org.apache.hadoop.security.token.Token

Here are the examples of the java api org.apache.hadoop.security.token.Token taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

347 Examples 7

19 Source : JsonUtil.java
with Apache License 2.0
from NJUJYB

/**
 * Convert a Json map to a Token.
 */
public static Token<? extends TokenIdentifier> toToken(final Map<?, ?> m) throws IOException {
    if (m == null) {
        return null;
    }
    final Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>();
    token.decodeFromUrlString((String) m.get("urlString"));
    return token;
}

19 Source : TestOzoneDelegationTokenSecretManager.java
with Apache License 2.0
from apache

private void testRenewTokenSuccessHelper(boolean restartSecretManager) throws Exception {
    secretManager = createSecretManager(conf, tokenMaxLifetime, expiryTime, tokenRemoverScanInterval);
    secretManager.start(certificateClient);
    Token<OzoneTokenIdentifier> token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER);
    Thread.sleep(10 * 5);
    if (restartSecretManager) {
        restartSecretManager();
    }
    long renewalTime = secretManager.renewToken(token, TEST_USER.toString());
    replacedert.replacedertTrue(renewalTime > 0);
}

18 Source : KerberosHiveMetastoreAuthentication.java
with Apache License 2.0
from trinodb

private static Token<DelegationTokenIdentifier> decodeDelegationToken(String tokenValue) throws IOException {
    Token<DelegationTokenIdentifier> token = new Token<>();
    token.decodeFromUrlString(tokenValue);
    return token;
}

18 Source : AMLauncher.java
with Apache License 2.0
from NJUJYB

@VisibleForTesting
protected Token<AMRMTokenIdentifier> createAndSetAMRMToken() {
    Token<AMRMTokenIdentifier> amrmToken = this.rmContext.getAMRMTokenSecretManager().createAndGetAMRMToken(application.getAppAttemptId());
    ((RMAppAttemptImpl) application).setAMRMToken(amrmToken);
    return amrmToken;
}

18 Source : TestNMTokenSecretManagerInNM.java
with Apache License 2.0
from NJUJYB

private NMTokenIdentifier getNMTokenId(org.apache.hadoop.yarn.api.records.Token token) throws IOException {
    Token<NMTokenIdentifier> convertedToken = ConverterUtils.convertFromYarn(token, (Text) null);
    return convertedToken.decodeIdentifier();
}

18 Source : ConverterUtils.java
with Apache License 2.0
from NJUJYB

/**
 * Convert a protobuf token into a rpc token and set its service. Supposed
 * to be used for tokens other than RMDelegationToken. For
 * RMDelegationToken, use
 * {@link #convertFromYarn(org.apache.hadoop.yarn.api.records.Token,
 * org.apache.hadoop.io.Text)} instead.
 *
 * @param protoToken the yarn token
 * @param serviceAddr the connect address for the service
 * @return rpc token
 */
public static <T extends TokenIdentifier> Token<T> convertFromYarn(org.apache.hadoop.yarn.api.records.Token protoToken, InetSocketAddress serviceAddr) {
    Token<T> token = new Token<T>(protoToken.getIdentifier().array(), protoToken.getPreplacedword().array(), new Text(protoToken.getKind()), new Text(protoToken.getService()));
    if (serviceAddr != null) {
        SecurityUtil.setTokenService(token, serviceAddr);
    }
    return token;
}

18 Source : FakeRenewer.java
with Apache License 2.0
from NJUJYB

public clreplaced FakeRenewer extends TokenRenewer {

    static Token<?> lastRenewed = null;

    static Token<?> lastCanceled = null;

    static final Text KIND = new Text("TESTING-TOKEN-KIND");

    @Override
    public boolean handleKind(Text kind) {
        return FakeRenewer.KIND.equals(kind);
    }

    @Override
    public boolean isManaged(Token<?> token) throws IOException {
        return true;
    }

    @Override
    public long renew(Token<?> token, Configuration conf) {
        lastRenewed = token;
        return 0;
    }

    @Override
    public void cancel(Token<?> token, Configuration conf) {
        lastCanceled = token;
    }

    public static void reset() {
        lastRenewed = null;
        lastCanceled = null;
    }
}

18 Source : TestWebHdfsTokens.java
with Apache License 2.0
from NJUJYB

@Test(timeout = 5000)
public void testTokenForNonTokenOp() throws IOException {
    WebHdfsFileSystem fs = spyWebhdfsInSecureSetup();
    Token<?> token = mock(Token.clreplaced);
    doReturn(token).when(fs).getDelegationToken(null);
    // should get/set/renew token
    fs.toUrl(GetOpParam.Op.OPEN, null);
    verify(fs).getDelegationToken();
    verify(fs).getDelegationToken(null);
    verify(fs).setDelegationToken(token);
    reset(fs);
    // should return prior token
    fs.toUrl(GetOpParam.Op.OPEN, null);
    verify(fs).getDelegationToken();
    verify(fs, never()).getDelegationToken(null);
    verify(fs, never()).setDelegationToken(token);
}

18 Source : TestBlockToken.java
with Apache License 2.0
from NJUJYB

private BlockTokenIdentifier generateTokenId(BlockTokenSecretManager sm, ExtendedBlock block, EnumSet<BlockTokenSecretManager.AccessMode> accessModes) throws IOException {
    Token<BlockTokenIdentifier> token = sm.generateToken(block, accessModes);
    BlockTokenIdentifier id = sm.createIdentifier();
    id.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
    return id;
}

18 Source : TestPBHelper.java
with Apache License 2.0
from NJUJYB

@Test
public void testConvertBlockToken() {
    Token<BlockTokenIdentifier> token = new Token<BlockTokenIdentifier>("identifier".getBytes(), "preplacedword".getBytes(), new Text("kind"), new Text("service"));
    TokenProto tokenProto = PBHelper.convert(token);
    Token<BlockTokenIdentifier> token2 = PBHelper.convert(tokenProto);
    compare(token, token2);
}

18 Source : TokenAspect.java
with Apache License 2.0
from NJUJYB

synchronized void ensureTokenInitialized() throws IOException {
    // we haven't inited yet, or we used to have a token but it expired
    if (!hasInitedToken || (action != null && !action.isValid())) {
        // since we don't already have a token, go get one
        Token<?> token = fs.getDelegationToken(null);
        // security might be disabled
        if (token != null) {
            fs.setDelegationToken(token);
            addRenewAction(fs);
            LOG.debug("Created new DT for " + token.getService());
        }
        hasInitedToken = true;
    }
}

