Java Code Examples for org.apache.hadoop.security.UserGroupInformation#getAuthenticationMethod()
The following examples show how to use
org.apache.hadoop.security.UserGroupInformation#getAuthenticationMethod() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: BitConnectionConfig.java From Bats with Apache License 2.0 | 6 votes |
|
public Map<String, ?> getSaslClientProperties(final DrillbitEndpoint remoteEndpoint,
final Map<String, String> overrides) throws IOException {
final DrillProperties properties = DrillProperties.createEmpty();
final UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
if (loginUser.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.KERBEROS) {
final HadoopKerberosName loginPrincipal = new HadoopKerberosName(loginUser.getUserName());
if (!useLoginPrincipal) {
properties.setProperty(DrillProperties.SERVICE_PRINCIPAL,
KerberosUtil.getPrincipalFromParts(loginPrincipal.getShortName(),
remoteEndpoint.getAddress(),
loginPrincipal.getRealm()));
} else {
properties.setProperty(DrillProperties.SERVICE_PRINCIPAL, loginPrincipal.toString());
}
}
properties.merge(overrides);
return properties.stringPropertiesAsMap();
}
Example 2
| Source File: TestWebDelegationToken.java From hadoop with Apache License 2.0 | 6 votes |
|
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
UserGroupInformation ugi = HttpUserGroupInformation.get();
if (ugi != null) {
String ret = "remoteuser=" + req.getRemoteUser() + ":ugi=" +
ugi.getShortUserName();
if (ugi.getAuthenticationMethod() ==
UserGroupInformation.AuthenticationMethod.PROXY) {
ret = "realugi=" + ugi.getRealUser().getShortUserName() + ":" + ret;
}
resp.setStatus(HttpServletResponse.SC_OK);
resp.getWriter().write(ret);
} else {
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
Example 3
| Source File: TestWebDelegationToken.java From big-c with Apache License 2.0 | 6 votes |
|
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
UserGroupInformation ugi = HttpUserGroupInformation.get();
if (ugi != null) {
String ret = "remoteuser=" + req.getRemoteUser() + ":ugi=" +
ugi.getShortUserName();
if (ugi.getAuthenticationMethod() ==
UserGroupInformation.AuthenticationMethod.PROXY) {
ret = "realugi=" + ugi.getRealUser().getShortUserName() + ":" + ret;
}
resp.setStatus(HttpServletResponse.SC_OK);
resp.getWriter().write(ret);
} else {
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
Example 4
| Source File: DelegationTokenKerberosFilter.java From lucene-solr with Apache License 2.0 | 6 votes |
|
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
// include Impersonator User Name in case someone (e.g. logger) wants it
FilterChain filterChainWrapper = new FilterChain() {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
throws IOException, ServletException {
Locale.setDefault(defaultLocale);
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
UserGroupInformation ugi = HttpUserGroupInformation.get();
if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
UserGroupInformation realUserUgi = ugi.getRealUser();
if (realUserUgi != null) {
httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
};
// A hack until HADOOP-15681 get committed
Locale.setDefault(Locale.US);
super.doFilter(request, response, filterChainWrapper);
}
Example 5
| Source File: HadoopAuthFilter.java From lucene-solr with Apache License 2.0 | 6 votes |
|
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
// include Impersonator User Name in case someone (e.g. logger) wants it
FilterChain filterChainWrapper = new FilterChain() {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
throws IOException, ServletException {
Locale.setDefault(defaultLocale);
HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
UserGroupInformation ugi = HttpUserGroupInformation.get();
if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
UserGroupInformation realUserUgi = ugi.getRealUser();
if (realUserUgi != null) {
httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
}
}
filterChain.doFilter(servletRequest, servletResponse);
}
};
// A hack until HADOOP-15681 get committed
Locale.setDefault(Locale.US);
super.doFilter(request, response, filterChainWrapper);
}
Example 6
| Source File: KMSAuditLogger.java From ranger with Apache License 2.0 | 6 votes |
|
/**
* @param op
* The operation being audited (either {@link KMS.KMSOp} or
* {@link Type} N.B this is passed as an {@link Object} to allow
* either enum to be passed in.
* @param ugi
* The user's security context
* @param keyName
* The String name of the key if applicable
* @param remoteHost
* The hostname of the requesting service
* @param msg
* Any extra details for auditing
*/
AuditEvent(Object op, UserGroupInformation ugi, String keyName,
String remoteHost, String msg) {
this.keyName = keyName;
if (ugi == null) {
this.user = null;
this.impersonator = null;
} else {
this.user = ugi.getShortUserName();
if (ugi.getAuthenticationMethod()
== UserGroupInformation.AuthenticationMethod.PROXY) {
this.impersonator = ugi.getRealUser().getUserName();
} else {
this.impersonator = null;
}
}
this.remoteHost = remoteHost;
this.op = op;
this.extraMsg = msg;
}
Example 7
| Source File: OzoneManager.java From hadoop-ozone with Apache License 2.0 | 5 votes |
|
/**
* Returns authentication method used to establish the connection.
