List of usage examples for org.apache.hadoop.security.authentication.util KerberosName hasRulesBeenSet
public static boolean hasRulesBeenSet()
From source file:com.streamsets.datacollector.security.HadoopSecurityUtil.java
License:Apache License
public static UserGroupInformation getLoginUser(Configuration hdfsConfiguration) throws IOException { UserGroupInformation loginUgi;/*from www . j a v a 2s .co m*/ AccessControlContext accessContext = AccessController.getContext(); Subject subject = Subject.getSubject(accessContext); // As per SDC-2917 doing this avoids deadlock synchronized (SecurityUtil.getSubjectDomainLock(accessContext)) { // call some method to force load static block in KerberosName KerberosName.hasRulesBeenSet(); } // This should be always out of sync block UserGroupInformation.setConfiguration(hdfsConfiguration); synchronized (SecurityUtil.getSubjectDomainLock(accessContext)) { if (UserGroupInformation.isSecurityEnabled()) { loginUgi = UserGroupInformation.getUGIFromSubject(subject); } else { UserGroupInformation.loginUserFromSubject(subject); loginUgi = UserGroupInformation.getLoginUser(); } if (LOG.isDebugEnabled()) { LOG.debug("Subject = {}, Principals = {}, Login UGI = {}", subject, subject == null ? "null" : subject.getPrincipals(), loginUgi); } } return loginUgi; }
From source file:org.apache.sentry.service.thrift.GSSCallback.java
License:Apache License
boolean allowConnect(String principal) { String allowedPrincipals = conf.get(ServerConfig.ALLOW_CONNECT); if (allowedPrincipals == null) { return false; }/*from w w w . j a va2 s . co m*/ String principalShortName; if (KerberosName.hasRulesBeenSet()) { try { KerberosName krbName = new KerberosName(principal); principalShortName = krbName.getShortName(); //To accommodate HADOOP-12751 where some versions don't throw NoMatchingRule exception if (principalShortName.equals(principal)) { principalShortName = getShortName(principal); } } catch (NoMatchingRule e) { LoggerFactory.getLogger(GSSCallback.class) .debug("No matching rule found for principal " + principal, e); principalShortName = getShortName(principal); } catch (Exception e) { LoggerFactory.getLogger(GSSCallback.class).debug("Cannot derive short name from KerberosName. " + "Use principal name prefix to authenticate", e); principalShortName = getShortName(principal); } } else { principalShortName = getShortName(principal); } List<String> items = Arrays.asList(allowedPrincipals.split("\\s*,\\s*")); for (String item : items) { if (comparePrincipals(item, principalShortName)) { return true; } } return false; }