18 Source : TestDelegationToken.java
with Apache License 2.0
from NJUJYB

@Test
public void testCancelDelegationToken() throws Exception {
    final TestDelegationTokenSecretManager dtSecretManager = new TestDelegationTokenSecretManager(24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
    try {
        dtSecretManager.startThreads();
        final Token<TestDelegationTokenIdentifier> token = generateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
        // Fake renewer should not be able to renew
        shouldThrow(new PrivilegedExceptionAction<Object>() {

            @Override
            public Object run() throws Exception {
                dtSecretManager.renewToken(token, "FakeCanceller");
                return null;
            }
        }, AccessControlException.clreplaced);
        dtSecretManager.cancelToken(token, "JobTracker");
        replacedert.replacedertTrue(dtSecretManager.isRemoveStoredTokenCalled);
        shouldThrow(new PrivilegedExceptionAction<Object>() {

            @Override
            public Object run() throws Exception {
                dtSecretManager.renewToken(token, "JobTracker");
                return null;
            }
        }, InvalidToken.clreplaced);
    } finally {
        dtSecretManager.stopThreads();
    }
}

18 Source : TestCredentials.java
with Apache License 2.0
from NJUJYB

public clreplaced TestCredentials {

    private static final String DEFAULT_HMAC_ALGORITHM = "HmacSHA1";

    private static final File tmpDir = new File(System.getProperty("test.build.data", "/tmp"), "mapred");

    @Before
    public void setUp() {
        tmpDir.mkdir();
    }

    @After
    public void tearDown() {
        tmpDir.delete();
    }

    @SuppressWarnings("unchecked")
    @Test
    public <T extends TokenIdentifier> void testReadWriteStorage() throws IOException, NoSuchAlgorithmException {
        // create tokenStorage Object
        Credentials ts = new Credentials();
        Token<T> token1 = new Token();
        Token<T> token2 = new Token();
        Text service1 = new Text("service1");
        Text service2 = new Text("service2");
        Collection<Text> services = new ArrayList<Text>();
        services.add(service1);
        services.add(service2);
        token1.setService(service1);
        token2.setService(service2);
        ts.addToken(new Text("sometoken1"), token1);
        ts.addToken(new Text("sometoken2"), token2);
        // create keys and put it in
        final KeyGenerator kg = KeyGenerator.getInstance(DEFAULT_HMAC_ALGORITHM);
        String alias = "alias";
        Map<Text, byte[]> m = new HashMap<Text, byte[]>(10);
        for (int i = 0; i < 10; i++) {
            Key key = kg.generateKey();
            m.put(new Text(alias + i), key.getEncoded());
            ts.addSecretKey(new Text(alias + i), key.getEncoded());
        }
        // create file to store
        File tmpFileName = new File(tmpDir, "tokenStorageTest");
        DataOutputStream dos = new DataOutputStream(new FileOutputStream(tmpFileName));
        ts.write(dos);
        dos.close();
        // open and read it back
        DataInputStream dis = new DataInputStream(new FileInputStream(tmpFileName));
        ts = new Credentials();
        ts.readFields(dis);
        dis.close();
        // get the tokens and compare the services
        Collection<Token<? extends TokenIdentifier>> list = ts.getAllTokens();
        replacedertEquals("getAllTokens should return collection of size 2", list.size(), 2);
        boolean foundFirst = false;
        boolean foundSecond = false;
        for (Token<? extends TokenIdentifier> token : list) {
            if (token.getService().equals(service1)) {
                foundFirst = true;
            }
            if (token.getService().equals(service2)) {
                foundSecond = true;
            }
        }
        replacedertTrue("Tokens for services service1 and service2 must be present", foundFirst && foundSecond);
        // compare secret keys
        int mapLen = m.size();
        replacedertEquals("wrong number of keys in the Storage", mapLen, ts.numberOfSecretKeys());
        for (Text a : m.keySet()) {
            byte[] kTS = ts.getSecretKey(a);
            byte[] kLocal = m.get(a);
            replacedertTrue("keys don't match for " + a, WritableComparator.compareBytes(kTS, 0, kTS.length, kLocal, 0, kLocal.length) == 0);
        }
        tmpFileName.delete();
    }

    static Text[] secret = { new Text("secret1"), new Text("secret2"), new Text("secret3"), new Text("secret4") };

    static Text[] service = { new Text("service1"), new Text("service2"), new Text("service3"), new Text("service4") };

    static Token<?>[] token = { new Token<TokenIdentifier>(), new Token<TokenIdentifier>(), new Token<TokenIdentifier>(), new Token<TokenIdentifier>() };

    @Test
    public void addAll() {
        Credentials creds = new Credentials();
        creds.addToken(service[0], token[0]);
        creds.addToken(service[1], token[1]);
        creds.addSecretKey(secret[0], secret[0].getBytes());
        creds.addSecretKey(secret[1], secret[1].getBytes());
        Credentials credsToAdd = new Credentials();
        // one duplicate with different value, one new
        credsToAdd.addToken(service[0], token[3]);
        credsToAdd.addToken(service[2], token[2]);
        credsToAdd.addSecretKey(secret[0], secret[3].getBytes());
        credsToAdd.addSecretKey(secret[2], secret[2].getBytes());
        creds.addAll(credsToAdd);
        replacedertEquals(3, creds.numberOfTokens());
        replacedertEquals(3, creds.numberOfSecretKeys());
        // existing token & secret should be overwritten
        replacedertEquals(token[3], creds.getToken(service[0]));
        replacedertEquals(secret[3], new Text(creds.getSecretKey(secret[0])));
        // non-duplicate token & secret should be present
        replacedertEquals(token[1], creds.getToken(service[1]));
        replacedertEquals(secret[1], new Text(creds.getSecretKey(secret[1])));
        // new token & secret should be added
        replacedertEquals(token[2], creds.getToken(service[2]));
        replacedertEquals(secret[2], new Text(creds.getSecretKey(secret[2])));
    }

