Java Code Examples for org.apache.hadoop.security.UserGroupInformation#checkTGTAndReloginFromKeytab()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#checkTGTAndReloginFromKeytab() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DFSClientCache.java    From hadoop with Apache License 2.0 6 votes vote down vote up 
/**
 * This method uses the currentUser, and real user to create a proxy
 * @param effectiveUser The user who is being proxied by the real user
 * @param realUser The actual user who does the command
 * @return Proxy UserGroupInformation
 * @throws IOException If proxying fails
 */
UserGroupInformation getUserGroupInformation(
        String effectiveUser,
        UserGroupInformation realUser)
        throws IOException {
  Preconditions.checkNotNull(effectiveUser);
  Preconditions.checkNotNull(realUser);
  realUser.checkTGTAndReloginFromKeytab();

  UserGroupInformation ugi =
          UserGroupInformation.createProxyUser(effectiveUser, realUser);
  if (LOG.isDebugEnabled()){
    LOG.debug(String.format("Created ugi:" +
            " %s for username: %s", ugi, effectiveUser));
  }
  return ugi;
}
Example 2
Source File: WebHdfsFileSystem.java    From hadoop with Apache License 2.0 6 votes vote down vote up 
T run() throws IOException {
  UserGroupInformation connectUgi = ugi.getRealUser();
  if (connectUgi == null) {
    connectUgi = ugi;
  }
  if (op.getRequireAuth()) {
    connectUgi.checkTGTAndReloginFromKeytab();
  }
  try {
    // the entire lifecycle of the connection must be run inside the
    // doAs to ensure authentication is performed correctly
    return connectUgi.doAs(
        new PrivilegedExceptionAction<T>() {
          @Override
          public T run() throws IOException {
            return runWithRetry();
          }
        });
  } catch (InterruptedException e) {
    throw new IOException(e);
  }
}
Example 3
Source File: DFSClientCache.java    From big-c with Apache License 2.0 6 votes vote down vote up 
/**
 * This method uses the currentUser, and real user to create a proxy
 * @param effectiveUser The user who is being proxied by the real user
 * @param realUser The actual user who does the command
 * @return Proxy UserGroupInformation
 * @throws IOException If proxying fails
 */
UserGroupInformation getUserGroupInformation(
        String effectiveUser,
        UserGroupInformation realUser)
        throws IOException {
  Preconditions.checkNotNull(effectiveUser);
  Preconditions.checkNotNull(realUser);
  realUser.checkTGTAndReloginFromKeytab();

  UserGroupInformation ugi =
          UserGroupInformation.createProxyUser(effectiveUser, realUser);
  if (LOG.isDebugEnabled()){
    LOG.debug(String.format("Created ugi:" +
            " %s for username: %s", ugi, effectiveUser));
  }
  return ugi;
}
Example 4
Source File: WebHdfsFileSystem.java    From big-c with Apache License 2.0 6 votes vote down vote up 
T run() throws IOException {
  UserGroupInformation connectUgi = ugi.getRealUser();
  if (connectUgi == null) {
    connectUgi = ugi;
  }
  if (op.getRequireAuth()) {
    connectUgi.checkTGTAndReloginFromKeytab();
  }
  try {
    // the entire lifecycle of the connection must be run inside the
    // doAs to ensure authentication is performed correctly
    return connectUgi.doAs(
        new PrivilegedExceptionAction<T>() {
          @Override
          public T run() throws IOException {
            return runWithRetry();
          }
        });
  } catch (InterruptedException e) {
    throw new IOException(e);
  }
}
Example 5
Source File: AuthUtil.java    From hbase with Apache License 2.0 6 votes vote down vote up 
/**
 * Checks if security is enabled and if so, launches chore for refreshing kerberos ticket.
 * @return a ScheduledChore for renewals.
 */
@InterfaceAudience.Private
public static ScheduledChore getAuthRenewalChore(final UserGroupInformation user) {
  if (!user.hasKerberosCredentials()) {
    return null;
  }

  Stoppable stoppable = createDummyStoppable();
  // if you're in debug mode this is useful to avoid getting spammed by the getTGT()
  // you can increase this, keeping in mind that the default refresh window is 0.8
  // e.g. 5min tgt * 0.8 = 4min refresh so interval is better be way less than 1min
  final int CHECK_TGT_INTERVAL = 30 * 1000; // 30sec
  return new ScheduledChore("RefreshCredentials", stoppable, CHECK_TGT_INTERVAL) {
    @Override
    protected void chore() {
      try {
        user.checkTGTAndReloginFromKeytab();
      } catch (IOException e) {
        LOG.error("Got exception while trying to refresh credentials: " + e.getMessage(), e);
      }
    }
  };
}
Example 6
Source File: HiveClientImpl.java    From dremio-oss with Apache License 2.0 5 votes vote down vote up 
private void reloginExpiringKeytabUser() throws MetaException {
  if(UserGroupInformation.isSecurityEnabled()) {
    // renew the TGT if required
    try {
      UserGroupInformation ugi = UserGroupInformation.getLoginUser();
      if (ugi.isFromKeytab()) {
        ugi.checkTGTAndReloginFromKeytab();
      }
    } catch (IOException e) {
      final String msg = "Error doing relogin using keytab " + e.getMessage();
      logger.error(msg, e);
      throw new MetaException(msg);
    }
  }
}
Example 7
Source File: HiveClientImpl.java    From dremio-oss with Apache License 2.0 5 votes vote down vote up 
private void reloginExpiringKeytabUser() throws MetaException {
  if(UserGroupInformation.isSecurityEnabled()) {
    // renew the TGT if required
    try {
      UserGroupInformation ugi = UserGroupInformation.getLoginUser();
      if (ugi.isFromKeytab()) {
        ugi.checkTGTAndReloginFromKeytab();
      }
    } catch (IOException e) {
      final String msg = "Error doing relogin using keytab " + e.getMessage();
      logger.error(msg, e);
      throw new MetaException(msg);
    }
  }
}
Example 8
Source File: MiscUtil.java    From ranger with Apache License 2.0 5 votes vote down vote up 
public static UserGroupInformation getUGILoginUser() {
	UserGroupInformation ret = ugiLoginUser;

	if (ret == null) {
		try {
			// Do not cache ugiLoginUser if it is not explicitly set with
			// setUGILoginUser.
			// It appears that the user represented by
			// the returned object is periodically logged out and logged back
			// in when the token is scheduled to expire. So it is better
			// to get the user object every time from UserGroupInformation class and
			// not cache it
			ret = getLoginUser();
		} catch (IOException e) {
			logger.error("Error getting UGI.", e);
		}
	}

	if(ret != null) {
		try {
		ret.checkTGTAndReloginFromKeytab();
		} catch(IOException ioe) {
			logger.error("Error renewing TGT and relogin. Ignoring Exception, and continuing with the old TGT", ioe);
		}
	}

	return ret;
}