Functions that bridge Thrift's SASL transports to Hadoop's SASL callback handlers and authentication classes. The purpose of these classes is to go between the SASL authenticated ID (Kerberos principal) and the UserGroupInformation class in the JAAS context, when making SASL-authenticated thrift connections. Clients will use the current UGI to authenticate, and servers will create a remote UGI for the connected user before calling through to RPCs. For example, when a kerberos-authenticated Thrift connection comes from Hue, the SASL transport layer will provide the authenticated principal name to the server. This class then creates a UGI instance corresponding to that principal, and calls ugi.doAs(...) to handle the actual RPC -- thus setting up the security context in such a way that the rest of Hadoop will not have to make any distinction between this and any other RPC client. Note that this class only concerns authentication -- no authorization is implied.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.