List of usage examples for org.apache.hadoop.security.token.delegation.web HttpUserGroupInformation get
public static UserGroupInformation get()
From source file:org.apache.solr.security.DelegationTokenKerberosFilter.java
License:Apache License
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { // HttpClient 4.4.x throws NPE if query string is null and parsed through URLEncodedUtils. // See HTTPCLIENT-1746 and HADOOP-12767 HttpServletRequest httpRequest = (HttpServletRequest) request; String queryString = httpRequest.getQueryString(); final String nonNullQueryString = queryString == null ? "" : queryString; HttpServletRequest requestNonNullQueryString = new HttpServletRequestWrapper(httpRequest) { @Override// w ww. ja v a 2s . c om public String getQueryString() { return nonNullQueryString; } }; // include Impersonator User Name in case someone (e.g. logger) wants it FilterChain filterChainWrapper = new FilterChain() { @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; UserGroupInformation ugi = HttpUserGroupInformation.get(); if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) { UserGroupInformation realUserUgi = ugi.getRealUser(); if (realUserUgi != null) { httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName()); } } filterChain.doFilter(servletRequest, servletResponse); } }; super.doFilter(requestNonNullQueryString, response, filterChainWrapper); }
From source file:org.apache.sqoop.security.authorization.AuthorizationEngine.java
License:Apache License
private static void checkPrivilege(MPrivilege... privileges) { AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler(); UserGroupInformation user = HttpUserGroupInformation.get(); String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName(); MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER); // SQOOP-2256: Hack code, do not check privilege when the user is the creator // If the user is the owner/creator of this resource, then privilege will // not be checked. It is a hack code for the time being. The concept of // "Owner" will be added in the future and this code will be removed. ArrayList<MPrivilege> privilegesNeedCheck = new ArrayList<MPrivilege>(); for (MPrivilege privilege : privileges) { Repository repository = RepositoryManager.getInstance().getRepository(); if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType())) { MLink link = repository.findLink(Long.valueOf(privilege.getResource().getName())); if (!user_name.equals(link.getCreationUser())) { privilegesNeedCheck.add(privilege); }//w w w. j a v a 2 s . co m } else if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType())) { MJob job = repository.findJob(Long.valueOf(privilege.getResource().getName())); if (!user_name.equals(job.getCreationUser())) { privilegesNeedCheck.add(privilege); } } else { privilegesNeedCheck.add(privilege); } } handler.checkPrivileges(principal, privilegesNeedCheck); }
From source file:org.apache.sqoop.security.authorization.DefaultAuthenticationProvider.java
License:Apache License
private UserGroupInformation getRemoteUGI() { UserGroupInformation ugi = null;//w w w. j ava 2s. c o m try { ugi = HttpUserGroupInformation.get(); } catch (Exception e) { throw new SqoopException(SecurityError.AUTH_0011, "Unable to get remote authentication from http request", e); } if (ugi == null) { throw new SqoopException(SecurityError.AUTH_0011, "Unable to get remote authentication from http request"); } return ugi; }
From source file:org.apache.sqoop.server.RequestContext.java
License:Apache License
/** * Get username specified by custom username HTTP header. * * @return Name of user sending the request */// w w w.j av a2s. c o m public String getUserName() { if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) { return HttpUserGroupInformation.get().getShortUserName(); } else { return request.getParameter(PseudoAuthenticator.USER_NAME); } }