    @Test
    public void mergeAll() {
        Credentials creds = new Credentials();
        creds.addToken(service[0], token[0]);
        creds.addToken(service[1], token[1]);
        creds.addSecretKey(secret[0], secret[0].getBytes());
        creds.addSecretKey(secret[1], secret[1].getBytes());
        Credentials credsToAdd = new Credentials();
        // one duplicate with different value, one new
        credsToAdd.addToken(service[0], token[3]);
        credsToAdd.addToken(service[2], token[2]);
        credsToAdd.addSecretKey(secret[0], secret[3].getBytes());
        credsToAdd.addSecretKey(secret[2], secret[2].getBytes());
        creds.mergeAll(credsToAdd);
        replacedertEquals(3, creds.numberOfTokens());
        replacedertEquals(3, creds.numberOfSecretKeys());
        // existing token & secret should not be overwritten
        replacedertEquals(token[0], creds.getToken(service[0]));
        replacedertEquals(secret[0], new Text(creds.getSecretKey(secret[0])));
        // non-duplicate token & secret should be present
        replacedertEquals(token[1], creds.getToken(service[1]));
        replacedertEquals(secret[1], new Text(creds.getSecretKey(secret[1])));
        // new token & secret should be added
        replacedertEquals(token[2], creds.getToken(service[2]));
        replacedertEquals(secret[2], new Text(creds.getSecretKey(secret[2])));
    }

    @Test
    public void testAddTokensToUGI() {
        UserGroupInformation ugi = UserGroupInformation.createRemoteUser("someone");
        Credentials creds = new Credentials();
        for (int i = 0; i < service.length; i++) {
            creds.addToken(service[i], token[i]);
        }
        ugi.addCredentials(creds);
        creds = ugi.getCredentials();
        for (int i = 0; i < service.length; i++) {
            replacedertSame(token[i], creds.getToken(service[i]));
        }
        replacedertEquals(service.length, creds.numberOfTokens());
    }
}

18 Source : ParameterParser.java
with Apache License 2.0
from naver

Token<DelegationTokenIdentifier> delegationToken() throws IOException {
    String delegation = param(DelegationParam.NAME);
    final Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>();
    token.decodeFromUrlString(delegation);
    URI nnUri = URI.create(HDFS_URI_SCHEME + "://" + namenodeId());
    boolean isLogical = HAUtil.isLogicalUri(conf, nnUri);
    if (isLogical) {
        token.setService(HAUtil.buildTokenServiceForLogicalUri(nnUri, HDFS_URI_SCHEME));
    } else {
        token.setService(SecurityUtil.buildTokenService(nnUri));
    }
    return token;
}

18 Source : AuthenticationTokenSecretManager.java
with Apache License 2.0
from fengchen8086

public Token<AuthenticationTokenIdentifier> generateToken(String username) {
    AuthenticationTokenIdentifier ident = new AuthenticationTokenIdentifier(username);
    Token<AuthenticationTokenIdentifier> token = new Token<AuthenticationTokenIdentifier>(ident, this);
    if (clusterId.hasId()) {
        token.setService(new Text(clusterId.getId()));
    }
    return token;
}

18 Source : User.java
with Apache License 2.0
from fengchen8086

/**
 * Returns the Token of the specified kind replacedociated with this user,
 * or null if the Token is not present.
 *
 * @param kind the kind of token
 * @param service service on which the token is supposed to be used
 * @return the token of the specified kind.
 */
public Token<?> getToken(String kind, String service) throws IOException {
    for (Token<?> token : ugi.getTokens()) {
        if (token.getKind().toString().equals(kind) && (service != null && token.getService().toString().equals(service))) {
            return token;
        }
    }
    return null;
}

18 Source : TokenHandler.java
with Apache License 2.0
from apache

/**
 * Handler for requests with an existing token.
 */
public abstract clreplaced TokenHandler extends Handler {

    @CommandLine.Mixin
    private TokenOption tokenFile;

    private Token<OzoneTokenIdentifier> token;

    @Override
    protected boolean isApplicable() {
        return securityEnabled() && tokenFile.exists();
    }

    @Override
    protected OzoneClient createClient(OzoneAddress address) throws IOException {
        token = tokenFile.decode();
        return OzoneClientFactory.getOzoneClient(getConf(), token);
    }

    Token<OzoneTokenIdentifier> getToken() {
        return token;
    }
}

18 Source : OzoneDelegationTokenSelector.java
with Apache License 2.0
from apache

private Token<OzoneTokenIdentifier> getSelectedTokens(Text service, Collection<Token<? extends TokenIdentifier>> tokens) {
    if (service == null) {
        return null;
    }
    for (Token<? extends TokenIdentifier> token : tokens) {
        if (OzoneTokenIdentifier.KIND_NAME.equals(token.getKind()) && token.getService().toString().contains(service.toString())) {
            return (Token<OzoneTokenIdentifier>) token;
        }
    }
    return null;
}

18 Source : OzonePBHelper.java
with Apache License 2.0
from apache

public static Token<? extends TokenIdentifier> tokenFromProto(TokenProto tokenProto) {
    Token<? extends TokenIdentifier> token = new Token<>(tokenProto.getIdentifier().toByteArray(), tokenProto.getPreplacedword().toByteArray(), new Text(tokenProto.getKind()), new Text(tokenProto.getService()));
    return token;
}

17 Source : MockRM.java
with Apache License 2.0
from NJUJYB

// from AMLauncher
public MockAM sendAMLaunched(ApplicationAttemptId appAttemptId) throws Exception {
    MockAM am = new MockAM(getRMContext(), masterService, appAttemptId);
    am.waitForState(RMAppAttemptState.ALLOCATED);
    // create and set AMRMToken
    Token<AMRMTokenIdentifier> amrmToken = this.rmContext.getAMRMTokenSecretManager().createAndGetAMRMToken(appAttemptId);
    ((RMAppAttemptImpl) this.rmContext.getRMApps().get(appAttemptId.getApplicationId()).getRMAppAttempt(appAttemptId)).setAMRMToken(amrmToken);
    getRMContext().getDispatcher().getEventHandler().handle(new RMAppAttemptEvent(appAttemptId, RMAppAttemptEventType.LAUNCHED));
    return am;
}