*
* @return AuthenticationMethod used to establish connection
* @throws IOException
*/
private AuthenticationMethod getConnectionAuthenticationMethod()
throws IOException {
UserGroupInformation ugi = getRemoteUser();
AuthenticationMethod authMethod = ugi.getAuthenticationMethod();
if (authMethod == AuthenticationMethod.PROXY) {
authMethod = ugi.getRealUser().getAuthenticationMethod();
}
return authMethod;
}
Example 8
| Source File: TokenProvider.java From hbase with Apache License 2.0 | 5 votes |
|
/**
* @param ugi A user group information.
* @return true if delegation token operation is allowed
*/
private boolean isAllowedDelegationTokenOp(UserGroupInformation ugi) throws IOException {
AuthenticationMethod authMethod = ugi.getAuthenticationMethod();
if (authMethod == AuthenticationMethod.PROXY) {
authMethod = ugi.getRealUser().getAuthenticationMethod();
}
if (authMethod != AuthenticationMethod.KERBEROS
&& authMethod != AuthenticationMethod.KERBEROS_SSL
&& authMethod != AuthenticationMethod.CERTIFICATE) {
return false;
}
return true;
}
Example 9
| Source File: ClusterHdfsSource.java From datacollector with Apache License 2.0 | 4 votes |
|
@VisibleForTesting
void validateHadoopFS(List<ConfigIssue> issues) {
boolean validHadoopFsUri;
String hdfsUriInConf;
if (!Strings.isNullOrEmpty(conf.hdfsUri)) {
hadoopConf.set(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY, conf.hdfsUri);
} else {
hdfsUriInConf = hadoopConf.get(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY);
if (hdfsUriInConf == null) {
issues.add(
getContext().createConfigIssue(
Groups.HADOOP_FS.name(),
CLUSTER_HDFS_CONFIG_BEAN_PREFIX + HDFS_URI,
Errors.HADOOPFS_19
)
);
return;
} else {
conf.hdfsUri = hdfsUriInConf;
}
}
validHadoopFsUri = validateHadoopFsURI(issues);
StringBuilder logMessage = new StringBuilder();
try {
UserGroupInformation loginUgi = HadoopSecurityUtil.getLoginUser(hadoopConf);
userUgi = HadoopSecurityUtil.getProxyUser(
conf.hdfsUser,
getContext(),
loginUgi,
issues,
Groups.HADOOP_FS.name(),
CLUSTER_HDFS_CONFIG_BEAN_PREFIX + "hdfsUser"
);
if (userUgi != loginUgi) {
proxyUser = userUgi.getUserName();
LOG.debug("Proxy user submitting cluster batch job is {}", proxyUser);
}
if (conf.hdfsKerberos) {
logMessage.append("Using Kerberos");
if (loginUgi.getAuthenticationMethod() != UserGroupInformation.AuthenticationMethod.KERBEROS) {
issues.add(
getContext().createConfigIssue(
Groups.HADOOP_FS.name(),
CLUSTER_HDFS_CONFIG_BEAN_PREFIX + "hdfsKerberos",
Errors.HADOOPFS_00,
loginUgi.getAuthenticationMethod(),
UserGroupInformation.AuthenticationMethod.KERBEROS
)
);
}
} else {
logMessage.append("Using Simple");
hadoopConf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
UserGroupInformation.AuthenticationMethod.SIMPLE.name());
}
if (validHadoopFsUri) {
getUGI().doAs((PrivilegedExceptionAction<Void>) () -> {
try (FileSystem fs = getFileSystemForInitDestroy(null)) { // NOSONAR
// to trigger fs close
}
return null;
});
}
} catch (Exception ex) {
LOG.info("Error connecting to FileSystem: " + ex, ex);
issues.add(
getContext().createConfigIssue(
Groups.HADOOP_FS.name(),
null,
Errors.HADOOPFS_11,
conf.hdfsUri,
String.valueOf(ex),
ex
)
);
}
LOG.info("Authentication Config: {}", logMessage);
}
Example 10
| Source File: HadoopUtils.java From flink with Apache License 2.0 | 4 votes |
|
public static boolean isKerberosSecurityEnabled(UserGroupInformation ugi) {
return UserGroupInformation.isSecurityEnabled() && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.KERBEROS;
}
