Java Code Examples for org.apache.hadoop.security.UserGroupInformation#loginUserFromSubject()
The following examples show how to use
org.apache.hadoop.security.UserGroupInformation#loginUserFromSubject() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: LoginProcessor.java From atlas with Apache License 2.0 | 6 votes |
|
protected void doServiceLogin(Configuration hadoopConfig,
org.apache.commons.configuration.Configuration configuration) {
UserGroupInformation.setConfiguration(hadoopConfig);
UserGroupInformation ugi = null;
UserGroupInformation.AuthenticationMethod authenticationMethod =
SecurityUtil.getAuthenticationMethod(hadoopConfig);
try {
if (authenticationMethod == UserGroupInformation.AuthenticationMethod.SIMPLE) {
UserGroupInformation.loginUserFromSubject(null);
} else if (authenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS) {
String bindAddress = getHostname(configuration);
UserGroupInformation.loginUserFromKeytab(
getServerPrincipal(configuration.getString(AUTHENTICATION_PRINCIPAL), bindAddress),
configuration.getString(AUTHENTICATION_KEYTAB));
}
LOG.info("Logged in user {}", UserGroupInformation.getLoginUser());
} catch (IOException e) {
throw new IllegalStateException(String.format("Unable to perform %s login.", authenticationMethod), e);
}
}
Example 2
| Source File: ContextCommands.java From hdfs-shell with Apache License 2.0 | 6 votes |
|
@CliCommand(value = "su", help = "Changes current active user [*experimental*]")
public synchronized String su(@CliOption(key = {""}, help = "su [<username>]") String newUser) throws IOException {
if (StringUtils.isEmpty(newUser)) {
return "No username is defined! ";
}
// else {
// newUser = BashUtils.parseArguments(newUser)[0];
// }
final FileSystem fs = getFileSystem();
final Path usersDir = new Path("/user");
if (fs.exists(usersDir)) {
final String finalNewUser = newUser;
final boolean foundUser = Arrays.stream(fs.listStatus(usersDir)).
filter(FileStatus::isDirectory).
anyMatch(fileStatus -> fileStatus.getPath().getName().equals(finalNewUser));
if (!foundUser) {
return "User " + newUser + " does not exist!";
}
}
System.setProperty("HADOOP_USER_NAME", newUser);
UserGroupInformation.loginUserFromSubject(null);
currentDir = null;
return "";
}
Example 3
| Source File: LoginProcessor.java From incubator-atlas with Apache License 2.0 | 6 votes |
|
protected void doServiceLogin(Configuration hadoopConfig,
org.apache.commons.configuration.Configuration configuration) {
UserGroupInformation.setConfiguration(hadoopConfig);
UserGroupInformation ugi = null;
UserGroupInformation.AuthenticationMethod authenticationMethod =
SecurityUtil.getAuthenticationMethod(hadoopConfig);
try {
if (authenticationMethod == UserGroupInformation.AuthenticationMethod.SIMPLE) {
UserGroupInformation.loginUserFromSubject(null);
} else if (authenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS) {
String bindAddress = getHostname(configuration);
UserGroupInformation.loginUserFromKeytab(
getServerPrincipal(configuration.getString(AUTHENTICATION_PRINCIPAL), bindAddress),
configuration.getString(AUTHENTICATION_KEYTAB));
}
LOG.info("Logged in user {}", UserGroupInformation.getLoginUser());
} catch (IOException e) {
throw new IllegalStateException(String.format("Unable to perform %s login.", authenticationMethod), e);
}
}
Example 4
| Source File: DefaultLoginUgiProvider.java From datacollector with Apache License 2.0 | 6 votes |
|
@Override
public UserGroupInformation getLoginUgi(Configuration hdfsConfiguration) throws IOException {
AccessControlContext accessContext = AccessController.getContext();
Subject subject = Subject.getSubject(accessContext);
UserGroupInformation loginUgi;
//HADOOP-13805
HadoopConfigurationUtils.configureHadoopTreatSubjectExternal(hdfsConfiguration);
UserGroupInformation.setConfiguration(hdfsConfiguration);
if (UserGroupInformation.isSecurityEnabled()) {
loginUgi = UserGroupInformation.getUGIFromSubject(subject);
} else {
UserGroupInformation.loginUserFromSubject(subject);
