Java Code Examples for org.apache.hadoop.hbase.security.UserProvider#login()
The following examples show how to use
org.apache.hadoop.hbase.security.UserProvider#login() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HBaseSecurityUtil.java From storm-hbase with Apache License 2.0 | 6 votes |
public static UserProvider login(Map conf, Configuration hbaseConfig) throws IOException { UserProvider provider = UserProvider.instantiate(hbaseConfig); if (UserGroupInformation.isSecurityEnabled()) { String keytab = (String) conf.get(STORM_KEYTAB_FILE_KEY); if (keytab != null) { hbaseConfig.set(STORM_KEYTAB_FILE_KEY, keytab); } String userName = (String) conf.get(STORM_USER_NAME_KEY); if (userName != null) { hbaseConfig.set(STORM_USER_NAME_KEY, userName); } provider.login(STORM_KEYTAB_FILE_KEY, STORM_USER_NAME_KEY, InetAddress.getLocalHost().getCanonicalHostName()); } return provider; }
Example 2
Source File: HMaster.java From hbase with Apache License 2.0 | 5 votes |
/** * For compatibility, if failed with regionserver credentials, try the master one */ @Override protected void login(UserProvider user, String host) throws IOException { try { super.login(user, host); } catch (IOException ie) { user.login(SecurityConstants.MASTER_KRB_KEYTAB_FILE, SecurityConstants.MASTER_KRB_PRINCIPAL, host); } }
Example 3
Source File: RESTServer.java From hbase with Apache License 2.0 | 5 votes |
private static Pair<FilterHolder, Class<? extends ServletContainer>> loginServerPrincipal( UserProvider userProvider, Configuration conf) throws Exception { Class<? extends ServletContainer> containerClass = ServletContainer.class; if (userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled()) { String machineName = Strings.domainNamePointerToHostName( DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"), conf.get(REST_DNS_NAMESERVER, "default"))); String keytabFilename = conf.get(REST_KEYTAB_FILE); Preconditions.checkArgument(keytabFilename != null && !keytabFilename.isEmpty(), REST_KEYTAB_FILE + " should be set if security is enabled"); String principalConfig = conf.get(REST_KERBEROS_PRINCIPAL); Preconditions.checkArgument(principalConfig != null && !principalConfig.isEmpty(), REST_KERBEROS_PRINCIPAL + " should be set if security is enabled"); // Hook for unit tests, this will log out any other user and mess up tests. if (!conf.getBoolean(SKIP_LOGIN_KEY, false)) { userProvider.login(REST_KEYTAB_FILE, REST_KERBEROS_PRINCIPAL, machineName); } if (conf.get(REST_AUTHENTICATION_TYPE) != null) { containerClass = RESTServletContainer.class; FilterHolder authFilter = new FilterHolder(); authFilter.setClassName(AuthFilter.class.getName()); authFilter.setName("AuthenticationFilter"); return new Pair<>(authFilter,containerClass); } } return new Pair<>(null, containerClass); }
Example 4
Source File: AuthUtil.java From hbase with Apache License 2.0 | 5 votes |
private static User loginFromKeytabAndReturnUser(UserProvider provider) throws IOException { try { provider.login(HBASE_CLIENT_KEYTAB_FILE, HBASE_CLIENT_KERBEROS_PRINCIPAL); } catch (IOException ioe) { LOG.error("Error while trying to login as user {} through {}, with message: {}.", HBASE_CLIENT_KERBEROS_PRINCIPAL, HBASE_CLIENT_KEYTAB_FILE, ioe.getMessage()); throw ioe; } return provider.getCurrent(); }
Example 5
Source File: ThriftServer.java From hbase with Apache License 2.0 | 4 votes |
protected void setupParamters() throws IOException { // login the server principal (if using secure Hadoop) UserProvider userProvider = UserProvider.instantiate(conf); securityEnabled = userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled(); if (securityEnabled) { host = Strings.domainNamePointerToHostName(DNS.getDefaultHost( conf.get(THRIFT_DNS_INTERFACE_KEY, "default"), conf.get(THRIFT_DNS_NAMESERVER_KEY, "default"))); userProvider.login(THRIFT_KEYTAB_FILE_KEY, THRIFT_KERBEROS_PRINCIPAL_KEY, host); // Setup the SPNEGO user for HTTP if configured String spnegoPrincipal = getSpengoPrincipal(conf, host); String spnegoKeytab = getSpnegoKeytab(conf); UserGroupInformation.setConfiguration(conf); // login the SPNEGO principal using UGI to avoid polluting the login user this.httpUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(spnegoPrincipal, spnegoKeytab); } this.serviceUGI = userProvider.getCurrent().getUGI(); if (httpUGI == null) { this.httpUGI = serviceUGI; } this.listenPort = conf.getInt(PORT_CONF_KEY, DEFAULT_LISTEN_PORT); this.metrics = createThriftMetrics(conf); this.pauseMonitor = new JvmPauseMonitor(conf, this.metrics.getSource()); this.hbaseServiceHandler = createHandler(conf, userProvider); this.hbaseServiceHandler.initMetrics(metrics); this.processor = createProcessor(); httpEnabled = conf.getBoolean(USE_HTTP_CONF_KEY, false); doAsEnabled = conf.getBoolean(THRIFT_SUPPORT_PROXYUSER_KEY, false); if (doAsEnabled && !httpEnabled) { LOG.warn("Fail to enable the doAs feature. " + USE_HTTP_CONF_KEY + " is not configured"); } String strQop = conf.get(THRIFT_QOP_KEY); if (strQop != null) { this.qop = SaslUtil.getQop(strQop); } if (qop != null) { if (qop != SaslUtil.QualityOfProtection.AUTHENTICATION && qop != SaslUtil.QualityOfProtection.INTEGRITY && qop != SaslUtil.QualityOfProtection.PRIVACY) { throw new IOException(String.format("Invalid %s: It must be one of %s, %s, or %s.", THRIFT_QOP_KEY, SaslUtil.QualityOfProtection.AUTHENTICATION.name(), SaslUtil.QualityOfProtection.INTEGRITY.name(), SaslUtil.QualityOfProtection.PRIVACY.name())); } checkHttpSecurity(qop, conf); if (!securityEnabled) { throw new IOException("Thrift server must run in secure mode to support authentication"); } } registerFilters(conf); pauseMonitor.start(); }
Example 6
Source File: HRegionServer.java From hbase with Apache License 2.0 | 4 votes |
protected void login(UserProvider user, String host) throws IOException { user.login(SecurityConstants.REGIONSERVER_KRB_KEYTAB_FILE, SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, host); }