Package org.apache.hadoop.security

Examples of org.apache.hadoop.security.UserGroupInformation


                      " Must restart agent to use new principal or keytab. " +
                      "Previous = %s, New = %s", prevUser, newUser);

      // attempt to use cached credential if the user is the same
      // this is polite and should avoid flooding the KDC with auth requests
      UserGroupInformation curUser = null;
      if (prevUser != null && prevUser.equals(newUser)) {
        try {
          curUser = UserGroupInformation.getLoginUser();
        } catch (IOException e) {
          LOG.warn("User unexpectedly had no active login. Continuing with " +
                  "authentication", e);
        }
      }

      if (curUser == null || !curUser.getUserName().equals(principal)) {
        try {
          // static login
          kerberosLogin(this, principal, kerbKeytab);
        } catch (IOException e) {
          LOG.error("Authentication or file read error while attempting to "
                  + "login as kerberos principal (" + principal + ") using "
                  + "keytab (" + kerbKeytab + "). Exception follows.", e);
          return false;
        }
      } else {
        LOG.debug("{}: Using existing principal login: {}", this, curUser);
      }

      // we supposedly got through this unscathed... so store the static user
      staticLogin.set(newUser);
    }

    // hadoop impersonation works with or without kerberos security
    proxyTicket = null;
    if (!proxyUserName.isEmpty()) {
      try {
        proxyTicket = UserGroupInformation.createProxyUser(
                proxyUserName, UserGroupInformation.getLoginUser());
      } catch (IOException e) {
        LOG.error("Unable to login as proxy user. Exception follows.", e);
        return false;
      }
    }

    UserGroupInformation ugi = null;
    if (proxyTicket != null) {
      ugi = proxyTicket;
    } else if (useSecurity) {
      try {
        ugi = UserGroupInformation.getLoginUser();
      } catch (IOException e) {
        LOG.error("Unexpected error: Unable to get authenticated user after " +
                "apparent successful login! Exception follows.", e);
        return false;
      }
    }

    if (ugi != null) {
      // dump login information
      AuthenticationMethod authMethod = ugi.getAuthenticationMethod();
      LOG.info("Auth method: {}", authMethod);
      LOG.info(" User name: {}", ugi.getUserName());
      LOG.info(" Using keytab: {}", ugi.isFromKeytab());
      if (authMethod == AuthenticationMethod.PROXY) {
        UserGroupInformation superUser;
        try {
          superUser = UserGroupInformation.getLoginUser();
          LOG.info(" Superuser auth: {}", superUser.getAuthenticationMethod());
          LOG.info(" Superuser name: {}", superUser.getUserName());
          LOG.info(" Superuser using keytab: {}", superUser.isFromKeytab());
        } catch (IOException e) {
          LOG.error("Unexpected error: unknown superuser impersonating proxy.",
                  e);
          return false;
        }
View Full Code Here


  private static synchronized UserGroupInformation kerberosLogin(
          HDFSEventSink sink, String principal, String keytab) throws IOException {

    // if we are the 2nd user thru the lock, the login should already be
    // available statically if login was successful
    UserGroupInformation curUser = null;
    try {
      curUser = UserGroupInformation.getLoginUser();
    } catch (IOException e) {
      // not a big deal but this shouldn't typically happen because it will
      // generally fall back to the UNIX user
      LOG.debug("Unable to get login user before Kerberos auth attempt.", e);
    }

    // we already have logged in successfully
    if (curUser != null && curUser.getUserName().equals(principal)) {
      LOG.debug("{}: Using existing principal ({}): {}",
              new Object[]{sink, principal, curUser});

      // no principal found
    } else {
View Full Code Here

    // add recurring arguments
    addArgument(input, "-input", argsList);

    if (StringUtils.hasText(user)) {
      UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
      ugi.doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
          job = new Job(createStreamJob(cfg, argsList.toArray(new String[argsList.size()])));
          return null;
View Full Code Here

    final Configuration cfg = JobConfUtils.createFrom(configuration, properties);

    buildGenericOptions(cfg);

    if (StringUtils.hasText(user)) {
      UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
      ugi.doAs(new PrivilegedExceptionAction<Void>() {