loginUgi = UserGroupInformation.getLoginUser();
}
if (LOG.isDebugEnabled()) {
LOG.debug(
"Subject = {}, Principals = {}, Login UGI = {}",
subject,
subject == null ? "null" : subject.getPrincipals(),
loginUgi
);
}
return loginUgi;
}
Example 5
| Source File: BrokerAccessTokenProviderTest.java From gcp-token-broker with Apache License 2.0 | 5 votes |
|
@Test
public void testProviderRefresh() throws IOException {
TestingTools.startServer(new FakeServer(fakeKDC), grpcCleanup);
Configuration conf = TestingTools.getBrokerConfig();
Subject alice = fakeKDC.login(ALICE);
UserGroupInformation.loginUserFromSubject(alice);
AccessToken token = refresh(conf);
assertEquals("FakeAccessToken/AuthenticatedUser=" + ALICE + ";Owner=" + ALICE + ";Target=" + MOCK_BUCKET, token.getToken());
UserGroupInformation.setLoginUser(null);
}
Example 6
| Source File: BrokerAccessTokenProviderTest.java From gcp-token-broker with Apache License 2.0 | 5 votes |
|
/**
* Same as testProviderRefresh but with access boundary disabled
*/
@Test
public void testProviderRefreshWithoutAccessBoundary() throws IOException {
TestingTools.startServer(new FakeServer(fakeKDC), grpcCleanup);
Configuration conf = TestingTools.getBrokerConfig();
conf.set("gcp.token.broker.access.boundary.enabled", "false");
Subject alice = fakeKDC.login(ALICE);
UserGroupInformation.loginUserFromSubject(alice);
AccessToken token = refresh(conf);
assertEquals("FakeAccessToken/AuthenticatedUser=" + ALICE + ";Owner=" + ALICE + ";Target=", token.getToken());
UserGroupInformation.setLoginUser(null);
}
Example 7
| Source File: BrokerTokenIdentifierTest.java From gcp-token-broker with Apache License 2.0 | 5 votes |
|
@Test
public void testGetSessionToken() throws IOException {
TestingTools.startServer(new FakeServer(fakeKDC), grpcCleanup);
Configuration conf = TestingTools.getBrokerConfig();
Subject alice = fakeKDC.login(ALICE);
UserGroupInformation.loginUserFromSubject(alice);
String token = getSessionToken(conf);
assertEquals("FakeSessionToken/AuthenticatedUser=" + ALICE + ";Owner=" + ALICE + ";Target=" + MOCK_BUCKET, token);
UserGroupInformation.setLoginUser(null);
}
Example 8
| Source File: BrokerTokenIdentifierTest.java From gcp-token-broker with Apache License 2.0 | 5 votes |
|
/**
* Same as testGetSessionToken but with access boundary disabled
*/
@Test
public void testGetSessionTokenWithoutAccessBoundary() throws IOException {
TestingTools.startServer(new FakeServer(fakeKDC), grpcCleanup);
Configuration conf = TestingTools.getBrokerConfig();
conf.set("gcp.token.broker.access.boundary.enabled", "false");
Subject alice = fakeKDC.login(ALICE);
UserGroupInformation.loginUserFromSubject(alice);
String token = getSessionToken(conf);
assertEquals("FakeSessionToken/AuthenticatedUser=" + ALICE + ";Owner=" + ALICE + ";Target=", token);
UserGroupInformation.setLoginUser(null);
}
Example 9
| Source File: MapRLoginUgiProvider.java From datacollector with Apache License 2.0 | 5 votes |
|
@Override
public UserGroupInformation getLoginUgi(Configuration hdfsConfiguration) throws IOException {
// check system property to see if MapR U/P security is enabled
String maprLoginEnabled = System.getProperty(
MAPR_USERNAME_PASSWORD_SECURITY_ENABLED_KEY,
MAPR_USERNAME_PASSWORD_SECURITY_ENABLED_DEFAULT
);
boolean isMapRLogin = Boolean.parseBoolean(maprLoginEnabled);
AccessControlContext accessControlContext = AccessController.getContext();
Subject subject = Subject.getSubject(accessControlContext);
//HADOOP-13805
HadoopConfigurationUtils.configureHadoopTreatSubjectExternal(hdfsConfiguration);
// SDC-4015 As privateclassloader is false for MapR, UGI is shared and it also needs to be under jvm lock
UserGroupInformation.setConfiguration(hdfsConfiguration);
UserGroupInformation loginUgi;
if (UserGroupInformation.isSecurityEnabled() && !isMapRLogin) {
// The code in this block must only be executed in case Kerberos is enabled.
// MapR implementation of UserGroupInformation.isSecurityEnabled() returns true even if Kerberos is not enabled.
