Java Code Examples for org.apache.hadoop.hbase.security.UserProvider#getCurrent()

The following examples show how to use org.apache.hadoop.hbase.security.UserProvider#getCurrent() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HBaseTablespace.java    From tajo with Apache License 2.0 6 votes vote down vote up
HConnectionKey(Configuration conf) {
  Map<String, String> m = new HashMap<>();
  if (conf != null) {
    for (String property : CONNECTION_PROPERTIES) {
      String value = conf.get(property);
      if (value != null) {
        m.put(property, value);
      }
    }
  }
  this.properties = Collections.unmodifiableMap(m);

  try {
    UserProvider provider = UserProvider.instantiate(conf);
    User currentUser = provider.getCurrent();
    if (currentUser != null) {
      username = currentUser.getName();
    }
  } catch (IOException ioe) {
    LOG.warn("Error obtaining current user, skipping username in HConnectionKey", ioe);
  }
}
 
Example 2
Source File: TableMapReduceUtil.java    From hbase with Apache License 2.0 6 votes vote down vote up
public static void initCredentials(JobConf job) throws IOException {
  UserProvider userProvider = UserProvider.instantiate(job);
  if (userProvider.isHadoopSecurityEnabled()) {
    // propagate delegation related props from launcher job to MR job
    if (System.getenv("HADOOP_TOKEN_FILE_LOCATION") != null) {
      job.set("mapreduce.job.credentials.binary", System.getenv("HADOOP_TOKEN_FILE_LOCATION"));
    }
  }

  if (userProvider.isHBaseSecurityEnabled()) {
    Connection conn = ConnectionFactory.createConnection(job);
    try {
      // login the server principal (if using secure Hadoop)
      User user = userProvider.getCurrent();
      TokenUtil.addTokenForJob(conn, job, user);
    } catch (InterruptedException ie) {
      LOG.error("Interrupted obtaining user authentication token", ie);
      Thread.currentThread().interrupt();
    } finally {
      conn.close();
    }
  }
}
 
Example 3
Source File: TableMapReduceUtil.java    From hbase with Apache License 2.0 5 votes vote down vote up
public static void initCredentials(Job job) throws IOException {
  UserProvider userProvider = UserProvider.instantiate(job.getConfiguration());
  if (userProvider.isHadoopSecurityEnabled()) {
    // propagate delegation related props from launcher job to MR job
    if (System.getenv("HADOOP_TOKEN_FILE_LOCATION") != null) {
      job.getConfiguration().set("mapreduce.job.credentials.binary",
                                 System.getenv("HADOOP_TOKEN_FILE_LOCATION"));
    }
  }

  if (userProvider.isHBaseSecurityEnabled()) {
    try {
      // init credentials for remote cluster
      String quorumAddress = job.getConfiguration().get(TableOutputFormat.QUORUM_ADDRESS);
      User user = userProvider.getCurrent();
      if (quorumAddress != null) {
        Configuration peerConf = HBaseConfiguration.createClusterConf(job.getConfiguration(),
            quorumAddress, TableOutputFormat.OUTPUT_CONF_PREFIX);
        Connection peerConn = ConnectionFactory.createConnection(peerConf);
        try {
          TokenUtil.addTokenForJob(peerConn, user, job);
        } finally {
          peerConn.close();
        }
      }

      Connection conn = ConnectionFactory.createConnection(job.getConfiguration());
      try {
        TokenUtil.addTokenForJob(conn, user, job);
      } finally {
        conn.close();
      }
    } catch (InterruptedException ie) {
      LOG.info("Interrupted obtaining user authentication token");
      Thread.currentThread().interrupt();
    }
  }
}
 
Example 4
Source File: AuthUtil.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * For kerberized cluster, return login user (from kinit or from keytab if specified).
 * For non-kerberized cluster, return system user.
 * @param conf configuartion file
 * @return user
 * @throws IOException login exception
 */
@InterfaceAudience.Private
public static User loginClient(Configuration conf) throws IOException {
  UserProvider provider = UserProvider.instantiate(conf);
  User user = provider.getCurrent();
  boolean securityOn = provider.isHBaseSecurityEnabled() && provider.isHadoopSecurityEnabled();

  if (securityOn) {
    boolean fromKeytab = provider.shouldLoginFromKeytab();
    if (user.getUGI().hasKerberosCredentials()) {
      // There's already a login user.
      // But we should avoid misuse credentials which is a dangerous security issue,
      // so here check whether user specified a keytab and a principal:
      // 1. Yes, check if user principal match.
      //    a. match, just return.
      //    b. mismatch, login using keytab.
      // 2. No, user may login through kinit, this is the old way, also just return.
      if (fromKeytab) {
        return checkPrincipalMatch(conf, user.getUGI().getUserName()) ? user :
          loginFromKeytabAndReturnUser(provider);
      }
      return user;
    } else if (fromKeytab) {
      // Kerberos is on and client specify a keytab and principal, but client doesn't login yet.
      return loginFromKeytabAndReturnUser(provider);
    }
  }
  return user;
}
 
Example 5
Source File: AuthUtil.java    From hbase with Apache License 2.0 5 votes vote down vote up
private static User loginFromKeytabAndReturnUser(UserProvider provider) throws IOException {
  try {
    provider.login(HBASE_CLIENT_KEYTAB_FILE, HBASE_CLIENT_KERBEROS_PRINCIPAL);
  } catch (IOException ioe) {
    LOG.error("Error while trying to login as user {} through {}, with message: {}.",
      HBASE_CLIENT_KERBEROS_PRINCIPAL, HBASE_CLIENT_KEYTAB_FILE,
      ioe.getMessage());
    throw ioe;
  }
  return provider.getCurrent();
}