abstractdog commented on code in PR #3626:
URL: https://github.com/apache/hive/pull/3626#discussion_r1041203596
##########
llap-client/src/java/org/apache/hadoop/hive/llap/security/LlapTokenClient.java:
##########
@@ -117,10 +121,72 @@ private Token<LlapTokenIdentifier>
extractToken(ByteString tokenBytes) throws IO
private ByteString getTokenBytes(final String appId) throws IOException,
ServiceException {
assert clientInstance != null;
+ if (currentToken != null) {
+ try {
+ return fetchTokenWithCurrentToken(appId);
+ } catch (Exception e) {
+ LOG.error("IOException while getting delgation token, trying with
kerberos login", e);
+ return fetchTokenWithKerberosLogin(appId);
+ }
+ } else {
+ LOG.info("currentToken is null, let's try to fetch one with kerberos
login");
+ return fetchTokenWithKerberosLogin(appId);
+ }
+ }
+
+ /**
+ * Tries to fetch token by LlapManagementProtocolClientImpl from a daemon on
the cluster.
+ * Assumes that we already have a valid currentToken for communicating with
the daemons.
+ */
+ private ByteString fetchTokenWithCurrentToken(final String appId) throws
IOException, ServiceException {
+ UserGroupInformation ugi = getUgiWithCurrentToken();
+ return getTokenWithUgi(appId, ugi);
+ }
+
+ /**
+ * Tries to fetch token by LlapManagementProtocolClientImpl with a kerberos
login.
+ * 1. Logs in to kerberos
+ * 2. Obtains an authenticated ugi
+ * 3. Fetches a delegation token from a deamon.
Review Comment:
ack
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