17 Source : RMAuthenticationHandler.java
with Apache License 2.0
from NJUJYB

/**
 * Authenticates a request looking for the <code>delegation</code> header and
 * verifying it is a valid token. If the header is missing, it delegates the
 * authentication to the {@link KerberosAuthenticationHandler} unless it is
 * disabled.
 *
 * @param request
 *          the HTTP client request.
 * @param response
 *          the HTTP client response.
 *
 * @return the authentication token for the authenticated request.
 * @throws IOException
 *           thrown if an IO error occurred.
 * @throws AuthenticationException
 *           thrown if the authentication failed.
 */
@Override
public AuthenticationToken authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException, AuthenticationException {
    AuthenticationToken token;
    String delegationParam = this.getEncodedDelegationTokenFromRequest(request);
    if (delegationParam != null) {
        Token<RMDelegationTokenIdentifier> dt = new Token<RMDelegationTokenIdentifier>();
        ;
        dt.decodeFromUrlString(delegationParam);
        UserGroupInformation ugi = this.verifyToken(dt);
        if (ugi == null) {
            throw new AuthenticationException("Invalid token");
        }
        final String shortName = ugi.getShortUserName();
        token = new AuthenticationToken(shortName, ugi.getUserName(), getType());
    } else {
        token = super.authenticate(request, response);
        if (token != null) {
            // create a token with auth type set correctly
            token = new AuthenticationToken(token.getUserName(), token.getName(), super.getType());
        }
    }
    return token;
}

17 Source : ContainerManagerImpl.java
with Apache License 2.0
from NJUJYB

private Credentials parseCredentials(ContainerLaunchContext launchContext) throws IOException {
    Credentials credentials = new Credentials();
    // //////////// Parse credentials
    ByteBuffer tokens = launchContext.getTokens();
    if (tokens != null) {
        DataInputByteBuffer buf = new DataInputByteBuffer();
        tokens.rewind();
        buf.reset(tokens);
        credentials.readTokenStorageStream(buf);
        if (LOG.isDebugEnabled()) {
            for (Token<? extends TokenIdentifier> tk : credentials.getAllTokens()) {
                LOG.debug(tk.getService() + " = " + tk.toString());
            }
        }
    }
    // //////////// End of parsing credentials
    return credentials;
}

17 Source : ConverterUtils.java
with Apache License 2.0
from NJUJYB

/**
 * Convert a protobuf token into a rpc token and set its service.
 *
 * @param protoToken the yarn token
 * @param service the service for the token
 */
public static <T extends TokenIdentifier> Token<T> convertFromYarn(org.apache.hadoop.yarn.api.records.Token protoToken, Text service) {
    Token<T> token = new Token<T>(protoToken.getIdentifier().array(), protoToken.getPreplacedword().array(), new Text(protoToken.getKind()), new Text(protoToken.getService()));
    if (service != null) {
        token.setService(service);
    }
    return token;
}

17 Source : TestApplicationMasterServiceProtocolOnHA.java
with Apache License 2.0
from NJUJYB

@Before
public void initialize() throws Exception {
    startHACluster(0, false, false, true);
    attemptId = this.cluster.createFakeApplicationAttemptId();
    amClient = ClientRMProxy.createRMProxy(this.conf, ApplicationMasterProtocol.clreplaced);
    Token<AMRMTokenIdentifier> appToken = this.cluster.getResourceManager().getRMContext().getAMRMTokenSecretManager().createAndGetAMRMToken(attemptId);
    appToken.setService(ClientRMProxy.getAMRMTokenService(conf));
    UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser(UserGroupInformation.getCurrentUser().getUserName()));
    UserGroupInformation.getCurrentUser().addToken(appToken);
    syncToken(appToken);
}

17 Source : TestBlockToken.java
with Apache License 2.0
from NJUJYB

private void tokenGenerationAndVerification(BlockTokenSecretManager master, BlockTokenSecretManager slave) throws Exception {
    // single-mode tokens
    for (BlockTokenSecretManager.AccessMode mode : BlockTokenSecretManager.AccessMode.values()) {
        // generated by master
        Token<BlockTokenIdentifier> token1 = master.generateToken(block1, EnumSet.of(mode));
        master.checkAccess(token1, null, block1, mode);
        slave.checkAccess(token1, null, block1, mode);
        // generated by slave
        Token<BlockTokenIdentifier> token2 = slave.generateToken(block2, EnumSet.of(mode));
        master.checkAccess(token2, null, block2, mode);
        slave.checkAccess(token2, null, block2, mode);
    }
    // multi-mode tokens
    Token<BlockTokenIdentifier> mtoken = master.generateToken(block3, EnumSet.allOf(BlockTokenSecretManager.AccessMode.clreplaced));
    for (BlockTokenSecretManager.AccessMode mode : BlockTokenSecretManager.AccessMode.values()) {
        master.checkAccess(mtoken, null, block3, mode);
        slave.checkAccess(mtoken, null, block3, mode);
    }
}

17 Source : TokenAspect.java
with Apache License 2.0
from NJUJYB

synchronized void initDelegationToken(UserGroupInformation ugi) {
    Token<?> token = selectDelegationToken(ugi);
    if (token != null) {
        LOG.debug("Found existing DT for " + token.getService());
        fs.setDelegationToken(token);
        hasInitedToken = true;
    }
}

17 Source : TestDelegationToken.java
with Apache License 2.0
from NJUJYB

@Test
public void testDelegationTokenNullRenewer() throws Exception {
    TestDelegationTokenSecretManager dtSecretManager = new TestDelegationTokenSecretManager(24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
    dtSecretManager.startThreads();
    TestDelegationTokenIdentifier dtId = new TestDelegationTokenIdentifier(new Text("theuser"), null, null);
    Token<TestDelegationTokenIdentifier> token = new Token<TestDelegationTokenIdentifier>(dtId, dtSecretManager);
    replacedert.replacedertTrue(token != null);
    try {
        dtSecretManager.renewToken(token, "");
        replacedert.fail("Renewal must not succeed");
    } catch (IOException e) {
    // Preplaced
    }
}

