Java Code Examples for org.apache.hadoop.classification.InterfaceStability#Evolving

The following examples show how to use org.apache.hadoop.classification.InterfaceStability#Evolving . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Create a proxy user using username of the effective user and the ugi of the
 * real user.
 * @param user
 * @param realUser
 * @return proxyUser ugi
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createProxyUser(String user,
    UserGroupInformation realUser) {
  if (user == null || user.isEmpty()) {
    throw new IllegalArgumentException("Null user");
  }
  if (realUser == null) {
    throw new IllegalArgumentException("Null real user");
  }
  Subject subject = new Subject();
  Set<Principal> principals = subject.getPrincipals();
  principals.add(new User(user));
  principals.add(new RealUser(realUser));
  UserGroupInformation result =new UserGroupInformation(subject);
  result.setAuthenticationMethod(AuthenticationMethod.PROXY);
  return result;
}
 
Example 2
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Create a proxy user using username of the effective user and the ugi of the
 * real user.
 * @param user
 * @param realUser
 * @return proxyUser ugi
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createProxyUser(String user,
    UserGroupInformation realUser) {
  if (user == null || user.isEmpty()) {
    throw new IllegalArgumentException("Null user");
  }
  if (realUser == null) {
    throw new IllegalArgumentException("Null real user");
  }
  Subject subject = new Subject();
  Set<Principal> principals = subject.getPrincipals();
  principals.add(new User(user));
  principals.add(new RealUser(realUser));
  UserGroupInformation result =new UserGroupInformation(subject);
  result.setAuthenticationMethod(AuthenticationMethod.PROXY);
  return result;
}
 
Example 3
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Create a UGI for testing HDFS and MapReduce
 * @param user the full user principal name
 * @param userGroups the names of the groups that the user belongs to
 * @return a fake user for running unit tests
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createUserForTesting(String user, 
                                                        String[] userGroups) {
  ensureInitialized();
  UserGroupInformation ugi = createRemoteUser(user);
  // make sure that the testing object is setup
  if (!(groups instanceof TestingGroups)) {
    groups = new TestingGroups(groups);
  }
  // add the user groups
  ((TestingGroups) groups).setUserGroups(ugi.getShortUserName(), userGroups);
  return ugi;
}
 
Example 4
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Run the given action as the user.
 * @param <T> the return type of the run method
 * @param action the method to execute
 * @return the value from the run method
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public <T> T doAs(PrivilegedAction<T> action) {
  logPrivilegedAction(subject, action);
  return Subject.doAs(subject, action);
}
 
Example 5
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Return the current user, including any doAs in the current stack.
 * @return the current user
 * @throws IOException if login fails
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public synchronized
static UserGroupInformation getCurrentUser() throws IOException {
  AccessControlContext context = AccessController.getContext();
  Subject subject = Subject.getSubject(context);
  if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
    return getLoginUser();
  } else {
    return new UserGroupInformation(subject);
  }
}
 
Example 6
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Return the current user, including any doAs in the current stack.
 * @return the current user
 * @throws IOException if login fails
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public synchronized
static UserGroupInformation getCurrentUser() throws IOException {
  AccessControlContext context = AccessController.getContext();
  Subject subject = Subject.getSubject(context);
  if (subject == null || subject.getPrincipals(User.class).isEmpty()) {
    return getLoginUser();
  } else {
    return new UserGroupInformation(subject);
  }
}
 
Example 7
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * get RealUser (vs. EffectiveUser)
 * @return realUser running over proxy user
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public UserGroupInformation getRealUser() {
  for (RealUser p: subject.getPrincipals(RealUser.class)) {
    return p.getRealUser();
  }
  return null;
}
 
Example 8
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Create a user from a login name. It is intended to be used for remote
 * users in RPC, since it won't have any credentials.
 * @param user the full user principal name, must not be empty or null
 * @return the UserGroupInformation for the remote user.
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user, AuthMethod authMethod) {
  if (user == null || user.isEmpty()) {
    throw new IllegalArgumentException("Null user");
  }
  Subject subject = new Subject();
  subject.getPrincipals().add(new User(user));
  UserGroupInformation result = new UserGroupInformation(subject);
  result.setAuthenticationMethod(authMethod);
  return result;
}
 
