List of usage examples for org.apache.hadoop.security HadoopKerberosName getHostName
public String getHostName()
From source file:joshelser.Server.java
License:Apache License
public static void main(String[] args) throws Exception { Opts opts = new Opts(); opts.parseArgs(Server.class, args); Configuration conf = new Configuration(); FileSystem fs = FileSystem.get(conf); // Parse out the primary/instance@DOMAIN from the principal String principal = SecurityUtil.getServerPrincipal(opts.principal, InetAddress.getLocalHost().getCanonicalHostName()); HadoopKerberosName name = new HadoopKerberosName(principal); String primary = name.getServiceName(); String instance = name.getHostName(); // Log in using the keytab UserGroupInformation.loginUserFromKeytab(principal, opts.keytab); // Get the info from our login UserGroupInformation serverUser = UserGroupInformation.getLoginUser(); log.info("Current user: {}", serverUser); // Open the server using the provide dport TServerSocket serverTransport = new TServerSocket(opts.port); // Wrap our implementation with the interface's processor HdfsService.Processor<Iface> processor = new HdfsService.Processor<Iface>(new HdfsServiceImpl(fs)); // Use authorization and confidentiality Map<String, String> saslProperties = new HashMap<String, String>(); saslProperties.put(Sasl.QOP, "auth-conf"); // Creating the server definition TSaslServerTransport.Factory saslTransportFactory = new TSaslServerTransport.Factory(); saslTransportFactory.addServerDefinition("GSSAPI", // tell SASL to use GSSAPI, which supports Kerberos primary, // kerberos primary for server - "myprincipal" in myprincipal/my.server.com@MY.REALM instance, // kerberos instance for server - "my.server.com" in myprincipal/my.server.com@MY.REALM saslProperties, // Properties set, above new SaslRpcServer.SaslGssCallbackHandler()); // Ensures that authenticated user is the same as the authorized user // Make sure the TTransportFactory is performing a UGI.doAs TTransportFactory ugiTransportFactory = new TUGIAssumingTransportFactory(saslTransportFactory, serverUser); // Processor which takes the UGI for the RPC call, proxy that user on the server login, and then run as the proxied user TUGIAssumingProcessor ugiProcessor = new TUGIAssumingProcessor(processor); // Make a simple TTheadPoolServer with the processor and transport factory TServer server = new TThreadPoolServer(new TThreadPoolServer.Args(serverTransport) .transportFactory(ugiTransportFactory).processor(ugiProcessor)); // Start the thrift server server.serve();// www.ja v a2 s . c o m }