List of usage examples for org.apache.hadoop.security Groups Groups
public Groups(Configuration conf)
From source file:com.cloudera.llama.server.AuthzTProcessor.java
License:Apache License
public AuthzTProcessor(ServerConfiguration sConf, boolean isAdmin, TProcessor tProcessor) { userType = (isAdmin) ? "admin" : "client"; groupsMapping = new Groups(sConf.getConf()); String[] users = (isAdmin) ? sConf.getAdminUserACL() : sConf.getClientUserACL(); String[] groups = (isAdmin) ? sConf.getAdminGroupACL() : sConf.getClientGroupACL(); allAllowed = users == null && groups == null; usersACL = new TreeSet<String>(); groupsACL = new TreeSet<String>(); if (!allAllowed) { if (users != null) { for (String u : users) { usersACL.add(u);/*from ww w . j ava2 s. c om*/ } } if (groups != null) { for (String g : groups) { groupsACL.add(g); } } } else { LOG.warn("Authorization enforcement is disabled, '{}' user ACL set to '{}'", userType, ServerConfiguration.ACL_DEFAULT); } this.tProcessor = tProcessor; }
From source file:org.apache.atlas.web.security.AtlasAbstractAuthenticationProvider.java
License:Apache License
public static List<GrantedAuthority> getAuthoritiesFromUGI(String userName) { List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>(); UserGroupInformation ugi = UserGroupInformation.createRemoteUser(userName); if (ugi != null) { String[] userGroups = ugi.getGroupNames(); if (userGroups != null) { for (String group : userGroups) { grantedAuths.add(new SimpleGrantedAuthority(group)); }// www. j a v a2s.co m } } // if group empty take groups from UGI LDAP-based group mapping if (grantedAuths != null && grantedAuths.isEmpty()) { try { Configuration config = new Configuration(); Groups gp = new Groups(config); List<String> userGroups = gp.getGroups(userName); if (userGroups != null) { for (String group : userGroups) { grantedAuths.add(new SimpleGrantedAuthority(group)); } } } catch (java.io.IOException e) { LOG.error("Exception while fetching groups ", e); } } return grantedAuths; }
From source file:org.apache.falcon.service.GroupsService.java
License:Apache License
/** * Initializes the service. */ @Override public void init() { hGroups = new Groups(new Configuration(true)); }
From source file:org.apache.hive.hcatalog.templeton.ProxyUserSupport.java
License:Apache License
private static void validateGroup(String proxyUser, String doAsUser) throws NotAuthorizedException { Set<String> validGroups = proxyUserGroups.get(proxyUser); if (validGroups == WILD_CARD) { return;//from w w w . j av a 2s .c om } else if (validGroups == null || validGroups.isEmpty()) { throw new NotAuthorizedException( MessageFormat.format("Unauthorized proxyuser [{0}] for doAsUser [{1}], not in proxyuser groups", proxyUser, doAsUser)); } Groups groupsInfo = new Groups(Main.getAppConfigInstance()); try { List<String> userGroups = groupsInfo.getGroups(doAsUser); for (String g : validGroups) { if (userGroups.contains(g)) { return; } } } catch (IOException ex) {//thrown, for example, if there is no such user on the system LOG.warn(MessageFormat.format("Unable to get list of groups for doAsUser [{0}].", doAsUser), ex); } throw new NotAuthorizedException(MessageFormat.format( "Unauthorized proxyuser [{0}] for doAsUser [{1}], not in proxyuser groups", proxyUser, doAsUser)); }
From source file:org.apache.impala.yarn.server.resourcemanager.scheduler.fair.QueuePlacementPolicy.java
License:Apache License
