List of usage examples for org.apache.hadoop.security UserGroupInformation doAs
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
From source file:org.apache.hive.hcatalog.templeton.SecureProxySupport.java
License:Apache License
/** * @param fsTokens not null/*from w w w.j a v a2s .c o m*/ */ private void writeProxyDelegationTokens(final Token<?> fsTokens[], final Token<?> msToken, final Configuration conf, String user, final Path tokenPath) throws IOException, InterruptedException { LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); ugi.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws IOException { Credentials cred = new Credentials(); for (Token<?> fsToken : fsTokens) { cred.addToken(fsToken.getService(), fsToken); } cred.addToken(msToken.getService(), msToken); cred.writeTokenStorageFile(tokenPath, conf); return null; } }); }
From source file:org.apache.hive.hcatalog.templeton.SecureProxySupport.java
License:Apache License
private String buildHcatDelegationToken(String user) throws IOException, InterruptedException, TException { final HiveConf c = new HiveConf(); final IMetaStoreClient client = HCatUtil.getHiveMetastoreClient(c); LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); String s = ugi.doAs(new PrivilegedExceptionAction<String>() { public String run() throws IOException, MetaException, TException { String u = ugi.getUserName(); return client.getDelegationToken(c.getUser(), u); }/*from w ww .j a v a 2 s . com*/ }); return s; }
From source file:org.apache.hive.hcatalog.templeton.tool.TempletonControllerJob.java
License:Apache License
private String buildHcatDelegationToken(String user) throws IOException, InterruptedException, TException { final HiveConf c = new HiveConf(); LOG.debug("Creating hive metastore delegation token for user " + user); final UserGroupInformation ugi = UgiFactory.getUgi(user); UserGroupInformation real = ugi.getRealUser(); return real.doAs(new PrivilegedExceptionAction<String>() { @Override//from w w w. ja v a 2 s. c om public String run() throws IOException, TException, InterruptedException { final IMetaStoreClient client = HCatUtil.getHiveMetastoreClient(c); return ugi.doAs(new PrivilegedExceptionAction<String>() { @Override public String run() throws IOException, TException, InterruptedException { String u = ugi.getUserName(); return client.getDelegationToken(c.getUser(), u); } }); } }); }
From source file:org.apache.hive.hcatalog.templeton.tool.TempletonUtils.java
License:Apache License
public static Path hadoopFsPath(String fname, final Configuration conf, String user) throws URISyntaxException, IOException, InterruptedException { if (fname == null || conf == null) { return null; }/*from w ww.java2 s . com*/ UserGroupInformation ugi; if (user != null) { ugi = UgiFactory.getUgi(user); } else { ugi = UserGroupInformation.getLoginUser(); } final String finalFName = new String(fname); final FileSystem defaultFs = ugi.doAs(new PrivilegedExceptionAction<FileSystem>() { @Override public FileSystem run() throws URISyntaxException, IOException, InterruptedException { return FileSystem.get(new URI(finalFName), conf); } }); fname = addUserHomeDirectoryIfApplicable(fname, user); URI u = new URI(fname); Path p = new Path(u).makeQualified(defaultFs); if (hadoopFsIsMissing(defaultFs, p)) throw new FileNotFoundException("File " + fname + " does not exist."); return p; }
From source file:org.apache.hive.service.auth.HttpAuthUtils.java
License:Apache License
/** * @return Stringified Base64 encoded kerberosAuthHeader on success * @throws Exception/*from www . ja v a 2 s . c o m*/ */ public static String getKerberosServiceTicket(String principal, String host, String serverHttpUrl, boolean assumeSubject) throws Exception { String serverPrincipal = ShimLoader.getHadoopThriftAuthBridge().getServerPrincipal(principal, host); if (assumeSubject) { // With this option, we're assuming that the external application, // using the JDBC driver has done a JAAS kerberos login already AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null) { throw new Exception("The Subject is not set"); } return Subject.doAs(subject, new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } else { // JAAS login from ticket cache to setup the client UserGroupInformation UserGroupInformation clientUGI = ShimLoader.getHadoopThriftAuthBridge() .getCurrentUGIWithConf("kerberos"); return clientUGI.doAs(new HttpKerberosClientAction(serverPrincipal, serverHttpUrl)); } }