Example 9
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 4 votes vote down vote up
/**
 * Re-Login a user in from the ticket cache.  This
 * method assumes that login had happened already.
 * The Subject field of this UserGroupInformation object is updated to have
 * the new credentials.
 * @throws IOException on a failure
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public synchronized void reloginFromTicketCache()
throws IOException {
  if (!isSecurityEnabled() || 
      user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS ||
      !isKrbTkt)
    return;
  LoginContext login = getLogin();
  if (login == null) {
    throw new IOException("login must be done first");
  }
  long now = Time.now();
  if (!hasSufficientTimeElapsed(now)) {
    return;
  }
  // register most recent relogin attempt
  user.setLastLogin(now);
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Initiating logout for " + getUserName());
    }
    //clear up the kerberos state. But the tokens are not cleared! As per 
    //the Java kerberos login module code, only the kerberos credentials
    //are cleared
    login.logout();
    //login and also update the subject field of this instance to 
    //have the new credentials (pass it to the LoginContext constructor)
    login = 
      newLoginContext(HadoopConfiguration.USER_KERBEROS_CONFIG_NAME, 
          getSubject(), new HadoopConfiguration());
    if (LOG.isDebugEnabled()) {
      LOG.debug("Initiating re-login for " + getUserName());
    }
    login.login();
    setLogin(login);
  } catch (LoginException le) {
    throw new IOException("Login failure for " + getUserName(), le);
  } 
}
 
Example 10
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 4 votes vote down vote up
@InterfaceAudience.Private
@InterfaceStability.Evolving
private static boolean isAuthenticationMethodEnabled(AuthenticationMethod method) {
  ensureInitialized();
  return (authenticationMethod == method);
}
 
Example 11
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Get the user's full principal name.
 * @return the user's full principal name.
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public String getUserName() {
  return user.getName();
}
 
Example 12
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 4 votes vote down vote up
/**
 * Did the login happen via keytab
 * @return true or false
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public synchronized static boolean isLoginKeytabBased() throws IOException {
  return getLoginUser().isKeytab;
}
 
Example 13
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Did the login happen via keytab
 * @return true or false
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public synchronized static boolean isLoginKeytabBased() throws IOException {
  return getLoginUser().isKeytab;
}
 
Example 14
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 4 votes vote down vote up
/**
 * Re-Login a user in from a keytab file. Loads a user identity from a keytab
 * file and logs them in. They become the currently logged-in user. This
 * method assumes that {@link #loginUserFromKeytab(String, String)} had 
 * happened already.
 * The Subject field of this UserGroupInformation object is updated to have
 * the new credentials.
 * @throws IOException on a failure
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public synchronized void reloginFromKeytab()
throws IOException {
  if (!isSecurityEnabled() ||
       user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS ||
       !isKeytab)
    return;
  
  long now = Time.now();
  if (!shouldRenewImmediatelyForTests && !hasSufficientTimeElapsed(now)) {
    return;
  }

  KerberosTicket tgt = getTGT();
  //Return if TGT is valid and is not going to expire soon.
  if (tgt != null && !shouldRenewImmediatelyForTests &&
      now < getRefreshTime(tgt)) {
    return;
  }
  
  LoginContext login = getLogin();
  if (login == null || keytabFile == null) {
    throw new IOException("loginUserFromKeyTab must be done first");
  }
  
  long start = 0;
  // register most recent relogin attempt
  user.setLastLogin(now);
  try {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Initiating logout for " + getUserName());
    }
    synchronized (UserGroupInformation.class) {
      // clear up the kerberos state. But the tokens are not cleared! As per
      // the Java kerberos login module code, only the kerberos credentials
      // are cleared
      login.logout();
      // login and also update the subject field of this instance to
      // have the new credentials (pass it to the LoginContext constructor)
      login = newLoginContext(
          HadoopConfiguration.KEYTAB_KERBEROS_CONFIG_NAME, getSubject(),
          new HadoopConfiguration());
      if (LOG.isDebugEnabled()) {
        LOG.debug("Initiating re-login for " + keytabPrincipal);
      }
      start = Time.now();
      login.login();
      metrics.loginSuccess.add(Time.now() - start);
      setLogin(login);
    }
  } catch (LoginException le) {
    if (start > 0) {
      metrics.loginFailure.add(Time.now() - start);
    }
    throw new IOException("Login failure for " + keytabPrincipal + 
        " from keytab " + keytabFile, le);
  } 
}
 
