001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.oozie.action.hadoop; 020 021import java.sql.Connection; 022import java.sql.DriverManager; 023import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; 024import org.apache.hadoop.io.Text; 025import org.apache.hadoop.mapred.JobConf; 026import org.apache.hadoop.security.token.Token; 027import org.apache.hive.jdbc.HiveConnection; 028import org.apache.oozie.ErrorCode; 029import org.apache.oozie.action.ActionExecutor.Context; 030import org.apache.oozie.util.XLog; 031 032/** 033 * Credentials implementation to store in jobConf, Hive Server 2 specific properties 034 * User specifies these credential properties along with the action configuration 035 * The jobConf is used further to pass credentials to the tasks while running 036 * Oozie server should be configured to use this class by including it via property 'oozie.credentials.credentialclasses' 037 * User can extend the parent class to implement own class as well 038 * for handling custom token-based credentials and add to the above server property 039 */ 040public class Hive2Credentials extends Credentials { 041 042 private static final String USER_NAME = "user.name"; 043 private static final String HIVE2_JDBC_URL = "hive2.jdbc.url"; 044 private static final String HIVE2_SERVER_PRINCIPAL = "hive2.server.principal"; 045 046 @Override 047 public void addtoJobConf(JobConf jobconf, CredentialsProperties props, Context context) throws Exception { 048 try { 049 // load the driver 050 Class.forName("org.apache.hive.jdbc.HiveDriver"); 051 052 String url = props.getProperties().get(HIVE2_JDBC_URL); 053 if (url == null || url.isEmpty()) { 054 throw new CredentialException(ErrorCode.E0510, 055 HIVE2_JDBC_URL + " is required to get hive server 2 credential"); 056 } 057 String principal = props.getProperties().get(HIVE2_SERVER_PRINCIPAL); 058 if (principal == null || principal.isEmpty()) { 059 throw new CredentialException(ErrorCode.E0510, 060 HIVE2_SERVER_PRINCIPAL + " is required to get hive server 2 credential"); 061 } 062 url = url + ";principal=" + principal; 063 Connection con = null; 064 String tokenStr = null; 065 try { 066 con = DriverManager.getConnection(url); 067 XLog.getLog(getClass()).debug("Connected successfully to " + url); 068 // get delegation token for the given proxy user 069 tokenStr = ((HiveConnection)con).getDelegationToken(jobconf.get(USER_NAME), principal); 070 } finally { 071 if (con != null) { 072 con.close(); 073 } 074 } 075 XLog.getLog(getClass()).debug("Got token"); 076 077 Token<DelegationTokenIdentifier> hive2Token = new Token<DelegationTokenIdentifier>(); 078 hive2Token.decodeFromUrlString(tokenStr); 079 jobconf.getCredentials().addToken(new Text("hive.server2.delegation.token"), hive2Token); 080 XLog.getLog(getClass()).debug("Added the Hive Server 2 token in job conf"); 081 } 082 catch (Exception e) { 083 XLog.getLog(getClass()).warn("Exception in addtoJobConf", e); 084 throw e; 085 } 086 } 087}