        @Override
        public Void run() throws Exception {
          job = new Job(cfg);
          return null;
View Full Code Here

      parsedArguments.addAll(Arrays.asList(StringUtils.tokenizeToStringArray(arg, " ")));
    }

    try {
      if (StringUtils.hasText(user)) {
        UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser());
        ugi.doAs(new PrivilegedExceptionAction<Void>() {
          @Override
          public Void run() throws Exception {
            invokeCopy(configuration, parsedArguments.toArray(new String[parsedArguments.size()]));
            return null;
          }
View Full Code Here

      //ExecutionUtils.earlyLeaseDaemonInit(cfg);

      th.setContextClassLoader(newCL);

      if (StringUtils.hasText(user)) {
        UserGroupInformation ugi = UserGroupInformation.createProxyUser(user,
            UserGroupInformation.getLoginUser());

        return ugi.doAs(new PrivilegedExceptionAction<Integer>() {
          @Override
          public Integer run() throws Exception {
            return invokeTarget(cfg, target, type, arguments);
          }
        });
View Full Code Here

    if (conf.get(NAME_NODE_PROPERTY) == null || conf.getTrimmed(NAME_NODE_PROPERTY).length() == 0) {
      throw new HadoopException(HadoopException.ERROR.H06, NAME_NODE_PROPERTY);
    }
    try {
      validateNamenode(new URI(conf.get(NAME_NODE_PROPERTY)).getAuthority());
      UserGroupInformation ugi = getUGI(user);
      return ugi.doAs(new PrivilegedExceptionAction<T>() {
        public T run() throws Exception {
          Configuration namenodeConf = createNameNodeConf(conf);
          FileSystem fs = createFileSystem(namenodeConf);
          Instrumentation instrumentation = getServer().get(Instrumentation.class);
          Instrumentation.Cron cron = instrumentation.createCron();
View Full Code Here

      throw new HadoopException(HadoopException.ERROR.H06, NAME_NODE_PROPERTY);
    }
    try {
      validateJobtracker(new URI(conf.get(JOB_TRACKER_PROPERTY)).getAuthority());
      validateNamenode(new URI(conf.get(NAME_NODE_PROPERTY)).getAuthority());
      UserGroupInformation ugi = getUGI(user);
      return ugi.doAs(new PrivilegedExceptionAction<T>() {
        public T run() throws Exception {
          JobConf jobtrackerConf = createJobTrackerConf(conf);
          Configuration namenodeConf = createNameNodeConf(conf);
          JobClient jobClient = createJobClient(jobtrackerConf);
          try {
View Full Code Here

    throws IOException, HadoopException {
    Check.notEmpty(user, "user");
    Check.notNull(conf, "conf");
    try {
      validateNamenode(new URI(conf.get(NAME_NODE_PROPERTY)).getAuthority());
      UserGroupInformation ugi = getUGI(user);
      return ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
        public FileSystem run() throws Exception {
          Configuration namenodeConf = createNameNodeConf(conf);
          return createFileSystem(namenodeConf);
        }
      });
View Full Code Here

        TEST_SERVLET_TL.set(createServer());
      }
    }

    private void createHadoopTempDir(String user, final Path testDir) throws Exception {
      UserGroupInformation ugi = UserGroupInformation.createProxyUser(user,
                                                                      UserGroupInformation.getCurrentUser());
      ugi.doAs(new PrivilegedExceptionAction<Void>() {
        @Override
        public Void run() throws Exception {
          FileSystem fs = FileSystem.get(HADOOP_CONF);
          fs.delete(testDir, true);
          fs.mkdirs(testDir);
View Full Code Here

TOP

Related Classes of org.apache.hadoop.security.UserGroupInformation

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.