Java Code Examples for org.apache.hadoop.security.UserGroupInformation#getLoginUser()
The following examples show how to use
org.apache.hadoop.security.UserGroupInformation#getLoginUser() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: HivePurgerPublisher.java From incubator-gobblin with Apache License 2.0 | 7 votes |
|
public void initHiveMetastoreClient() throws Exception {
if (this.state.contains(ConfigurationKeys.SUPER_USER_KEY_TAB_LOCATION)) {
String superUser = this.state.getProp(ComplianceConfigurationKeys.GOBBLIN_COMPLIANCE_SUPER_USER);
String realm = this.state.getProp(ConfigurationKeys.KERBEROS_REALM);
String keytabLocation = this.state.getProp(ConfigurationKeys.SUPER_USER_KEY_TAB_LOCATION);
log.info("Establishing MetastoreClient connection using " + keytabLocation);
UserGroupInformation.loginUserFromKeytab(HostUtils.getPrincipalUsingHostname(superUser, realm), keytabLocation);
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
loginUser.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws TException {
HivePurgerPublisher.this.client = new HiveMetaStoreClient(new HiveConf());
return null;
}
});
} else {
HivePurgerPublisher.this.client = new HiveMetaStoreClient(new HiveConf());
}
}
Example 2
| Source File: SecureExecutor.java From Bats with Apache License 2.0 | 6 votes |
|
public static <T> T execute(final SecureExecutor.WorkLoad<T> workLoad) throws IOException
{
if (UserGroupInformation.isSecurityEnabled()) {
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
return loginUser.doAs(new PrivilegedAction<T>()
{
@Override
public T run()
{
return workLoad.run();
}
});
} else {
return workLoad.run();
}
}
Example 3
| Source File: HttpFSFileSystem.java From hadoop with Apache License 2.0 | 6 votes |
|
/**
* Called after a new FileSystem instance is constructed.
*
* @param name a uri whose authority section names the host, port, etc. for this FileSystem
* @param conf the configuration
*/
@Override
public void initialize(URI name, Configuration conf) throws IOException {
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
//the real use is the one that has the Kerberos credentials needed for
//SPNEGO to work
realUser = ugi.getRealUser();
if (realUser == null) {
realUser = UserGroupInformation.getLoginUser();
}
super.initialize(name, conf);
try {
uri = new URI(name.getScheme() + "://" + name.getAuthority());
} catch (URISyntaxException ex) {
throw new IOException(ex);
}
Class<? extends DelegationTokenAuthenticator> klass =
getConf().getClass("httpfs.authenticator.class",
KerberosDelegationTokenAuthenticator.class,
DelegationTokenAuthenticator.class);
DelegationTokenAuthenticator authenticator =
ReflectionUtils.newInstance(klass, getConf());
authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
Example 4
| Source File: UGICacheMultiThreadTest.java From pxf with Apache License 2.0 | 6 votes |
|
@Before
public void setUp() throws IOException {
provider = new FakeUgiProvider();
Configuration configuration = new Configuration();
int l = 0;
for (int i = 0; i < numberOfSegments; i++) {
for (int j = 0; j < numberOfUsers; j++) {
for (int k = 0; k < numberOfTxns; k++) {
sessions[l++] = new SessionId(i, "txn-id-" + k, "the-user-" + j, "default", configuration, UserGroupInformation.getLoginUser());
}
}
}
fakeTicker = new FakeTicker();
cache = new UGICache(provider, fakeTicker);
}
Example 5
| Source File: Gridmix.java From big-c with Apache License 2.0 | 6 votes |
|
public int run(final String[] argv) throws IOException, InterruptedException {
int val = -1;
final Configuration conf = getConf();
UserGroupInformation.setConfiguration(conf);
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
val = ugi.doAs(new PrivilegedExceptionAction<Integer>() {
public Integer run() throws Exception {
return runJob(conf, argv);
}
});
// print the gridmix summary if the run was successful
if (val == 0) {
// print the run summary
System.out.print("\n\n");
System.out.println(summarizer.toString());
}
return val;
}
Example 6
