Example usage for org.apache.hadoop.security.authentication.util KerberosName hasRulesBeenSet

List of usage examples for org.apache.hadoop.security.authentication.util KerberosName hasRulesBeenSet

  1. HOME
  2. Java
  3. org.apache.hadoop
  4. org.apache.hadoop.security.authentication.util.*
  5. KerberosName
  6. hasRulesBeenSet

Introduction

In this page you can find the example usage for org.apache.hadoop.security.authentication.util KerberosName hasRulesBeenSet.

Prototype

public static boolean hasRulesBeenSet()

Source Link

Document

Indicates if the name rules have been set.

Usage

From source file:com.streamsets.datacollector.security.HadoopSecurityUtil.java

License:Apache License

public static UserGroupInformation getLoginUser(Configuration hdfsConfiguration) throws IOException {
    UserGroupInformation loginUgi;/*from  www . j  a  v a  2s  .co  m*/
    AccessControlContext accessContext = AccessController.getContext();
    Subject subject = Subject.getSubject(accessContext);
    // As per SDC-2917 doing this avoids deadlock
    synchronized (SecurityUtil.getSubjectDomainLock(accessContext)) {
        // call some method to force load static block in KerberosName
        KerberosName.hasRulesBeenSet();
    }
    // This should be always out of sync block
    UserGroupInformation.setConfiguration(hdfsConfiguration);
    synchronized (SecurityUtil.getSubjectDomainLock(accessContext)) {
        if (UserGroupInformation.isSecurityEnabled()) {
            loginUgi = UserGroupInformation.getUGIFromSubject(subject);
        } else {
            UserGroupInformation.loginUserFromSubject(subject);
            loginUgi = UserGroupInformation.getLoginUser();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Subject = {}, Principals = {}, Login UGI = {}", subject,
                    subject == null ? "null" : subject.getPrincipals(), loginUgi);
        }
    }
    return loginUgi;
}

From source file:org.apache.sentry.service.thrift.GSSCallback.java

License:Apache License

boolean allowConnect(String principal) {
    String allowedPrincipals = conf.get(ServerConfig.ALLOW_CONNECT);
    if (allowedPrincipals == null) {
        return false;
    }/*from  w w w  . j a  va2  s .  co  m*/
    String principalShortName;
    if (KerberosName.hasRulesBeenSet()) {
        try {
            KerberosName krbName = new KerberosName(principal);
            principalShortName = krbName.getShortName();
            //To accommodate HADOOP-12751 where some versions don't throw NoMatchingRule exception
            if (principalShortName.equals(principal)) {
                principalShortName = getShortName(principal);
            }
        } catch (NoMatchingRule e) {
            LoggerFactory.getLogger(GSSCallback.class)
                    .debug("No matching rule found for principal " + principal, e);
            principalShortName = getShortName(principal);
        } catch (Exception e) {
            LoggerFactory.getLogger(GSSCallback.class).debug("Cannot derive short name from KerberosName. "
                    + "Use principal name prefix to authenticate", e);
            principalShortName = getShortName(principal);
        }

    } else {
        principalShortName = getShortName(principal);
    }

    List<String> items = Arrays.asList(allowedPrincipals.split("\\s*,\\s*"));
    for (String item : items) {
        if (comparePrincipals(item, principalShortName)) {
            return true;
        }
    }
    return false;
}