Example usage for org.apache.hadoop.security.token.delegation.web HttpUserGroupInformation get

List of usage examples for org.apache.hadoop.security.token.delegation.web HttpUserGroupInformation get

  1. HOME
  2. Java
  3. org.apache.hadoop
  4. org.apache.hadoop.security.token.delegation.web.*
  5. HttpUserGroupInformation
  6. get

Introduction

In this page you can find the example usage for org.apache.hadoop.security.token.delegation.web HttpUserGroupInformation get.

Prototype

public static UserGroupInformation get()

Source Link

Document

Returns the remote UserGroupInformation in context for the current HTTP request, taking into account proxy user requests.

Usage

From source file:org.apache.solr.security.DelegationTokenKerberosFilter.java

License:Apache License

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
        throws IOException, ServletException {
    // HttpClient 4.4.x throws NPE if query string is null and parsed through URLEncodedUtils.
    // See HTTPCLIENT-1746 and HADOOP-12767
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String queryString = httpRequest.getQueryString();
    final String nonNullQueryString = queryString == null ? "" : queryString;
    HttpServletRequest requestNonNullQueryString = new HttpServletRequestWrapper(httpRequest) {
        @Override// w  ww.  ja v a 2s . c  om
        public String getQueryString() {
            return nonNullQueryString;
        }
    };

    // include Impersonator User Name in case someone (e.g. logger) wants it
    FilterChain filterChainWrapper = new FilterChain() {
        @Override
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
                throws IOException, ServletException {
            HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;

            UserGroupInformation ugi = HttpUserGroupInformation.get();
            if (ugi != null
                    && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
                UserGroupInformation realUserUgi = ugi.getRealUser();
                if (realUserUgi != null) {
                    httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME,
                            realUserUgi.getShortUserName());
                }
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    };

    super.doFilter(requestNonNullQueryString, response, filterChainWrapper);
}

From source file:org.apache.sqoop.security.authorization.AuthorizationEngine.java

License:Apache License

private static void checkPrivilege(MPrivilege... privileges) {
    AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler();
    UserGroupInformation user = HttpUserGroupInformation.get();
    String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName();
    MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER);

    // SQOOP-2256: Hack code, do not check privilege when the user is the creator
    // If the user is the owner/creator of this resource, then privilege will
    // not be checked. It is a hack code for the time being. The concept of
    // "Owner" will be added in the future and this code will be removed.
    ArrayList<MPrivilege> privilegesNeedCheck = new ArrayList<MPrivilege>();
    for (MPrivilege privilege : privileges) {
        Repository repository = RepositoryManager.getInstance().getRepository();
        if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType())) {
            MLink link = repository.findLink(Long.valueOf(privilege.getResource().getName()));
            if (!user_name.equals(link.getCreationUser())) {
                privilegesNeedCheck.add(privilege);
            }//w  w w. j  a v a  2 s  . co  m
        } else if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType())) {
            MJob job = repository.findJob(Long.valueOf(privilege.getResource().getName()));
            if (!user_name.equals(job.getCreationUser())) {
                privilegesNeedCheck.add(privilege);
            }
        } else {
            privilegesNeedCheck.add(privilege);
        }
    }

    handler.checkPrivileges(principal, privilegesNeedCheck);
}

From source file:org.apache.sqoop.security.authorization.DefaultAuthenticationProvider.java

License:Apache License

private UserGroupInformation getRemoteUGI() {
    UserGroupInformation ugi = null;//w  w w.  j  ava 2s. c  o m
    try {
        ugi = HttpUserGroupInformation.get();
    } catch (Exception e) {
        throw new SqoopException(SecurityError.AUTH_0011,
                "Unable to get remote authentication from http request", e);
    }

    if (ugi == null) {
        throw new SqoopException(SecurityError.AUTH_0011,
                "Unable to get remote authentication from http request");
    }
    return ugi;
}

From source file:org.apache.sqoop.server.RequestContext.java

License:Apache License

/**
 * Get username specified by custom username HTTP header.
 *
 * @return Name of user sending the request
 */// w w w.j av a2s.  c o m
public String getUserName() {
    if (AuthenticationManager.getAuthenticationHandler().isSecurityEnabled()) {
        return HttpUserGroupInformation.get().getShortUserName();
    } else {
        return request.getParameter(PseudoAuthenticator.USER_NAME);
    }
}