runtime.CurrentTimeMillis();
                Log.Info("Renewed token at: " + renewalTime + ", NextExpiryTime: " + nextExpTime);
                // Wait for first expiry, but before renewed expiry.
                while (Runtime.CurrentTimeMillis() > tokenFetchTime + initialInterval && Runtime.
                       CurrentTimeMillis() < nextExpTime)
                {
                    Sharpen.Thread.Sleep(500l);
                }
                Sharpen.Thread.Sleep(50l);
                // Valid token because of renewal.
                try
                {
                    clientRMWithDT.GetNewApplication(request);
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                catch (YarnException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                // Wait for expiry.
                while (Runtime.CurrentTimeMillis() < renewalTime + renewInterval)
                {
                    Sharpen.Thread.Sleep(500l);
                }
                Sharpen.Thread.Sleep(50l);
                Log.Info("At time: " + Runtime.CurrentTimeMillis() + ", token should be invalid");
                // Token should have expired.
                try
                {
                    clientRMWithDT.GetNewApplication(request);
                    NUnit.Framework.Assert.Fail("Should not have succeeded with an expired token");
                }
                catch (Exception e)
                {
                    NUnit.Framework.Assert.AreEqual(typeof(SecretManager.InvalidToken).FullName, e.GetType
                                                        ().FullName);
                    NUnit.Framework.Assert.IsTrue(e.Message.Contains("is expired"));
                }
                // Test cancellation
                // Stop the existing proxy, start another.
                if (clientRMWithDT != null)
                {
                    RPC.StopProxy(clientRMWithDT);
                    clientRMWithDT = null;
                }
                token = GetDelegationToken(loggedInUser, clientRMService, loggedInUser.GetShortUserName
                                               ());
                tokenFetchTime = Runtime.CurrentTimeMillis();
                Log.Info("Got delegation token at: " + tokenFetchTime);
                // Now try talking to RMService using the delegation token
                clientRMWithDT = GetClientRMProtocolWithDT(token, clientRMService.GetBindAddress(
                                                               ), "loginuser2", conf);
                request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetNewApplicationRequest>
                              ();
                try
                {
                    clientRMWithDT.GetNewApplication(request);
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                catch (YarnException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                CancelDelegationToken(loggedInUser, clientRMService, token);
                if (clientRMWithDT != null)
                {
                    RPC.StopProxy(clientRMWithDT);
                    clientRMWithDT = null;
                }
                // Creating a new connection.
                clientRMWithDT = GetClientRMProtocolWithDT(token, clientRMService.GetBindAddress(
                                                               ), "loginuser2", conf);
                Log.Info("Cancelled delegation token at: " + Runtime.CurrentTimeMillis());
                // Verify cancellation worked.
                try
                {
                    clientRMWithDT.GetNewApplication(request);
                    NUnit.Framework.Assert.Fail("Should not have succeeded with a cancelled delegation token"
                                                );
                }
                catch (IOException)
                {
                }
                catch (YarnException)
                {
                }
                // Test new version token
                // Stop the existing proxy, start another.
                if (clientRMWithDT != null)
                {
                    RPC.StopProxy(clientRMWithDT);
                    clientRMWithDT = null;
                }
                token = GetDelegationToken(loggedInUser, clientRMService, loggedInUser.GetShortUserName
                                               ());
                byte[] tokenIdentifierContent = ((byte[])token.GetIdentifier().Array());
                RMDelegationTokenIdentifier tokenIdentifier = new RMDelegationTokenIdentifier();
                DataInputBuffer             dib             = new DataInputBuffer();
                dib.Reset(tokenIdentifierContent, tokenIdentifierContent.Length);
                tokenIdentifier.ReadFields(dib);
                // Construct new version RMDelegationTokenIdentifier with additional field
                RMDelegationTokenIdentifierForTest newVersionTokenIdentifier = new RMDelegationTokenIdentifierForTest
                                                                                   (tokenIdentifier, "message");
                Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> newRMDTtoken =
                    new Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier>(newVersionTokenIdentifier
                                                                                             , rmDtSecretManager);
                Org.Apache.Hadoop.Yarn.Api.Records.Token newToken = BuilderUtils.NewDelegationToken
                                                                        (newRMDTtoken.GetIdentifier(), newRMDTtoken.GetKind().ToString(), newRMDTtoken.GetPassword
                                                                            (), newRMDTtoken.GetService().ToString());
                // Now try talking to RMService using the new version delegation token
                clientRMWithDT = GetClientRMProtocolWithDT(newToken, clientRMService.GetBindAddress
                                                               (), "loginuser3", conf);
                request = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <GetNewApplicationRequest>
                              ();
                try
                {
                    clientRMWithDT.GetNewApplication(request);
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                catch (YarnException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
            }
            finally
            {
                rmDtSecretManager.StopThreads();
                // TODO PRECOMMIT Close proxies.
                if (clientRMWithDT != null)
                {
                    RPC.StopProxy(clientRMWithDT);
                }
            }
        }
Esempio n. 9
0
        public virtual void TestDelegationToken()
        {
            Logger rootLogger = LogManager.GetRootLogger();

            rootLogger.SetLevel(Level.Debug);
            YarnConfiguration conf = new YarnConfiguration(new JobConf());

