List of usage examples for org.apache.hadoop.fs CommonConfigurationKeysPublic HADOOP_SECURITY_AUTHENTICATION
String HADOOP_SECURITY_AUTHENTICATION
To view the source code for org.apache.hadoop.fs CommonConfigurationKeysPublic HADOOP_SECURITY_AUTHENTICATION.
Click Source Link
From source file:io.druid.security.kerberos.DruidKerberosUtil.java
License:Apache License
public static void authenticateIfRequired(AuthenticationKerberosConfig config) throws IOException { String principal = config.getPrincipal(); String keytab = config.getKeytab(); if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(keytab)) { Configuration conf = new Configuration(); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); try {//w ww .j a v a 2s .c om if (UserGroupInformation.getCurrentUser().hasKerberosCredentials() == false || !UserGroupInformation.getCurrentUser().getUserName().equals(principal)) { log.info("trying to authenticate user [%s] with keytab [%s]", principal, keytab); UserGroupInformation.loginUserFromKeytab(principal, keytab); } } catch (IOException e) { throw new ISE(e, "Failed to authenticate user principal [%s] with keytab [%s]", principal, keytab); } } }
From source file:ms.dew.core.hbase.HBaseAutoConfiguration.java
License:Apache License
/** * To build the HBase configuration./*from w w w . j a v a 2s . c o m*/ * * @param hbaseProperties the hbase properties * @return hbase configuration */ @Bean public org.apache.hadoop.conf.Configuration configuration(HBaseProperties hbaseProperties) { org.apache.hadoop.conf.Configuration conf = HBaseConfiguration.create(); conf.set(HConstants.ZOOKEEPER_QUORUM, hbaseProperties.getZkQuorum()); conf.set(HConstants.ZOOKEEPER_ZNODE_PARENT, hbaseProperties.getZnodeParent()); conf.setInt(HConstants.ZOOKEEPER_CLIENT_PORT, hbaseProperties.getZkPort()); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, hbaseProperties.getAuth().getType()); conf.set("hbase.security.authentication", hbaseProperties.getAuth().getType()); conf.setInt(HConstants.HBASE_CLIENT_RETRIES_NUMBER, hbaseProperties.getAuth().getHbaseClientRetriesNumber()); conf.setInt(HConstants.HBASE_CLIENT_PAUSE, hbaseProperties.getAuth().getHbaseClientPause()); conf.setLong(HConstants.HBASE_CLIENT_OPERATION_TIMEOUT, hbaseProperties.getAuth().getHbaseClientOperationTimeout()); conf.setLong(HConstants.HBASE_CLIENT_SCANNER_TIMEOUT_PERIOD, hbaseProperties.getAuth().getHbaseClientScannerTimeoutPeriod()); if ("kerberos".equalsIgnoreCase(hbaseProperties.getAuth().getType())) { conf.set("hbase.master.kerberos.principal", hbaseProperties.getAuth().getHbaseMasterPrincipal()); conf.set("hbase.regionserver.kerberos.principal", hbaseProperties.getAuth().getHbaseRegionServerPrincipal()); } return conf; }
From source file:org.apache.accumulo.core.client.impl.ThriftTransportKeyTest.java
License:Apache License
@Before public void setup() throws Exception { System.setProperty("java.security.krb5.realm", "accumulo"); System.setProperty("java.security.krb5.kdc", "fake"); Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); }
From source file:org.apache.accumulo.core.clientImpl.ThriftTransportKeyTest.java
License:Apache License
@Before public void setup() { System.setProperty("java.security.krb5.realm", "accumulo"); System.setProperty("java.security.krb5.kdc", "fake"); Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); }
From source file:org.apache.accumulo.core.rpc.SaslConnectionParamsTest.java
License:Apache License
@Before public void setup() throws Exception { System.setProperty("java.security.krb5.realm", "accumulo"); System.setProperty("java.security.krb5.kdc", "fake"); Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); testUser = UserGroupInformation.createUserForTesting("test_user", new String[0]); username = testUser.getUserName();/*from w w w . j a v a2 s .c om*/ }