// System property helps to avoid this code path in such a case
loginUgi = UserGroupInformation.getUGIFromSubject(subject);
} else {
UserGroupInformation.loginUserFromSubject(subject);
loginUgi = UserGroupInformation.getLoginUser();
}
if (LOG.isDebugEnabled()) {
LOG.debug(
"Subject = {}, Principals = {}, Login UGI = {}",
subject,
subject == null ? "null" : subject.getPrincipals(),
loginUgi
);
}
return loginUgi;
}
Example 10
| Source File: SSLAndKerberosTest.java From atlas with Apache License 2.0 | 4 votes |
|
public void setUp() throws Exception {
jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri();
String persistDir = TestUtils.getTempDirectory();
setupKDCAndPrincipals();
setupCredentials();
// client will actually only leverage subset of these properties
final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
persistSSLClientConfiguration(configuration);
TestUtils.writeConfiguration(configuration, persistDir + File.separator +
ApplicationProperties.APPLICATION_PROPERTIES);
String confLocation = System.getProperty("atlas.conf");
URL url;
if (confLocation == null) {
url = SSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES);
} else {
url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL();
}
configuration.load(url);
configuration.setProperty(TLS_ENABLED, true);
configuration.setProperty("atlas.authentication.method.kerberos", "true");
configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath());
configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm());
configuration.setProperty("atlas.authentication.method.file", "false");
configuration.setProperty("atlas.authentication.method.trustedproxy", "false");
configuration.setProperty("atlas.authentication.method.kerberos", "true");
configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath());
configuration.setProperty("atlas.authentication.method.kerberos.name.rules",
"RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
configuration.setProperty("atlas.authentication.method.file", "true");
configuration.setProperty("atlas.authentication.method.file.filename", persistDir
+ "/users-credentials");
configuration.setProperty("atlas.auth.policy.file",persistDir
+ "/policy-store.txt" );
TestUtils.writeConfiguration(configuration, persistDir + File.separator +
"atlas-application.properties");
setupUserCredential(persistDir);
setUpPolicyStore(persistDir);
subject = loginTestUser();
UserGroupInformation.loginUserFromSubject(subject);
UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
"testUser",
UserGroupInformation.getLoginUser());
// save original setting
originalConf = System.getProperty("atlas.conf");
System.setProperty("atlas.conf", persistDir);
originalHomeDir = System.getProperty("atlas.home");
System.setProperty("atlas.home", TestUtils.getTargetDirectory());
dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
@Override
public AtlasClient run() throws Exception {
return new AtlasClient(configuration, DGI_URL);
}
});
secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
@Override
public PropertiesConfiguration getConfiguration() {
return configuration;
}
};
secureEmbeddedServer.getServer().start();
}
Example 11
| Source File: SSLAndKerberosTest.java From incubator-atlas with Apache License 2.0 | 4 votes |
|
@BeforeClass
public void setUp() throws Exception {
jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks");
providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri();
String persistDir = TestUtils.getTempDirectory();
setupKDCAndPrincipals();
setupCredentials();
// client will actually only leverage subset of these properties
final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl);
persistSSLClientConfiguration(configuration);
TestUtils.writeConfiguration(configuration, persistDir + File.separator +
ApplicationProperties.APPLICATION_PROPERTIES);
String confLocation = System.getProperty("atlas.conf");
URL url;
if (confLocation == null) {
url = SSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES);
} else {
url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL();
}
configuration.load(url);
configuration.setProperty(TLS_ENABLED, true);
configuration.setProperty("atlas.authentication.method.kerberos", "true");
configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath());
configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm());
configuration.setProperty("atlas.authentication.method.file", "false");
configuration.setProperty("atlas.authentication.method.kerberos", "true");
configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@" + kdc.getRealm());
configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath());
configuration.setProperty("atlas.authentication.method.kerberos.name.rules",
"RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT");
configuration.setProperty("atlas.authentication.method.file", "true");
configuration.setProperty("atlas.authentication.method.file.filename", persistDir
+ "/users-credentials");
configuration.setProperty("atlas.auth.policy.file",persistDir
+ "/policy-store.txt" );
TestUtils.writeConfiguration(configuration, persistDir + File.separator +
"atlas-application.properties");
setupUserCredential(persistDir);
setUpPolicyStore(persistDir);
subject = loginTestUser();
UserGroupInformation.loginUserFromSubject(subject);
UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(
"testUser",
UserGroupInformation.getLoginUser());
// save original setting
originalConf = System.getProperty("atlas.conf");
System.setProperty("atlas.conf", persistDir);
originalHomeDir = System.getProperty("atlas.home");
System.setProperty("atlas.home", TestUtils.getTargetDirectory());
dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() {
@Override
public AtlasClient run() throws Exception {
return new AtlasClient(configuration, DGI_URL);
}
});
secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) {
@Override
public PropertiesConfiguration getConfiguration() {
return configuration;
}
};
secureEmbeddedServer.getServer().start();
}
Example 12
| Source File: CommandAdapter.java From hbase-tools with Apache License 2.0 | 4 votes |
|
public static void loginUserFromSubject(Configuration conf, Subject subject) throws IOException {
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromSubject(subject);
}
Example 13
| Source File: CommandAdapter.java From hbase-tools with Apache License 2.0 | 4 votes |
|
public static void loginUserFromSubject(Configuration conf, Subject subject) throws IOException {
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromSubject(subject);
}
Example 14
| Source File: CommandAdapter.java From hbase-tools with Apache License 2.0 | 4 votes |
|
public static void loginUserFromSubject(Configuration conf, Subject subject) throws IOException {
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromSubject(subject);
}
Example 15
| Source File: CommandAdapter.java From hbase-tools with Apache License 2.0 | 4 votes |
|
public static void loginUserFromSubject(Configuration conf, Subject subject) throws IOException {
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromSubject(subject);
}