17 Source : TestUserGroupInformation.java
with Apache License 2.0
from NJUJYB

/**
 * In some scenario, such as HA, delegation tokens are replacedociated with a
 * logical name. The tokens are cloned and are replacedociated with the
 * physical address of the server where the service is provided.
 * This test ensures cloned delegated tokens are locally used
 * and are not returned in {@link UserGroupInformation#getCredentials()}
 */
@Test
public void testPrivateTokenExclusion() throws Exception {
    UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    TestTokenIdentifier tokenId = new TestTokenIdentifier();
    Token<TestTokenIdentifier> token = new Token<TestTokenIdentifier>(tokenId.getBytes(), "preplacedword".getBytes(), tokenId.getKind(), null);
    ugi.addToken(new Text("regular-token"), token);
    // Now add cloned private token
    ugi.addToken(new Text("private-token"), new Token.PrivateToken<TestTokenIdentifier>(token));
    ugi.addToken(new Text("private-token1"), new Token.PrivateToken<TestTokenIdentifier>(token));
    // Ensure only non-private tokens are returned
    Collection<Token<? extends TokenIdentifier>> tokens = ugi.getCredentials().getAllTokens();
    replacedertEquals(1, tokens.size());
}

17 Source : TestUserGroupInformation.java
with Apache License 2.0
from NJUJYB

// from Mockito mocks
@SuppressWarnings("unchecked")
@Test(timeout = 30000)
public <T extends TokenIdentifier> void testAddToken() throws Exception {
    UserGroupInformation ugi = UserGroupInformation.createRemoteUser("someone");
    Token<T> t1 = mock(Token.clreplaced);
    Token<T> t2 = mock(Token.clreplaced);
    Token<T> t3 = mock(Token.clreplaced);
    // add token to ugi
    ugi.addToken(t1);
    checkTokens(ugi, t1);
    // replace token t1 with t2 - with same key (null)
    ugi.addToken(t2);
    checkTokens(ugi, t2);
    // change t1 service and add token
    when(t1.getService()).thenReturn(new Text("t1"));
    ugi.addToken(t1);
    checkTokens(ugi, t1, t2);
    // overwrite t1 token with t3 - same key (!null)
    when(t3.getService()).thenReturn(new Text("t1"));
    ugi.addToken(t3);
    checkTokens(ugi, t2, t3);
    // just try to re-add with new name
    when(t1.getService()).thenReturn(new Text("t1.1"));
    ugi.addToken(t1);
    checkTokens(ugi, t1, t2, t3);
    // just try to re-add with new name again
    ugi.addToken(t1);
    checkTokens(ugi, t1, t2, t3);
}

17 Source : TestDelegationTokenRenewer.java
with Apache License 2.0
from NJUJYB

@Test
public void testStopRenewalWhenFsGone() throws IOException, InterruptedException {
    Configuration conf = mock(Configuration.clreplaced);
    Token<?> token = mock(Token.clreplaced);
    doReturn(new Text("myservice")).when(token).getService();
    doAnswer(new Answer<Long>() {

        public Long answer(InvocationOnMock invocation) {
            return Time.now() + RENEW_CYCLE;
        }
    }).when(token).renew(any(Configuration.clreplaced));
    RenewableFileSystem fs = mock(RenewableFileSystem.clreplaced);
    doReturn(conf).when(fs).getConf();
    doReturn(token).when(fs).getRenewToken();
    renewer.addRenewAction(fs);
    replacedertEquals(1, renewer.getRenewQueueLength());
    Thread.sleep(RENEW_CYCLE);
    verify(token, atLeast(1)).renew(eq(conf));
    verify(token, atMost(2)).renew(eq(conf));
    // drop weak ref
    fs = null;
    System.gc();
    System.gc();
    System.gc();
    // next renew should detect the fs as gone
    Thread.sleep(RENEW_CYCLE);
    verify(token, atLeast(1)).renew(eq(conf));
    verify(token, atMost(2)).renew(eq(conf));
    replacedertEquals(0, renewer.getRenewQueueLength());
}

17 Source : TestDelegationTokenRenewer.java
with Apache License 2.0
from NJUJYB

@Test(timeout = 4000)
public void testMultipleTokensDoNotDeadlock() throws IOException, InterruptedException {
    Configuration conf = mock(Configuration.clreplaced);
    FileSystem fs = mock(FileSystem.clreplaced);
    doReturn(conf).when(fs).getConf();
    // 1h
    long distantFuture = Time.now() + 3600 * 1000;
    Token<?> token1 = mock(Token.clreplaced);
    doReturn(new Text("myservice1")).when(token1).getService();
    doReturn(distantFuture).when(token1).renew(eq(conf));
    Token<?> token2 = mock(Token.clreplaced);
    doReturn(new Text("myservice2")).when(token2).getService();
    doReturn(distantFuture).when(token2).renew(eq(conf));
    RenewableFileSystem fs1 = mock(RenewableFileSystem.clreplaced);
    doReturn(conf).when(fs1).getConf();
    doReturn(token1).when(fs1).getRenewToken();
    RenewableFileSystem fs2 = mock(RenewableFileSystem.clreplaced);
    doReturn(conf).when(fs2).getConf();
    doReturn(token2).when(fs2).getRenewToken();
    renewer.addRenewAction(fs1);
    renewer.addRenewAction(fs2);
    replacedertEquals(2, renewer.getRenewQueueLength());
    renewer.removeRenewAction(fs1);
    replacedertEquals(1, renewer.getRenewQueueLength());
    renewer.removeRenewAction(fs2);
    replacedertEquals(0, renewer.getRenewQueueLength());
    verify(token1).cancel(eq(conf));
    verify(token2).cancel(eq(conf));
}

17 Source : StramWSFilter.java
with Apache License 2.0
from lealone

private String createClientToken(String username, String service) throws IOException {
    StramDelegationTokenIdentifier tokenIdentifier = new StramDelegationTokenIdentifier(new Text(username), new Text(loginUser), new Text());
    // tokenIdentifier.setSequenceNumber(sequenceNumber.getAndAdd(1));
    // byte[] preplacedword = tokenManager.addIdentifier(tokenIdentifier);
    // Token<StramDelegationTokenIdentifier> token = new Token<StramDelegationTokenIdentifier>(tokenIdentifier.getBytes(), preplacedword, tokenIdentifier.getKind(), new Text(service));
    Token<StramDelegationTokenIdentifier> token = new Token<>(tokenIdentifier, tokenManager);
    token.setService(new Text(service));
    return token.encodeToUrlString();
}