            // Just a random principle
            conf.Set(JHAdminConfig.MrHistoryPrincipal, "RandomOrc/[email protected]");
            conf.Set(CommonConfigurationKeysPublic.HadoopSecurityAuthentication, "kerberos");
            UserGroupInformation.SetConfiguration(conf);
            long             initialInterval  = 10000l;
            long             maxLifetime      = 20000l;
            long             renewInterval    = 10000l;
            JobHistoryServer jobHistoryServer = null;
            MRClientProtocol clientUsingDT    = null;
            long             tokenFetchTime;

            try
            {
                jobHistoryServer = new _JobHistoryServer_87(initialInterval, maxLifetime, renewInterval
                                                            );
                // no keytab based login
                // Don't need it, skip.;
                //      final JobHistoryServer jobHistoryServer = jhServer;
                jobHistoryServer.Init(conf);
                jobHistoryServer.Start();
                MRClientProtocol hsService = jobHistoryServer.GetClientService().GetClientHandler
                                                 ();
                // Fake the authentication-method
                UserGroupInformation loggedInUser = UserGroupInformation.CreateRemoteUser("*****@*****.**"
                                                                                          );
                NUnit.Framework.Assert.AreEqual("testrenewer", loggedInUser.GetShortUserName());
                // Default realm is APACHE.ORG
                loggedInUser.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
                                                     );
                Token token = GetDelegationToken(loggedInUser, hsService, loggedInUser.GetShortUserName
                                                     ());
                tokenFetchTime = Runtime.CurrentTimeMillis();
                Log.Info("Got delegation token at: " + tokenFetchTime);
                // Now try talking to JHS using the delegation token
                clientUsingDT = GetMRClientProtocol(token, jobHistoryServer.GetClientService().GetBindAddress
                                                        (), "TheDarkLord", conf);
                GetJobReportRequest jobReportRequest = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord
                                                       <GetJobReportRequest>();
                jobReportRequest.SetJobId(MRBuilderUtils.NewJobId(123456, 1, 1));
                try
                {
                    clientUsingDT.GetJobReport(jobReportRequest);
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.AreEqual("Unknown job job_123456_0001", e.Message);
                }
                // Renew after 50% of token age.
                while (Runtime.CurrentTimeMillis() < tokenFetchTime + initialInterval / 2)
                {
                    Sharpen.Thread.Sleep(500l);
                }
                long nextExpTime = RenewDelegationToken(loggedInUser, hsService, token);
                long renewalTime = Runtime.CurrentTimeMillis();
                Log.Info("Renewed token at: " + renewalTime + ", NextExpiryTime: " + nextExpTime);
                // Wait for first expiry, but before renewed expiry.
                while (Runtime.CurrentTimeMillis() > tokenFetchTime + initialInterval && Runtime.
                       CurrentTimeMillis() < nextExpTime)
                {
                    Sharpen.Thread.Sleep(500l);
                }
                Sharpen.Thread.Sleep(50l);
                // Valid token because of renewal.
                try
                {
                    clientUsingDT.GetJobReport(jobReportRequest);
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.AreEqual("Unknown job job_123456_0001", e.Message);
                }
                // Wait for expiry.
                while (Runtime.CurrentTimeMillis() < renewalTime + renewInterval)
                {
                    Sharpen.Thread.Sleep(500l);
                }
                Sharpen.Thread.Sleep(50l);
                Log.Info("At time: " + Runtime.CurrentTimeMillis() + ", token should be invalid");
                // Token should have expired.
                try
                {
                    clientUsingDT.GetJobReport(jobReportRequest);
                    NUnit.Framework.Assert.Fail("Should not have succeeded with an expired token");
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.IsTrue(e.InnerException.Message.Contains("is expired"));
                }
                // Test cancellation
                // Stop the existing proxy, start another.
                if (clientUsingDT != null)
                {
                    //        RPC.stopProxy(clientUsingDT);
                    clientUsingDT = null;
                }
                token = GetDelegationToken(loggedInUser, hsService, loggedInUser.GetShortUserName
                                               ());
                tokenFetchTime = Runtime.CurrentTimeMillis();
                Log.Info("Got delegation token at: " + tokenFetchTime);
                // Now try talking to HSService using the delegation token
                clientUsingDT = GetMRClientProtocol(token, jobHistoryServer.GetClientService().GetBindAddress
                                                        (), "loginuser2", conf);
                try
                {
                    clientUsingDT.GetJobReport(jobReportRequest);
                }
                catch (IOException e)
                {
                    NUnit.Framework.Assert.Fail("Unexpected exception" + e);
                }
                CancelDelegationToken(loggedInUser, hsService, token);
                // Testing the token with different renewer to cancel the token
                Token tokenWithDifferentRenewer = GetDelegationToken(loggedInUser, hsService, "yarn"
                                                                     );
                CancelDelegationToken(loggedInUser, hsService, tokenWithDifferentRenewer);
                if (clientUsingDT != null)
                {
                    //        RPC.stopProxy(clientUsingDT);
                    clientUsingDT = null;
                }
                // Creating a new connection.
                clientUsingDT = GetMRClientProtocol(token, jobHistoryServer.GetClientService().GetBindAddress
                                                        (), "loginuser2", conf);
                Log.Info("Cancelled delegation token at: " + Runtime.CurrentTimeMillis());
                // Verify cancellation worked.
                try
                {
                    clientUsingDT.GetJobReport(jobReportRequest);
                    NUnit.Framework.Assert.Fail("Should not have succeeded with a cancelled delegation token"
                                                );
                }
                catch (IOException)
                {
                }
            }
            finally
            {
                jobHistoryServer.Stop();
            }
        }