List of usage examples for org.apache.hadoop.security UserGroupInformation createProxyUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createProxyUser(String user, UserGroupInformation realUser)
From source file:org.apache.oozie.action.hadoop.KerberosDoAs.java
License:Open Source License
public Void call() throws Exception { final Callable<Void> callable = getCallable(); UserGroupInformation ugi = UserGroupInformation.createProxyUser(getUser(), UserGroupInformation.getLoginUser()); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { callable.call();/* w w w. ja va2 s . c o m*/ return null; } }); return null; }
From source file:org.apache.oozie.action.hadoop.MainTestCase.java
License:Apache License
public static void execute(String user, final Callable<Void> callable) throws Exception { UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { callable.call();/*from w w w . ja va2s. c o m*/ return null; } }); }
From source file:org.apache.oozie.dependency.HCatURIHandler.java
License:Apache License
private HCatClientWithToken getHCatClient(URI uri, Configuration conf, String user) throws HCatAccessorException { final HiveConf hiveConf = getHiveConf(uri, conf); String delegationToken = null; try {/*from w ww.ja v a 2 s . c om*/ // Get UGI to doAs() as the specified user UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); // Define the label for the Delegation Token for the HCat instance. hiveConf.set("hive.metastore.token.signature", "HCatTokenSignature"); if (hiveConf.getBoolean(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname, false)) { HCatClient tokenClient = null; try { // Retrieve Delegation token for HCatalog tokenClient = HCatClient.create(hiveConf); delegationToken = tokenClient.getDelegationToken(user, UserGroupInformation.getLoginUser().getUserName()); // Store Delegation token in the UGI Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(); token.decodeFromUrlString(delegationToken); token.setService(new Text(hiveConf.get("hive.metastore.token.signature"))); ugi.addToken(token); } finally { if (tokenClient != null) { tokenClient.close(); } } } XLog.getLog(HCatURIHandler.class).info( "Creating HCatClient for user [{0}] login_user [{1}] and server [{2}] ", user, UserGroupInformation.getLoginUser(), hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname)); HCatClient hcatClient = ugi.doAs(new PrivilegedExceptionAction<HCatClient>() { @Override public HCatClient run() throws Exception { HCatClient client = HCatClient.create(hiveConf); return client; } }); HCatClientWithToken clientWithToken = new HCatClientWithToken(hcatClient, delegationToken); return clientWithToken; } catch (IOException e) { throw new HCatAccessorException(ErrorCode.E1501, e.getMessage()); } catch (Exception e) { throw new HCatAccessorException(ErrorCode.E1501, e.getMessage()); } }
From source file:org.apache.oozie.service.KerberosHadoopAccessorService.java
License:Open Source License
private UserGroupInformation getUGI(String user) throws IOException { UserGroupInformation ugi = userUgiMap.get(user); if (ugi == null) { // taking care of a race condition, the latest UGI will be discarded ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); userUgiMap.putIfAbsent(user, ugi); }//from www . j av a 2 s . com return ugi; }
From source file:org.apache.oozie.service.UserGroupInformationService.java
License:Apache License
public UserGroupInformation getProxyUser(String user) throws IOException { cache.putIfAbsent(user, UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser())); return cache.get(user); }
From source file:org.apache.reef.runtime.yarn.client.unmanaged.YarnProxyUser.java
License:Apache License
/** * Create YARN proxy user and add security tokens to its credentials. * This method can be called only once per class instance. * @param proxyName Name of the new proxy user. * @param hostUGI YARN user to impersonate the proxy. * @param tokens Security tokens to add to the new proxy user's credentials. *//* w w w. j a v a2s. c o m*/ @SafeVarargs public final void set(final String proxyName, final UserGroupInformation hostUGI, final Token<? extends TokenIdentifier>... tokens) { assert this.proxyUGI == null; this.proxyUGI = UserGroupInformation.createProxyUser(proxyName, hostUGI); for (final Token<? extends TokenIdentifier> token : tokens) { this.proxyUGI.addToken(token); } LOG.log(Level.FINE, "UGI: user {0} set to: {1}", new Object[] { proxyName, this }); }
From source file:org.apache.sqoop.connector.hdfs.security.SecurityUtils.java
License:Apache License
/** * Creates proxy user for user who submitted the Sqoop job (e.g. who has issued the "start job" commnad) *///w ww . j av a2 s . c om static public UserGroupInformation createProxyUser(TransferableContext context) throws IOException { return UserGroupInformation.createProxyUser(context.getUser(), UserGroupInformation.getLoginUser()); }
From source file:org.apache.storm.hbase.security.AutoHBase.java