17 Source : StramDelegationTokenSelector.java
with Apache License 2.0
from lealone

@Override
public Token<StramDelegationTokenIdentifier> selectToken(Text text, Collection<Token<? extends TokenIdentifier>> clctn) {
    Token<StramDelegationTokenIdentifier> token = null;
    if (text != null) {
        for (Token<? extends TokenIdentifier> ctoken : clctn) {
            if (StramDelegationTokenIdentifier.IDENTIFIER_KIND.equals(ctoken.getKind()) && text.equals(ctoken.getService())) {
                token = (Token<StramDelegationTokenIdentifier>) ctoken;
            }
        }
    }
    return token;
}

17 Source : PingServer.java
with Apache License 2.0
from GoogleCloudPlatform

private static void checkRenewSessionToken(Configuration config, String sessionToken) throws IOException {
    try {
        Token<BrokerTokenIdentifier> token = getTokenBTI(sessionToken);
        BrokerTokenRenewer renewer = new BrokerTokenRenewer();
        renewer.renew(token, config);
        System.out.println(CHECK_SUCCESS);
    } catch (Exception e) {
        System.out.println(CHECK_FAIL);
        e.printStackTrace(System.out);
        System.out.println();
    }
}

17 Source : PingServer.java
with Apache License 2.0
from GoogleCloudPlatform

private static void checkCancelSessionToken(Configuration config, String sessionToken) throws IOException {
    try {
        Token<BrokerTokenIdentifier> token = getTokenBTI(sessionToken);
        BrokerTokenRenewer renewer = new BrokerTokenRenewer();
        renewer.cancel(token, config);
        System.out.println(CHECK_SUCCESS);
    } catch (Exception e) {
        System.out.println(CHECK_FAIL);
        e.printStackTrace(System.out);
        System.out.println();
    }
}

17 Source : TestHBaseSaslRpcClient.java
with Apache License 2.0
from fengchen8086

private Token<? extends TokenIdentifier> createTokenMockWithCredentials(String principal, String preplacedword) throws IOException {
    Token<? extends TokenIdentifier> token = createTokenMock();
    if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(preplacedword)) {
        when(token.getIdentifier()).thenReturn(DEFAULT_USER_NAME.getBytes());
        when(token.getPreplacedword()).thenReturn(DEFAULT_USER_PreplacedWORD.getBytes());
    }
    return token;
}

17 Source : TokenProvider.java
with Apache License 2.0
from fengchen8086

@Override
public void getAuthenticationToken(RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request, RpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> done) {
    AuthenticationProtos.GetAuthenticationTokenResponse.Builder response = AuthenticationProtos.GetAuthenticationTokenResponse.newBuilder();
    try {
        if (secretManager == null) {
            throw new IOException("No secret manager configured for token authentication");
        }
        User currentUser = RpcServer.getRequestUser();
        UserGroupInformation ugi = null;
        if (currentUser != null) {
            ugi = currentUser.getUGI();
        }
        if (currentUser == null) {
            throw new AccessDeniedException("No authenticated user for request!");
        } else if (!isAllowedDelegationTokenOp(ugi)) {
            LOG.warn("Token generation denied for user=" + currentUser.getName() + ", authMethod=" + ugi.getAuthenticationMethod());
            throw new AccessDeniedException("Token generation only allowed for Kerberos authenticated clients");
        }
        Token<AuthenticationTokenIdentifier> token = secretManager.generateToken(currentUser.getName());
        response.setToken(ProtobufUtil.toToken(token)).build();
    } catch (IOException ioe) {
        ResponseConverter.setControllerException(controller, ioe);
    }
    done.run(response.build());
}

17 Source : TokenUtil.java
with Apache License 2.0
from fengchen8086

/**
 * Obtain an authentication token for the given user and add it to the
 * user's credentials.
 * @param conn The HBase cluster connection
 * @param user The user for whom to obtain the token
 * @throws IOException If making a remote call to the authentication service fails
 * @throws InterruptedException If executing as the given user is interrupted
 */
public static void obtainAndCacheToken(final Connection conn, User user) throws IOException, InterruptedException {
    try {
        Token<AuthenticationTokenIdentifier> token = obtainToken(conn, user);
        if (token == null) {
            throw new IOException("No token returned for user " + user.getName());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Obtained token " + token.getKind().toString() + " for user " + user.getName());
        }
        user.addToken(token);
    } catch (IOException ioe) {
        throw ioe;
    } catch (InterruptedException ie) {
        throw ie;
    } catch (RuntimeException re) {
        throw re;
    } catch (Exception e) {
        throw new UndeclaredThrowableException(e, "Unexpected exception obtaining token for user " + user.getName());
    }
}

17 Source : GetTokenHandler.java
with Apache License 2.0
from apache

@Override
protected void execute(OzoneClient client, OzoneAddress address) throws IOException, OzoneClientException {
    Token<OzoneTokenIdentifier> token = client.getObjectStore().getDelegationToken(new Text(renewer.getValue()));
    if (Objects.isNull(token)) {
        err().println("Error: Get delegation token operation failed. " + "Check OzoneManager logs for more details.");
    } else {
        out().println("Successfully get token for service " + token.getService());
        out().println(token.toString());
        tokenFile.persistToken(token);
    }
}

17 Source : TestOzoneDelegationTokenSecretManager.java
with Apache License 2.0
from apache

@Test
public void testCancelTokenFailure() throws Exception {
    secretManager = createSecretManager(conf, tokenMaxLifetime, expiryTime, tokenRemoverScanInterval);
    secretManager.start(certificateClient);
    Token<OzoneTokenIdentifier> token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER);
    LambdaTestUtils.intercept(AccessControlException.clreplaced, "rougeUser is not authorized to cancel the token", () -> {
        secretManager.cancelToken(token, "rougeUser");
    });
}

17 Source : TestOzoneDelegationTokenSecretManager.java
with Apache License 2.0
from apache

/**
 * Tests failure for mismatch in renewer.
 */
@Test
public void testRenewTokenFailure() throws Exception {
    secretManager = createSecretManager(conf, tokenMaxLifetime, expiryTime, tokenRemoverScanInterval);
    secretManager.start(certificateClient);
    Token<OzoneTokenIdentifier> token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER);
    LambdaTestUtils.intercept(AccessControlException.clreplaced, "rougeUser tries to renew a token", () -> {
        secretManager.renewToken(token, "rougeUser");
    });
}