Example 15
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@InterfaceAudience.Private
@InterfaceStability.Evolving
private static boolean isAuthenticationMethodEnabled(AuthenticationMethod method) {
  ensureInitialized();
  return (authenticationMethod == method);
}
 
Example 16
Source File: SecurityUtil.java    From hadoop with Apache License 2.0 3 votes vote down vote up
/**
 * Convert Kerberos principal name pattern to valid Kerberos principal
 * names. It replaces hostname pattern with hostname, which should be
 * fully-qualified domain name. If hostname is null or "0.0.0.0", it uses
 * dynamically looked-up fqdn of the current host instead.
 * 
 * @param principalConfig
 *          the Kerberos principal name conf value to convert
 * @param hostname
 *          the fully-qualified domain name used for substitution
 * @return converted Kerberos principal name
 * @throws IOException if the client address cannot be determined
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static String getServerPrincipal(String principalConfig,
    String hostname) throws IOException {
  String[] components = getComponents(principalConfig);
  if (components == null || components.length != 3
      || !components[1].equals(HOSTNAME_PATTERN)) {
    return principalConfig;
  } else {
    return replacePattern(components, hostname);
  }
}
 
Example 17
Source File: SecurityUtil.java    From big-c with Apache License 2.0 3 votes vote down vote up
/**
 * Login as a principal specified in config. Substitute $host in
 * user's Kerberos principal name with a dynamically looked-up fully-qualified
 * domain name of the current host.
 * 
 * @param conf
 *          conf to use
 * @param keytabFileKey
 *          the key to look for keytab file in conf
 * @param userNameKey
 *          the key to look for user's Kerberos principal name in conf
 * @throws IOException if login fails
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static void login(final Configuration conf,
    final String keytabFileKey, final String userNameKey) throws IOException {
  login(conf, keytabFileKey, userNameKey, getLocalHostName());
}
 
Example 18
Source File: FileContext.java    From big-c with Apache License 2.0 3 votes vote down vote up
/**
 * Return blockLocation of the given file for the given offset and len.
 *  For a nonexistent file or regions, null will be returned.
 *
 * This call is most helpful with DFS, where it returns 
 * hostnames of machines that contain the given file.
 * 
 * @param f - get blocklocations of this file
 * @param start position (byte offset)
 * @param len (in bytes)
 *
 * @return block locations for given file at specified offset of len
 *
 * @throws AccessControlException If access is denied
 * @throws FileNotFoundException If <code>f</code> does not exist
 * @throws UnsupportedFileSystemException If file system for <code>f</code> is
 *           not supported
 * @throws IOException If an I/O error occurred
 * 
 * Exceptions applicable to file systems accessed over RPC:
 * @throws RpcClientException If an exception occurred in the RPC client
 * @throws RpcServerException If an exception occurred in the RPC server
 * @throws UnexpectedServerException If server implementation throws 
 *           undeclared exception to RPC server
 * 
 * RuntimeExceptions:
 * @throws InvalidPathException If path <code>f</code> is invalid
 */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
public BlockLocation[] getFileBlockLocations(final Path f, final long start,
    final long len) throws AccessControlException, FileNotFoundException,
    UnsupportedFileSystemException, IOException {
  final Path absF = fixRelativePart(f);
  return new FSLinkResolver<BlockLocation[]>() {
    @Override
    public BlockLocation[] next(final AbstractFileSystem fs, final Path p) 
      throws IOException, UnresolvedLinkException {
      return fs.getFileBlockLocations(p, start, len);
    }
  }.resolve(this, absF);
}
 
Example 19
Source File: UserGroupInformation.java    From hadoop with Apache License 2.0 2 votes vote down vote up
/**
 * Create a user from a login name. It is intended to be used for remote
 * users in RPC, since it won't have any credentials.
 * @param user the full user principal name, must not be empty or null
 * @return the UserGroupInformation for the remote user.
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user) {
  return createRemoteUser(user, AuthMethod.SIMPLE);
}
 
Example 20
Source File: UserGroupInformation.java    From big-c with Apache License 2.0 2 votes vote down vote up
/**
 * Create a user from a login name. It is intended to be used for remote
 * users in RPC, since it won't have any credentials.
 * @param user the full user principal name, must not be empty or null
 * @return the UserGroupInformation for the remote user.
 */
@InterfaceAudience.Public
@InterfaceStability.Evolving
public static UserGroupInformation createRemoteUser(String user) {
  return createRemoteUser(user, AuthMethod.SIMPLE);
}