License:Apache License
@SuppressWarnings("unchecked") protected byte[] getHadoopCredentials(Map conf) { try {//from w w w .j a va 2 s.c o m final Configuration hbaseConf = HBaseConfiguration.create(); if (UserGroupInformation.isSecurityEnabled()) { final String topologySubmitterUser = (String) conf.get(Config.TOPOLOGY_SUBMITTER_PRINCIPAL); UserProvider provider = UserProvider.instantiate(hbaseConf); hbaseConf.set(HBASE_KEYTAB_FILE_KEY, hbaseKeytab); hbaseConf.set(HBASE_PRINCIPAL_KEY, hbasePrincipal); provider.login(HBASE_KEYTAB_FILE_KEY, HBASE_PRINCIPAL_KEY, InetAddress.getLocalHost().getCanonicalHostName()); LOG.info("Logged into Hbase as principal = " + conf.get(HBASE_PRINCIPAL_KEY)); UserGroupInformation.setConfiguration(hbaseConf); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); final UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(topologySubmitterUser, ugi); User user = User.create(ugi); if (user.isHBaseSecurityEnabled(hbaseConf)) { TokenUtil.obtainAndCacheToken(hbaseConf, proxyUser); LOG.info("Obtained HBase tokens, adding to user credentials."); Credentials credential = proxyUser.getCredentials(); ByteArrayOutputStream bao = new ByteArrayOutputStream(); ObjectOutputStream out = new ObjectOutputStream(bao); credential.write(out); out.flush(); out.close(); return bao.toByteArray(); } else { throw new RuntimeException("Security is not enabled for HBase."); } } else { throw new RuntimeException("Security is not enabled for Hadoop"); } } catch (Exception ex) { throw new RuntimeException("Failed to get delegation tokens.", ex); } }
From source file:org.apache.storm.hbase.security.AutoHBaseNimbus.java
License:Apache License
@SuppressWarnings("unchecked") protected byte[] getHadoopCredentials(Map<String, Object> conf, Configuration hbaseConf, final String topologySubmitterUser) { try {// w w w. j a v a2 s .c om if (UserGroupInformation.isSecurityEnabled()) { UserProvider provider = UserProvider.instantiate(hbaseConf); provider.login(HBASE_KEYTAB_FILE_KEY, HBASE_PRINCIPAL_KEY, InetAddress.getLocalHost().getCanonicalHostName()); LOG.info("Logged into Hbase as principal = " + hbaseConf.get(HBASE_PRINCIPAL_KEY)); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); final UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(topologySubmitterUser, ugi); User user = User.create(proxyUser); if (user.isHBaseSecurityEnabled(hbaseConf)) { final Connection connection = ConnectionFactory.createConnection(hbaseConf, user); TokenUtil.obtainAndCacheToken(connection, user); LOG.info("Obtained HBase tokens, adding to user credentials."); Credentials credential = proxyUser.getCredentials(); for (Token<? extends TokenIdentifier> tokenForLog : credential.getAllTokens()) { LOG.debug("Obtained token info in credential: {} / {}", tokenForLog.toString(), tokenForLog.decodeIdentifier().getUser()); } ByteArrayOutputStream bao = new ByteArrayOutputStream(); ObjectOutputStream out = new ObjectOutputStream(bao); credential.write(out); out.flush(); out.close(); return bao.toByteArray(); } else { throw new RuntimeException("Security is not enabled for HBase."); } } else { throw new RuntimeException("Security is not enabled for Hadoop"); } } catch (Exception ex) { throw new RuntimeException("Failed to get delegation tokens.", ex); } }
From source file:org.apache.storm.hdfs.security.AutoHDFS.java
License:Apache License
@SuppressWarnings("unchecked") private byte[] getHadoopCredentials(Map<String, Object> conf, final Configuration configuration) { try {//from w w w . j a va2 s . co m if (UserGroupInformation.isSecurityEnabled()) { login(configuration); final String topologySubmitterUser = (String) conf.get(Config.TOPOLOGY_SUBMITTER_PRINCIPAL); final URI nameNodeURI = conf.containsKey(TOPOLOGY_HDFS_URI) ? new URI(conf.get(TOPOLOGY_HDFS_URI).toString()) : FileSystem.getDefaultUri(configuration); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); final UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(topologySubmitterUser, ugi); Credentials creds = (Credentials) proxyUser.doAs(new PrivilegedAction<Object>() { @Override public Object run() { try { FileSystem fileSystem = FileSystem.get(nameNodeURI, configuration); Credentials credential = proxyUser.getCredentials(); if (configuration.get(STORM_USER_NAME_KEY) == null) { configuration.set(STORM_USER_NAME_KEY, hdfsPrincipal); } fileSystem.addDelegationTokens(configuration.get(STORM_USER_NAME_KEY), credential); LOG.info("Delegation tokens acquired for user {}", topologySubmitterUser); return credential; } catch (IOException e) { throw new RuntimeException(e); } } }); ByteArrayOutputStream bao = new ByteArrayOutputStream(); ObjectOutputStream out = new ObjectOutputStream(bao); creds.write(out); out.flush(); out.close(); return bao.toByteArray(); } else { throw new RuntimeException("Security is not enabled for HDFS"); } } catch (Exception ex) { throw new RuntimeException("Failed to get delegation tokens.", ex); } }