DelegationTokenCache.java example

Explorer
hive-master
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.hive.hcatalog.templeton.tool;

import org.apache.hadoop.hive.common.classification.InterfaceAudience;
import org.apache.hadoop.hive.common.classification.InterfaceStability;

import java.util.concurrent.ConcurrentHashMap;

/*
 * Cache of delegation tokens.  When {@link TempletonControllerJob} submits a job that requires
 * metastore access and this access should be secure, TCJ will add a delegation token to the
 * submitted job.  When the job completes we need to cancel the token since by default the token
 * lives for 7 days and over time can cause OOM (if not cancelled).  Cancelling from 
 * TempletonControllerJob.LauchMapper mapper (via custom OutputCommitter for example) requires
 * the jar containing HiveMetastoreClient (and any dependent jars) to be available on the node
 * running LaunchMapper.  Specifying transitive closure of the necessary jars is 
 * configuration/maintenance headache for each release.  Caching the token means cancellation is 
 * done from WebHCat server and thus has Hive jars on the classpath.
 * 
 * While it's possible that WebHCat crashes and looses this in-memory state, but this would be an
 * exceptional condition and since tokens will automatically be cancelled after 7 days, 
 * the fact that this info is not persisted is OK.  (Persisting it also complicates things 
 * because that needs to be done securely)
 * @see TempletonControllerJob
 */
@InterfaceAudience.Private
@InterfaceStability.Evolving
public class DelegationTokenCache<JobId, TokenObject> {
  private ConcurrentHashMap<JobId, TokenObject> tokenCache =
          new ConcurrentHashMap<JobId, TokenObject>();
  private static final DelegationTokenCache<String, String> stringFormTokenCache =
          new DelegationTokenCache<String, String>();

  /*
   * Returns the singleton instance of jobId->delegation-token-in-string-form cache
   */
  public static DelegationTokenCache<String, String> getStringFormTokenCache() {
    return stringFormTokenCache;
  }
  TokenObject storeDelegationToken(JobId jobId, TokenObject token) {
    return tokenCache.put(jobId, token);
  }
  public TokenObject getDelegationToken(JobId jobId) {
    return tokenCache.get(jobId);
  }
  public void removeDelegationToken(JobId jobId) {
    tokenCache.remove(jobId);
  }
}