From source file:org.apache.accumulo.harness.conf.AccumuloMiniClusterConfiguration.java
License:Apache License
@Override public AuthenticationToken getAdminToken() { if (saslEnabled) { // Turn on Kerberos authentication so UGI acts properly final Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); ClusterUser rootUser = AccumuloClusterHarness.getKdc().getRootUser(); try {//from ww w . j a v a 2 s. c om UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()); return new KerberosToken(); } catch (IOException e) { throw new RuntimeException(e); } } else { String password = conf.get(ACCUMULO_MINI_PASSWORD_KEY); if (null == password) { password = ACCUMULO_MINI_PASSWORD_DEFAULT; } return new PasswordToken(password); } }
From source file:org.apache.accumulo.harness.MiniClusterHarness.java
License:Apache License
protected void configureForKerberos(MiniAccumuloConfigImpl cfg, File folder, Configuration coreSite, TestingKdc kdc) throws Exception { Map<String, String> siteConfig = cfg.getSiteConfig(); if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) { throw new RuntimeException("Cannot use both SSL and SASL/Kerberos"); }/*from w w w . j ava2 s.c o m*/ if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SASL_ENABLED.getKey()))) { // already enabled return; } if (null == kdc) { throw new IllegalStateException("MiniClusterKdc was null"); } log.info("Enabling Kerberos/SASL for minicluster"); // Turn on SASL and set the keytab/principal information cfg.setProperty(Property.INSTANCE_RPC_SASL_ENABLED, "true"); ClusterUser serverUser = kdc.getAccumuloServerUser(); cfg.setProperty(Property.GENERAL_KERBEROS_KEYTAB, serverUser.getKeytab().getAbsolutePath()); cfg.setProperty(Property.GENERAL_KERBEROS_PRINCIPAL, serverUser.getPrincipal()); cfg.setProperty(Property.INSTANCE_SECURITY_AUTHENTICATOR, KerberosAuthenticator.class.getName()); cfg.setProperty(Property.INSTANCE_SECURITY_AUTHORIZOR, KerberosAuthorizor.class.getName()); cfg.setProperty(Property.INSTANCE_SECURITY_PERMISSION_HANDLER, KerberosPermissionHandler.class.getName()); // Piggy-back on the "system user" credential, but use it as a normal KerberosToken, not the SystemToken. cfg.setProperty(Property.TRACE_USER, serverUser.getPrincipal()); cfg.setProperty(Property.TRACE_TOKEN_TYPE, KerberosToken.CLASS_NAME); // Pass down some KRB5 debug properties Map<String, String> systemProperties = cfg.getSystemProperties(); systemProperties.put(JAVA_SECURITY_KRB5_CONF, System.getProperty(JAVA_SECURITY_KRB5_CONF, "")); systemProperties.put(SUN_SECURITY_KRB5_DEBUG, System.getProperty(SUN_SECURITY_KRB5_DEBUG, "false")); cfg.setSystemProperties(systemProperties); // Make sure UserGroupInformation will do the correct login coreSite.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); cfg.setRootUserName(kdc.getRootUser().getPrincipal()); }
From source file:org.apache.accumulo.harness.SharedMiniClusterBase.java
License:Apache License
/** * Starts a MiniAccumuloCluster instance with the default configuration but also provides the caller the opportunity to update the configuration before the * MiniAccumuloCluster is started.