[ https://issues.apache.org/jira/browse/HADOOP-10771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alejandro Abdelnur updated HADOOP-10771: ---------------------------------------- Attachment: HADOOP-10771.patch HADOOP-10771.sh Run the script first, using 'fs' parameter if in a GIT checkout or using 'svn' if in a SVN checkout. Following some comments that may help the review. *Moves:* {code} src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/client/HttpFSKerberosAuthenticator.java dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticator.java NOTES: refactored client Delegation Token management logic (get/renew/cancel) into an auth abstract authenticator. introduced a special auth-token subclass to encapsulate client side handling of the delegation token. src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/client/HttpFSPseudoAuthenticator.java dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/PseudoDelegationTokenAuthenticator.java NOTES: simple move, this is a simple authenticator that uses UGI instead of System.getProperties("user.name") as in hadoop-auth src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSAuthenticationFilter.java dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationFilter.java NOTES: move and minor clean up of config loading for general use. src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/fs/http/server/HttpFSKerberosAuthenticationHandler.java dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenAuthenticationHandler.java NOTES: simple move and minor tweaks. this is where the Delegation Token management (get/renew/cancel) happens on the server sdie. src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/lib/service/DelegationTokenIdentifier.java dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenIdentifier.java NOTES: simple move src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/java/org/apache/hadoop/lib/service/security/DelegationTokenManagerService.java dst: hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/web/DelegationTokenManager.java NOTES: move and code simplification, and generalization to be able to use an existing secret manager if provided in the servlet context. src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/lib/service/security/TestDelegationTokenManagerService.java dst: hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenManager.java NOTES: simple move src: hadoop-hdfs-project/hadoop-hdfs-httpfs/src/test/java/org/apache/hadoop/fs/http/server/TestHttpFSKerberosAuthenticationHandler.java dst: hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenAuthenticationHandlerWithMocks.java NOTES: move, adding more tests. {code} *New code:* * DelegationTokenAuthenticatedURL.java: AuthenticatedURL subclass providing public API to do delegation token management. * KerberosDelegationTokenAuthenticator.java: client subclass that composes the existing Kerberos authenticator with the delegation token management one. * PseudoDelegationTokenAuthenticator.java: client subclass that composes the existing simple authenticator with the delegation token management one. * PseudoDelegationTokenAuthenticationHandler.java: server subclass that provides pseudo auth with delegation token support, simply setting the auth-token type to be 'simple-dt'. * KerberosDelegationTokenAuthenticationHandler.java: server subclass that provides kerberos auth with delegation token support, simply setting the auth-token type to be 'kerberos-dt'. > Refactor HTTP delegation support out of httpfs to common > -------------------------------------------------------- > > Key: HADOOP-10771 > URL: https://issues.apache.org/jira/browse/HADOOP-10771 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.0.0 > Reporter: Alejandro Abdelnur > Assignee: Alejandro Abdelnur > Attachments: HADOOP-10771.patch, HADOOP-10771.sh > > > HttpFS implements delegation token support in {{AuthenticationFilter}} & > {{AuthenticationHandler}} subclasses. > For HADOOP-10770 we need similar functionality for KMS. > Not to duplicate code, we should refactor existing code to common. -- This message was sent by Atlassian JIRA (v6.2#6252)