001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019 package org.apache.hadoop.yarn.security.client; 020 021 import java.io.DataInput; 022 import java.io.DataOutput; 023 import java.io.IOException; 024 025 import org.apache.hadoop.classification.InterfaceAudience; 026 import org.apache.hadoop.classification.InterfaceAudience.Public; 027 import org.apache.hadoop.classification.InterfaceStability.Evolving; 028 import org.apache.hadoop.io.Text; 029 import org.apache.hadoop.security.UserGroupInformation; 030 import org.apache.hadoop.security.token.Token; 031 import org.apache.hadoop.security.token.TokenIdentifier; 032 import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; 033 import org.apache.hadoop.yarn.api.records.ApplicationId; 034 035 @Public 036 @Evolving 037 public class ClientToAMTokenIdentifier extends TokenIdentifier { 038 039 public static final Text KIND_NAME = new Text("YARN_CLIENT_TOKEN"); 040 041 private ApplicationAttemptId applicationAttemptId; 042 043 // TODO: Add more information in the tokenID such that it is not 044 // transferrable, more secure etc. 045 046 public ClientToAMTokenIdentifier() { 047 } 048 049 public ClientToAMTokenIdentifier(ApplicationAttemptId id) { 050 this(); 051 this.applicationAttemptId = id; 052 } 053 054 public ApplicationAttemptId getApplicationAttemptID() { 055 return this.applicationAttemptId; 056 } 057 058 @Override 059 public void write(DataOutput out) throws IOException { 060 out.writeLong(this.applicationAttemptId.getApplicationId() 061 .getClusterTimestamp()); 062 out.writeInt(this.applicationAttemptId.getApplicationId().getId()); 063 out.writeInt(this.applicationAttemptId.getAttemptId()); 064 } 065 066 @Override 067 public void readFields(DataInput in) throws IOException { 068 this.applicationAttemptId = 069 ApplicationAttemptId.newInstance( 070 ApplicationId.newInstance(in.readLong(), in.readInt()), in.readInt()); 071 } 072 073 @Override 074 public Text getKind() { 075 return KIND_NAME; 076 } 077 078 @Override 079 public UserGroupInformation getUser() { 080 if (this.applicationAttemptId == null) { 081 return null; 082 } 083 return UserGroupInformation.createRemoteUser(this.applicationAttemptId.toString()); 084 } 085 086 @InterfaceAudience.Private 087 public static class Renewer extends Token.TrivialRenewer { 088 @Override 089 protected Text getKind() { 090 return KIND_NAME; 091 } 092 } 093 }