//from www .j a va 2s . c om * * @param miniClusterCallback * A callback to configure the minicluster before it is started. */ public static void startMiniClusterWithConfig(MiniClusterConfigurationCallback miniClusterCallback) throws Exception { File baseDir = new File(System.getProperty("user.dir") + "/target/mini-tests"); assertTrue(baseDir.mkdirs() || baseDir.isDirectory()); // Make a shared MAC instance instead of spinning up one per test method MiniClusterHarness harness = new MiniClusterHarness(); if (TRUE.equals(System.getProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION))) { krb = new TestingKdc(); krb.start(); // Enabled krb auth Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); // Login as the client ClusterUser rootUser = krb.getRootUser(); // Get the krb token UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()); token = new KerberosToken(); } else { rootPassword = "rootPasswordShared1"; token = new PasswordToken(rootPassword); } cluster = harness.create(SharedMiniClusterBase.class.getName(), System.currentTimeMillis() + "_" + new Random().nextInt(Short.MAX_VALUE), token, miniClusterCallback, krb); cluster.start(); if (null != krb) { final String traceTable = Property.TRACE_TABLE.getDefaultValue(); final ClusterUser systemUser = krb.getAccumuloServerUser(), rootUser = krb.getRootUser(); // Login as the trace user // Open a connector as the system user (ensures the user will exist for us to assign permissions to) UserGroupInformation.loginUserFromKeytab(systemUser.getPrincipal(), systemUser.getKeytab().getAbsolutePath()); Connector conn = cluster.getConnector(systemUser.getPrincipal(), new KerberosToken()); // Then, log back in as the "root" user and do the grant UserGroupInformation.loginUserFromKeytab(rootUser.getPrincipal(), rootUser.getKeytab().getAbsolutePath()); conn = cluster.getConnector(principal, token); // Create the trace table conn.tableOperations().create(traceTable); // Trace user (which is the same kerberos principal as the system user, but using a normal KerberosToken) needs // to have the ability to read, write and alter the trace table conn.securityOperations().grantTablePermission(systemUser.getPrincipal(), traceTable, TablePermission.READ); conn.securityOperations().grantTablePermission(systemUser.getPrincipal(), traceTable, TablePermission.WRITE); conn.securityOperations().grantTablePermission(systemUser.getPrincipal(), traceTable, TablePermission.ALTER_TABLE); } }
From source file:org.apache.accumulo.harness.SharedMiniClusterIT.java
License:Apache License
@BeforeClass public static void startMiniCluster() throws Exception { File baseDir = new File(System.getProperty("user.dir") + "/target/mini-tests"); baseDir.mkdirs();//from ww w . j ava 2 s .c o m // Make a shared MAC instance instead of spinning up one per test method MiniClusterHarness harness = new MiniClusterHarness(); if (TRUE.equals(System.getProperty(MiniClusterHarness.USE_KERBEROS_FOR_IT_OPTION))) { krb = new TestingKdc(); krb.start(); // Enabled krb auth Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); // Login as the client UserGroupInformation.loginUserFromKeytab(krb.getClientPrincipal(), krb.getClientKeytab().getAbsolutePath()); // Get the krb token principal = krb.getClientPrincipal(); token = new KerberosToken(principal); } else { rootPassword = "rootPasswordShared1"; token = new PasswordToken(rootPassword); } cluster = harness.create(SharedMiniClusterIT.class.getName(), System.currentTimeMillis() + "_" + new Random().nextInt(Short.MAX_VALUE), token, krb); cluster.start(); }
From source file:org.apache.accumulo.test.functional.KerberosIT.java
License:Apache License
@Before public void startMac() throws Exception { MiniClusterHarness harness = new MiniClusterHarness(); mac = harness.create(this, new PasswordToken("unused"), kdc, new MiniClusterConfigurationCallback() { @Override/*from w w w . jav a2 s . co m*/ public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration coreSite) { Map<String, String> site = cfg.getSiteConfig(); site.put(Property.INSTANCE_ZK_TIMEOUT.getKey(), "15s"); cfg.setSiteConfig(site); } }); mac.getConfig().setNumTservers(1); mac.start(); // Enabled kerberos auth Configuration conf = new Configuration(false); conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); }