17 Source : TestOzoneDelegationTokenSecretManager.java
with Apache License 2.0
from apache

@Test
public void testCancelTokenSuccess() throws Exception {
    secretManager = createSecretManager(conf, tokenMaxLifetime, expiryTime, tokenRemoverScanInterval);
    secretManager.start(certificateClient);
    Token<OzoneTokenIdentifier> token = secretManager.createToken(TEST_USER, TEST_USER, TEST_USER);
    secretManager.cancelToken(token, TEST_USER.toString());
}

17 Source : OMGetDelegationTokenRequest.java
with Apache License 2.0
from apache

@Override
public OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
    GetDelegationTokenRequestProto getDelegationTokenRequest = getOmRequest().getGetDelegationTokenRequest();
    // Call OM to create token
    Token<OzoneTokenIdentifier> token = ozoneManager.getDelegationToken(new Text(getDelegationTokenRequest.getRenewer()));
    // Client issues GetDelegationToken request, when received by OM leader
    // it will generate a token. Original GetDelegationToken request is
    // converted to UpdateGetDelegationToken request with the generated token
    // information. This updated request will be submitted to Ratis. In this
    // way delegation token created by leader, will be replicated across all
    // OMs. With this approach, original GetDelegationToken request from
    // client does not need any proto changes.
    // Create UpdateGetDelegationTokenRequest with token response.
    OMRequest.Builder omRequest;
    if (token != null) {
        omRequest = OMRequest.newBuilder().setUserInfo(getUserInfo()).setUpdateGetDelegationTokenRequest(UpdateGetDelegationTokenRequest.newBuilder().setGetDelegationTokenResponse(GetDelegationTokenResponseProto.newBuilder().setResponse(SecurityProtos.GetDelegationTokenResponseProto.newBuilder().setToken(OMPBHelper.convertToTokenProto(token)).build()).build()).setTokenRenewInterval(ozoneManager.getDelegationTokenMgr().getTokenRenewInterval())).setCmdType(getOmRequest().getCmdType()).setClientId(getOmRequest().getClientId());
    } else {
        // If token is null, do not set GetDelegationTokenResponse with response.
        omRequest = OMRequest.newBuilder().setUserInfo(getUserInfo()).setUpdateGetDelegationTokenRequest(UpdateGetDelegationTokenRequest.newBuilder().setGetDelegationTokenResponse(GetDelegationTokenResponseProto.newBuilder())).setCmdType(getOmRequest().getCmdType()).setClientId(getOmRequest().getClientId());
    }
    if (getOmRequest().hasTraceID()) {
        omRequest.setTraceID(getOmRequest().getTraceID());
    }
    return omRequest.build();
}

17 Source : OmKeyLocationInfo.java
with Apache License 2.0
from apache

/**
 * One key can be too huge to fit in one container. In which case it gets split
 * into a number of subkeys. This clreplaced represents one such subkey instance.
 */
public final clreplaced OmKeyLocationInfo {

    private final BlockID blockID;

    // the id of this subkey in all the subkeys.
    private long length;

    private final long offset;

    // Block token, required for client authentication when security is enabled.
    private Token<OzoneBlockTokenIdentifier> token;

    // the version number indicating when this block was added
    private long createVersion;

    private Pipeline pipeline;

    // PartNumber is set for Multipart upload Keys.
    private int partNumber = -1;

    private OmKeyLocationInfo(BlockID blockID, Pipeline pipeline, long length, long offset, int partNumber) {
        this.blockID = blockID;
        this.pipeline = pipeline;
        this.length = length;
        this.offset = offset;
        this.partNumber = partNumber;
    }

    private OmKeyLocationInfo(BlockID blockID, Pipeline pipeline, long length, long offset, Token<OzoneBlockTokenIdentifier> token, int partNumber) {
        this.blockID = blockID;
        this.pipeline = pipeline;
        this.length = length;
        this.offset = offset;
        this.token = token;
        this.partNumber = partNumber;
    }

    public void setCreateVersion(long version) {
        createVersion = version;
    }

    public long getCreateVersion() {
        return createVersion;
    }

    public BlockID getBlockID() {
        return blockID;
    }

    public long getContainerID() {
        return blockID.getContainerID();
    }

    public long getLocalID() {
        return blockID.getLocalID();
    }

    public Pipeline getPipeline() {
        return pipeline;
    }

    public long getLength() {
        return length;
    }

    public void setLength(long length) {
        this.length = length;
    }

    public long getOffset() {
        return offset;
    }

    public long getBlockCommitSequenceId() {
        return blockID.getBlockCommitSequenceId();
    }

    public Token<OzoneBlockTokenIdentifier> getToken() {
        return token;
    }

    public void setToken(Token<OzoneBlockTokenIdentifier> token) {
        this.token = token;
    }

    public void setPipeline(Pipeline pipeline) {
        this.pipeline = pipeline;
    }

    public void setPartNumber(int partNumber) {
        this.partNumber = partNumber;
    }

    public int getPartNumber() {
        return partNumber;
    }

    /**
     * Builder of OmKeyLocationInfo.
     */
    public static clreplaced Builder {

        private BlockID blockID;

        private long length;

        private long offset;

        private Token<OzoneBlockTokenIdentifier> token;

        private Pipeline pipeline;

        private int partNumber;

        public Builder setBlockID(BlockID blockId) {
            this.blockID = blockId;
            return this;
        }

