001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.oozie.action.hadoop; 020 021import java.sql.Connection; 022import java.sql.DriverManager; 023 024import org.apache.hadoop.conf.Configuration; 025import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; 026import org.apache.hadoop.security.Credentials; 027import org.apache.hadoop.security.token.Token; 028import org.apache.hive.jdbc.HiveConnection; 029import org.apache.oozie.ErrorCode; 030import org.apache.oozie.action.ActionExecutor.Context; 031import org.apache.oozie.util.XLog; 032 033/** 034 * Credentials implementation, Hive Server 2 specific properties 035 * User specifies these credential properties along with the action configuration 036 * The credentials is used further to pass credentials to the tasks while running 037 * Oozie server should be configured to use this class by including it via property 'oozie.credentials.credentialclasses' 038 * User can extend the parent class to implement own class as well 039 * for handling custom token-based credentials and add to the above server property 040 */ 041public class Hive2Credentials implements CredentialsProvider { 042 043 private static final String USER_NAME = "user.name"; 044 private static final String HIVE2_JDBC_URL = "hive2.jdbc.url"; 045 private static final String HIVE2_SERVER_PRINCIPAL = "hive2.server.principal"; 046 047 @Override 048 public void updateCredentials(Credentials credentials, Configuration config, CredentialsProperties props, 049 Context context) throws Exception { 050 try { 051 // load the driver 052 Class.forName("org.apache.hive.jdbc.HiveDriver"); 053 054 String url = props.getProperties().get(HIVE2_JDBC_URL); 055 if (url == null || url.isEmpty()) { 056 throw new CredentialException(ErrorCode.E0510, 057 HIVE2_JDBC_URL + " is required to get hive server 2 credential"); 058 } 059 String principal = props.getProperties().get(HIVE2_SERVER_PRINCIPAL); 060 if (principal == null || principal.isEmpty()) { 061 throw new CredentialException(ErrorCode.E0510, 062 HIVE2_SERVER_PRINCIPAL + " is required to get hive server 2 credentials"); 063 } 064 url = url + ";principal=" + principal; 065 Connection con = null; 066 String tokenStr = null; 067 try { 068 con = DriverManager.getConnection(url); 069 XLog.getLog(getClass()).debug("Connected successfully to " + url); 070 // get delegation token for the given proxy user 071 tokenStr = ((HiveConnection)con).getDelegationToken(config.get(USER_NAME), principal); 072 } finally { 073 if (con != null) { 074 con.close(); 075 } 076 } 077 XLog.getLog(getClass()).debug("Got token"); 078 079 Token<DelegationTokenIdentifier> hive2Token = new Token<DelegationTokenIdentifier>(); 080 hive2Token.decodeFromUrlString(tokenStr); 081 credentials.addToken(CredentialsProviderFactory.getUniqueAlias(hive2Token), hive2Token); 082 XLog.getLog(getClass()).debug("Added the Hive Server 2 token to launcher's credential"); 083 } 084 catch (Exception e) { 085 XLog.getLog(getClass()).warn("Exception in obtaining Hive2 token", e); 086 throw e; 087 } 088 } 089 090}