[ https://issues.apache.org/jira/browse/HADOOP-11181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14169861#comment-14169861 ]
Varun Vasudev commented on HADOOP-11181: ---------------------------------------- Patch looks good to me. > o.a.h.security.token.delegation.DelegationTokenManager should be more > generalized to handle other DelegationTokenIdentifier > --------------------------------------------------------------------------------------------------------------------------- > > Key: HADOOP-11181 > URL: https://issues.apache.org/jira/browse/HADOOP-11181 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Attachments: HADOOP-11181.1.patch > > > While DelegationTokenManager can set external secretManager, it have the > assumption that the token is going to be > o.a.h.security.token.delegation.DelegationTokenIdentifier, and use > DelegationTokenIdentifier method to decode a token. > {code} > @SuppressWarnings("unchecked") > public UserGroupInformation verifyToken(Token<DelegationTokenIdentifier> > token) throws IOException { > ByteArrayInputStream buf = new > ByteArrayInputStream(token.getIdentifier()); > DataInputStream dis = new DataInputStream(buf); > DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind); > id.readFields(dis); > dis.close(); > secretManager.verifyToken(id, token.getPassword()); > return id.getUser(); > } > {code} > It's not going to work it the token kind is other than > web.DelegationTokenIdentifier. For example, RM want to reuse it but hook it > to RMDelegationTokenSecretManager and RMDelegationTokenIdentifier, which has > the customized way to decode a token. -- This message was sent by Atlassian JIRA (v6.3.4#6332)