        @SuppressWarnings("checkstyle:hiddenfield")
        public Builder setPipeline(Pipeline pipeline) {
            this.pipeline = pipeline;
            return this;
        }

        public Builder setLength(long len) {
            this.length = len;
            return this;
        }

        public Builder setOffset(long off) {
            this.offset = off;
            return this;
        }

        public Builder setToken(Token<OzoneBlockTokenIdentifier> bToken) {
            this.token = bToken;
            return this;
        }

        public Builder setPartNumber(int partNum) {
            this.partNumber = partNum;
            return this;
        }

        public OmKeyLocationInfo build() {
            return new OmKeyLocationInfo(blockID, pipeline, length, offset, token, partNumber);
        }
    }

    public KeyLocation getProtobuf(int clientVersion) {
        return getProtobuf(false, clientVersion);
    }

    public KeyLocation getProtobuf(boolean ignorePipeline, int clientVersion) {
        KeyLocation.Builder builder = KeyLocation.newBuilder().setBlockID(blockID.getProtobuf()).setLength(length).setOffset(offset).setCreateVersion(createVersion).setPartNumber(partNumber);
        if (this.token != null) {
            builder.setToken(OzonePBHelper.protoFromToken(token));
        }
        if (!ignorePipeline) {
            try {
                builder.setPipeline(pipeline.getProtobufMessage(clientVersion));
            } catch (UnknownPipelineStateException e) {
            // TODO: fix me: we should not return KeyLocation without pipeline.
            }
        }
        return builder.build();
    }

    private static Pipeline getPipeline(KeyLocation keyLocation) {
        try {
            return keyLocation.hasPipeline() ? Pipeline.getFromProtobuf(keyLocation.getPipeline()) : null;
        } catch (UnknownPipelineStateException e) {
            return null;
        }
    }

    public static OmKeyLocationInfo getFromProtobuf(KeyLocation keyLocation) {
        OmKeyLocationInfo info = new OmKeyLocationInfo(BlockID.getFromProtobuf(keyLocation.getBlockID()), getPipeline(keyLocation), keyLocation.getLength(), keyLocation.getOffset(), keyLocation.getPartNumber());
        if (keyLocation.hasToken()) {
            info.token = (Token<OzoneBlockTokenIdentifier>) OzonePBHelper.tokenFromProto(keyLocation.getToken());
        }
        info.setCreateVersion(keyLocation.getCreateVersion());
        return info;
    }

    @Override
    public String toString() {
        return "{blockID={containerID=" + blockID.getContainerID() + ", localID=" + blockID.getLocalID() + "}" + ", length=" + length + ", offset=" + offset + ", token=" + token + ", pipeline=" + pipeline + ", createVersion=" + createVersion + ", partNumber=" + partNumber + '}';
    }

    @Override
    public boolean equals(Object o) {
        if (this == o) {
            return true;
        }
        if (o == null || getClreplaced() != o.getClreplaced()) {
            return false;
        }
        OmKeyLocationInfo that = (OmKeyLocationInfo) o;
        return length == that.length && offset == that.offset && createVersion == that.createVersion && Objects.equals(blockID, that.blockID) && Objects.equals(token, that.token) && Objects.equals(pipeline, that.pipeline);
    }

    @Override
    public int hashCode() {
        return Objects.hash(blockID, length, offset, token, createVersion, pipeline);
    }
}

16 Source : RMDelegationTokenSelector.java
with Apache License 2.0
from NJUJYB

@SuppressWarnings("unchecked")
public Token<RMDelegationTokenIdentifier> selectToken(Text service, Collection<Token<? extends TokenIdentifier>> tokens) {
    if (service == null) {
        return null;
    }
    LOG.debug("Looking for a token with service " + service.toString());
    for (Token<? extends TokenIdentifier> token : tokens) {
        LOG.debug("Token kind is " + token.getKind().toString() + " and the token's service name is " + token.getService());
        if (RMDelegationTokenIdentifier.KIND_NAME.equals(token.getKind()) && checkService(service, token)) {
            return (Token<RMDelegationTokenIdentifier>) token;
        }
    }
    return null;
}

16 Source : ClientToAMTokenSelector.java
with Apache License 2.0
from NJUJYB

@SuppressWarnings("unchecked")
public Token<ClientToAMTokenIdentifier> selectToken(Text service, Collection<Token<? extends TokenIdentifier>> tokens) {
    if (service == null) {
        return null;
    }
    LOG.debug("Looking for a token with service " + service.toString());
    for (Token<? extends TokenIdentifier> token : tokens) {
        LOG.debug("Token kind is " + token.getKind().toString() + " and the token's service name is " + token.getService());
        if (ClientToAMTokenIdentifier.KIND_NAME.equals(token.getKind()) && service.equals(token.getService())) {
            return (Token<ClientToAMTokenIdentifier>) token;
        }
    }
    return null;
}

16 Source : AMRMTokenSelector.java
with Apache License 2.0
from NJUJYB

@SuppressWarnings("unchecked")
public Token<AMRMTokenIdentifier> selectToken(Text service, Collection<Token<? extends TokenIdentifier>> tokens) {
    if (service == null) {
        return null;
    }
    LOG.debug("Looking for a token with service " + service.toString());
    for (Token<? extends TokenIdentifier> token : tokens) {
        LOG.debug("Token kind is " + token.getKind().toString() + " and the token's service name is " + token.getService());
        if (AMRMTokenIdentifier.KIND_NAME.equals(token.getKind()) && checkService(service, token)) {
            return (Token<AMRMTokenIdentifier>) token;
        }
    }
    return null;
}

16 Source : ShuffleHandler.java
with Apache License 2.0
from NJUJYB

static Token<JobTokenIdentifier> deserializeServiceData(ByteBuffer secret) throws IOException {
    DataInputByteBuffer in = new DataInputByteBuffer();
    in.reset(secret);
    Token<JobTokenIdentifier> jt = new Token<JobTokenIdentifier>();
    jt.readFields(in);
    return jt;
}

16 Source : JobTokenSelector.java
with Apache License 2.0
from NJUJYB

@SuppressWarnings("unchecked")
@Override
public Token<JobTokenIdentifier> selectToken(Text service, Collection<Token<? extends TokenIdentifier>> tokens) {
    if (service == null) {
        return null;
    }
    for (Token<? extends TokenIdentifier> token : tokens) {
        if (JobTokenIdentifier.KIND_NAME.equals(token.getKind()) && service.equals(token.getService())) {
            return (Token<JobTokenIdentifier>) token;
        }
    }
    return null;
}

16 Source : JobSubmitter.java
with Apache License 2.0
from NJUJYB

private void printTokens(JobID jobId, Credentials credentials) throws IOException {
    LOG.info("Submitting tokens for job: " + jobId);
    for (Token<?> token : credentials.getAllTokens()) {
        LOG.info(token);
    }
}

See More Examples