public QueuePlacementPolicy(List<QueuePlacementRule> rules, Map<FSQueueType, Set<String>> configuredQueues, Configuration conf) throws AllocationConfigurationException { for (int i = 0; i < rules.size() - 1; i++) { if (rules.get(i).isTerminal()) { throw new AllocationConfigurationException( "Rules after rule " + i + " in queue placement policy can never be reached"); }/* w w w .j a v a 2s.c o m*/ } if (!rules.get(rules.size() - 1).isTerminal()) { throw new AllocationConfigurationException( "Could get past last queue placement rule without assigning"); } this.rules = rules; this.configuredQueues = configuredQueues; this.conf_ = conf; groups = new Groups(conf); }
From source file:org.apache.sentry.provider.common.HadoopGroupResourceAuthorizationProvider.java
License:Apache License
private static Groups getGroups(Configuration conf) { if (conf.getBoolean(USE_NEW_GROUPS, false)) { return new Groups(conf); } else {//from ww w . j a v a 2s. com return Groups.getUserToGroupsMappingService(conf); } }
From source file:org.apache.zeppelin.realm.jwt.KnoxJwtRealm.java
License:Apache License
@Override protected void onInit() { super.onInit(); if (principalMapping != null && !principalMapping.isEmpty() || groupPrincipalMapping != null && !groupPrincipalMapping.isEmpty()) { try {//from w w w . ja v a 2 s.c om mapper.loadMappingTable(principalMapping, groupPrincipalMapping); } catch (PrincipalMappingException e) { LOGGER.error("PrincipalMappingException in onInit", e); } } try { hadoopConfig = new Configuration(); hadoopGroups = new Groups(hadoopConfig); } catch (final Exception e) { LOGGER.error("Exception in onInit", e); } }
From source file:org.apache.zeppelin.realm.kerberos.KerberosRealm.java
License:Apache License
/** * Initializes the KerberosRealm by 'kinit'ing using principal and keytab. * <p>//from ww w. jav a 2 s. c o m * It creates a Kerberos context using the principal and keytab specified in * the Shiro configuration. * <p> * This method should be called only once. * * @throws RuntimeException thrown if the handler could not be initialized. */ @Override protected void onInit() { super.onInit(); config = getConfiguration(); try { if (principal == null || principal.trim().length() == 0) { throw new RuntimeException("Principal not defined in configuration"); } if (keytab == null || keytab.trim().length() == 0) { throw new RuntimeException("Keytab not defined in configuration"); } File keytabFile = new File(keytab); if (!keytabFile.exists()) { throw new RuntimeException("Keytab file does not exist: " + keytab); } // use all SPNEGO principals in the keytab if a principal isn't // specifically configured final String[] spnegoPrincipals; if (principal.equals("*")) { spnegoPrincipals = KerberosUtil.getPrincipalNames(keytab, Pattern.compile("HTTP/.*")); if (spnegoPrincipals.length == 0) { throw new RuntimeException("Principals do not exist in the keytab"); } } else { spnegoPrincipals = new String[] { principal }; } KeyTab keytabInstance = KeyTab.getInstance(keytabFile); serverSubject = new Subject(); serverSubject.getPrivateCredentials().add(keytabInstance); for (String spnegoPrincipal : spnegoPrincipals) { Principal krbPrincipal = new KerberosPrincipal(spnegoPrincipal); LOG.info("Using keytab {}, for principal {}", keytab, krbPrincipal); serverSubject.getPrincipals().add(krbPrincipal); } if (nameRules == null || nameRules.trim().length() == 0) { LOG.warn("No auth_to_local rules defined, DEFAULT will be used."); nameRules = "DEFAULT"; } KerberosName.setRules(nameRules); if (null == gssManager) { try { gssManager = Subject.doAs(serverSubject, new PrivilegedExceptionAction<GSSManager>() { @Override public GSSManager run() { return GSSManager.getInstance(); } }); LOG.trace("SPNEGO gssManager initialized."); } catch (PrivilegedActionException ex) { throw ex.getException(); } } if (null == signer) { initializeSecretProvider(); } Configuration hadoopConfig = new Configuration(); hadoopGroups = new Groups(hadoopConfig); } catch (Exception ex) { throw new RuntimeException(ex); } }