| Source File: HdfsUtils.java From dk-fitting with Apache License 2.0 | 6 votes |
|
public static FileSystem getFs(String krb5_conf, String principal, String keytab) throws Exception {
if (fs != null) {
return fs;
} else {
System.out.println("hdfs_site:" + Prop.getProperty("datasource.hdfs_xml_path"));
System.out.println("core_site:" + Prop.getProperty("datasource.core_xml_path"));
conf.addResource(new Path(Prop.getProperty("datasource.hdfs_xml_path")));
conf.addResource(new Path(Prop.getProperty("datasource.core_xml_path")));
conf.set("dfs.client.block.write.replace-datanode-on-failure.policy", "NEVER");
conf.set("dfs.client.block.write.replace-datanode-on-failure.enable", "true");
//conf.setBoolean("fs.hdfs.impl.disable.cache", true);
if (StringUtils.isNotBlank(krb5_conf) && StringUtils.isNotBlank(principal) && StringUtils.isNotBlank(keytab)) {
System.setProperty("java.security.krb5.conf", krb5_conf);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(principal, keytab);
UserGroupInformation.getLoginUser();
}
fs = FileSystem.get(conf);
return fs;
}
}
Example 7
| Source File: DataNode.java From big-c with Apache License 2.0 | 6 votes |
|
public static InterDatanodeProtocol createInterDataNodeProtocolProxy(
DatanodeID datanodeid, final Configuration conf, final int socketTimeout,
final boolean connectToDnViaHostname) throws IOException {
final String dnAddr = datanodeid.getIpcAddr(connectToDnViaHostname);
final InetSocketAddress addr = NetUtils.createSocketAddr(dnAddr);
if (LOG.isDebugEnabled()) {
LOG.debug("Connecting to datanode " + dnAddr + " addr=" + addr);
}
final UserGroupInformation loginUgi = UserGroupInformation.getLoginUser();
try {
return loginUgi
.doAs(new PrivilegedExceptionAction<InterDatanodeProtocol>() {
@Override
public InterDatanodeProtocol run() throws IOException {
return new InterDatanodeProtocolTranslatorPB(addr, loginUgi,
conf, NetUtils.getDefaultSocketFactory(conf), socketTimeout);
}
});
} catch (InterruptedException ie) {
throw new IOException(ie.getMessage());
}
}
Example 8
| Source File: HiveImpersonationUtil.java From dremio-oss with Apache License 2.0 | 5 votes |
|
/**
* Return the {@link UserGroupInformation} of user who is running the SabotNode.
*
* @return SabotNode process user {@link UserGroupInformation}.
*/
public static UserGroupInformation getProcessUserUGI() {
try {
return UserGroupInformation.getLoginUser();
} catch (IOException e) {
final String errMsg = "Failed to get process user UserGroupInformation object.";
logger.error(errMsg, e);
throw new RuntimeException(errMsg, e);
}
}
Example 9
| Source File: DFSZKFailoverController.java From big-c with Apache License 2.0 | 5 votes |
|
@Override
protected void checkRpcAdminAccess() throws IOException, AccessControlException {
UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
UserGroupInformation zkfcUgi = UserGroupInformation.getLoginUser();
if (adminAcl.isUserAllowed(ugi) ||
ugi.getShortUserName().equals(zkfcUgi.getShortUserName())) {
LOG.info("Allowed RPC access from " + ugi + " at " + Server.getRemoteAddress());
return;
}
String msg = "Disallowed RPC access from " + ugi + " at " +
Server.getRemoteAddress() + ". Not listed in " + DFSConfigKeys.DFS_ADMIN;
LOG.warn(msg);
throw new AccessControlException(msg);
}
Example 10
| Source File: GenerateData.java From big-c with Apache License 2.0 | 5 votes |
|
@Override
public Job call() throws IOException, InterruptedException,
ClassNotFoundException {
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
ugi.doAs( new PrivilegedExceptionAction <Job>() {
public Job run() throws IOException, ClassNotFoundException,
InterruptedException {
// check if compression emulation is enabled
if (CompressionEmulationUtil
.isCompressionEmulationEnabled(job.getConfiguration())) {
CompressionEmulationUtil.configure(job);
} else {
configureRandomBytesDataGenerator();
}
job.submit();
return job;
}
private void configureRandomBytesDataGenerator() {
job.setMapperClass(GenDataMapper.class);
job.setNumReduceTasks(0);
job.setMapOutputKeyClass(NullWritable.class);
job.setMapOutputValueClass(BytesWritable.class);
job.setInputFormatClass(GenDataFormat.class);
job.setOutputFormatClass(RawBytesOutputFormat.class);
job.setJarByClass(GenerateData.class);
try {
FileInputFormat.addInputPath(job, new Path("ignored"));
} catch (IOException e) {
LOG.error("Error while adding input path ", e);
}
}
});
return job;
}
Example 11
| Source File: HiveClientImpl.java From dremio-oss with Apache License 2.0 | 5 votes |
|
private void reloginExpiringKeytabUser() throws MetaException {
if(UserGroupInformation.isSecurityEnabled()) {
// renew the TGT if required
try {
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
if (ugi.isFromKeytab()) {
ugi.checkTGTAndReloginFromKeytab();
}
} catch (IOException e) {
final String msg = "Error doing relogin using keytab " + e.getMessage();
logger.error(msg, e);
throw new MetaException(msg);
}
}
}
Example 12
| Source File: GenerateData.java From hadoop with Apache License 2.0 | 5 votes |
|
@Override
public Job call() throws IOException, InterruptedException,
ClassNotFoundException {
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
ugi.doAs( new PrivilegedExceptionAction <Job>() {
public Job run() throws IOException, ClassNotFoundException,
InterruptedException {
// check if compression emulation is enabled
if (CompressionEmulationUtil
.isCompressionEmulationEnabled(job.getConfiguration())) {
CompressionEmulationUtil.configure(job);
} else {
configureRandomBytesDataGenerator();
}
job.submit();
return job;
}
private void configureRandomBytesDataGenerator() {
job.setMapperClass(GenDataMapper.class);
job.setNumReduceTasks(0);
job.setMapOutputKeyClass(NullWritable.class);
job.setMapOutputValueClass(BytesWritable.class);
job.setInputFormatClass(GenDataFormat.class);
job.setOutputFormatClass(RawBytesOutputFormat.class);
job.setJarByClass(GenerateData.class);
try {
FileInputFormat.addInputPath(job, new Path("ignored"));
} catch (IOException e) {
LOG.error("Error while adding input path ", e);
}
}
});
return job;
}
Example 13
| Source File: BrokerTokenRenewer.java From gcp-token-broker with Apache License 2.0 | 5 votes |
|
@Override
public void cancel(Token<?> t, Configuration config) throws IOException {
Token<BrokerTokenIdentifier> token = (Token<BrokerTokenIdentifier>) t;
BrokerTokenIdentifier tokenIdentifier = (BrokerTokenIdentifier) GcsDelegationTokens.extractIdentifier(token);
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
BrokerServerInfo serverInfo = Utils.getBrokerDetailsFromConfig(config);
loginUser.doAs((PrivilegedAction<Void>) () -> {
CancelSessionToken.submit(serverInfo, tokenIdentifier.getSessionToken());
return null;
});
}
Example 14
| Source File: TestSecureIPC.java From hbase with Apache License 2.0 | 5 votes |
|
private UserGroupInformation loginKerberosPrincipal(String krbKeytab, String krbPrincipal)
throws Exception {
Configuration cnf = new Configuration();
cnf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(cnf);
UserGroupInformation.loginUserFromKeytab(krbPrincipal, krbKeytab);
return UserGroupInformation.getLoginUser();
}
Example 15
| Source File: ClientRMService.java From big-c with Apache License 2.0 | 5 votes |
|
private String getRenewerForToken(Token<RMDelegationTokenIdentifier> token)
throws IOException {
UserGroupInformation user = UserGroupInformation.getCurrentUser();
UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
// we can always renew our own tokens
return loginUser.getUserName().equals(user.getUserName())
? token.decodeIdentifier().getRenewer().toString()
: user.getShortUserName();
}
Example 16
| Source File: HSAdminServer.java From big-c with Apache License 2.0 | 5 votes |
|
@Override
protected void serviceStart() throws Exception {
if (UserGroupInformation.isSecurityEnabled()) {
loginUGI = UserGroupInformation.getLoginUser();
} else {
loginUGI = UserGroupInformation.getCurrentUser();
}
clientRpcServer.start();
}
Example 17
| Source File: UGICacheTest.java From pxf with Apache License 2.0 | 5 votes |
|
@Test
public void getTwoUGIsWithDifferentUsers() throws Exception {
SessionId otherSession = new SessionId(0, "txn-id", "different-user", "default", new Configuration(), UserGroupInformation.getLoginUser());
UserGroupInformation ugi1 = cache.getUserGroupInformation(session, false);
UserGroupInformation ugi2 = cache.getUserGroupInformation(otherSession, false);
assertNotEquals(ugi1, ugi2);
verify(provider, times(1)).createRemoteUser(eq("the-user"), any(SessionId.class));
verify(provider, times(1)).createRemoteUser(eq("different-user"), any(SessionId.class));
assertCacheSize(2);
assertStillInCache(session, ugi1);
assertStillInCache(otherSession, ugi2);
}
Example 18
| Source File: LaunchContainerRunnable.java From Bats with Apache License 2.0 | 5 votes |
|
public static ByteBuffer getTokens(StramDelegationTokenManager delegationTokenManager, InetSocketAddress heartbeatAddress) throws IOException
{
if (UserGroupInformation.isSecurityEnabled()) {
UserGroupInformation ugi = UserGroupInformation.getLoginUser();
StramDelegationTokenIdentifier identifier = new StramDelegationTokenIdentifier(new Text(ugi.getUserName()), new Text(""), new Text(""));
String service = heartbeatAddress.getAddress().getHostAddress() + ":" + heartbeatAddress.getPort();
Token<StramDelegationTokenIdentifier> stramToken = new Token<>(identifier, delegationTokenManager);
stramToken.setService(new Text(service));
return getTokens(ugi, stramToken);
}
return null;
}
Example 19
| Source File: MiscUtil.java From ranger with Apache License 2.0 | 4 votes |
|
public static void setUGIFromJAASConfig(String jaasConfigAppName) throws Exception {
String keytabFile = null;
String principal = null;
UserGroupInformation ugi = null;
if (logger.isDebugEnabled()){
logger.debug("===> MiscUtil.setUGIFromJAASConfig() jaasConfigAppName: " + jaasConfigAppName);
}
try {
AppConfigurationEntry entries[] = Configuration.getConfiguration().getAppConfigurationEntry(jaasConfigAppName);
if(!ArrayUtils.isEmpty(entries)) {
for (AppConfigurationEntry entry : entries) {
if (entry.getOptions().get("keyTab") != null) {
keytabFile = (String) entry.getOptions().get("keyTab");
}
if (entry.getOptions().get("principal") != null) {
principal = (String) entry.getOptions().get("principal");
}
if (!StringUtils.isEmpty(principal) && !StringUtils.isEmpty(keytabFile)) {
break;
}
}
if (!StringUtils.isEmpty(principal) && !StringUtils.isEmpty(keytabFile)) {
// This will login and set the UGI
UserGroupInformation.loginUserFromKeytab(principal, keytabFile);
ugi = UserGroupInformation.getLoginUser();
} else {
String error_mesage = "Unable to get the principal/keytab from jaasConfigAppName: " + jaasConfigAppName;
logger.error(error_mesage);
throw new Exception(error_mesage);
}
logger.info("MiscUtil.setUGIFromJAASConfig() UGI: " + ugi + " principal: " + principal + " keytab: " + keytabFile);
} else {
logger.warn("JAASConfig file not found! Ranger Plugin will not working in a Secure Cluster...");
}
} catch ( Exception e) {
logger.error("Unable to set UGI for Principal: " + principal + " keytab: " + keytabFile );
throw e;
}
if (logger.isDebugEnabled()) {
logger.debug("<=== MiscUtil.setUGIFromJAASConfig() jaasConfigAppName: " + jaasConfigAppName + " UGI: " + ugi + " principal: " + principal + " keytab: " + keytabFile);
}
}
Example 20
| Source File: SecurityUtil.java From nifi with Apache License 2.0 | 2 votes |
|
/**
* Initializes UserGroupInformation with the given Configuration and returns UserGroupInformation.getLoginUser().
* All logins should happen through this class to ensure other threads are not concurrently modifying
* UserGroupInformation.
*
* @param config the configuration instance
*
* @return the UGI for the given principal
*
* @throws IOException if login failed
*/
public static synchronized UserGroupInformation loginSimple(final Configuration config) throws IOException {
Validate.notNull(config);
UserGroupInformation.setConfiguration(config);
return UserGroupInformation.getLoginUser();
}