From source file:org.apache.hive.service.cli.operation.SQLOperation.java
License:Apache License
@Override public void runInternal() throws HiveSQLException { setState(OperationState.PENDING);//w ww . jav a 2 s . c o m final HiveConf opConfig = getConfigForOperation(); prepare(opConfig); if (!shouldRunAsync()) { runQuery(opConfig); } else { // We'll pass ThreadLocals in the background thread from the foreground (handler) thread final SessionState parentSessionState = SessionState.get(); // ThreadLocal Hive object needs to be set in background thread. // The metastore client in Hive is associated with right user. final Hive parentHive = getSessionHive(); // Current UGI will get used by metastore when metsatore is in embedded mode // So this needs to get passed to the new background thread final UserGroupInformation currentUGI = getCurrentUGI(opConfig); // Runnable impl to call runInternal asynchronously, // from a different thread Runnable backgroundOperation = new Runnable() { @Override public void run() { PrivilegedExceptionAction<Object> doAsAction = new PrivilegedExceptionAction<Object>() { @Override public Object run() throws HiveSQLException { Hive.set(parentHive); SessionState.setCurrentSessionState(parentSessionState); // Set current OperationLog in this async thread for keeping on saving query log. registerCurrentOperationLog(); try { runQuery(opConfig); } catch (HiveSQLException e) { setOperationException(e); LOG.error("Error running hive query: ", e); } finally { unregisterOperationLog(); } return null; } }; try { currentUGI.doAs(doAsAction); } catch (Exception e) { setOperationException(new HiveSQLException(e)); LOG.error("Error running hive query as user : " + currentUGI.getShortUserName(), e); } finally { /** * We'll cache the ThreadLocal RawStore object for this background thread for an orderly cleanup * when this thread is garbage collected later. * @see org.apache.hive.service.server.ThreadWithGarbageCleanup#finalize() */ if (ThreadWithGarbageCleanup.currentThread() instanceof ThreadWithGarbageCleanup) { ThreadWithGarbageCleanup currentThread = (ThreadWithGarbageCleanup) ThreadWithGarbageCleanup .currentThread(); currentThread.cacheThreadLocalRawStore(); } } } }; try { // This submit blocks if no background threads are available to run this operation Future<?> backgroundHandle = getParentSession().getSessionManager() .submitBackgroundOperation(backgroundOperation); setBackgroundHandle(backgroundHandle); } catch (RejectedExecutionException rejected) { setState(OperationState.ERROR); throw new HiveSQLException("The background threadpool cannot accept" + " new task for execution, please retry the operation", rejected); } } }
From source file:org.apache.hoya.yarn.appmaster.rpc.RpcBinder.java
License:Apache License
public static HoyaClusterProtocol getProxy(final Configuration conf, ApplicationReport application, final int rpcTimeout) throws IOException, HoyaException, InterruptedException { String host = application.getHost(); int port = application.getRpcPort(); String address = host + ":" + port; if (host == null || 0 == port) { throw new HoyaException(HoyaExitCodes.EXIT_CONNECTIVITY_PROBLEM, "Hoya YARN instance " + application.getName() + " isn't providing a valid address for the" + " Hoya RPC protocol: " + address); }/*from ww w .j a v a2 s . co m*/ UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); final UserGroupInformation newUgi = UserGroupInformation.createRemoteUser(currentUser.getUserName()); final InetSocketAddress serviceAddr = NetUtils.createSocketAddrForHost(application.getHost(), application.getRpcPort()); HoyaClusterProtocol realProxy; log.debug("Connecting to {}", serviceAddr); if (UserGroupInformation.isSecurityEnabled()) { org.apache.hadoop.yarn.api.records.Token clientToAMToken = application.getClientToAMToken(); Token<ClientToAMTokenIdentifier> token = ConverterUtils.convertFromYarn(clientToAMToken, serviceAddr); newUgi.addToken(token); realProxy = newUgi.doAs(new PrivilegedExceptionAction<HoyaClusterProtocol>() { @Override public HoyaClusterProtocol run() throws IOException { return connectToServer(serviceAddr, newUgi, conf, rpcTimeout); } }); } else { return connectToServer(serviceAddr, newUgi, conf, rpcTimeout); } return realProxy; }
From source file:org.apache.ignite.internal.processors.hadoop.impl.delegate.HadoopKerberosFileSystemFactoryDelegate.java
License:Apache License
/** {@inheritDoc} */ @Override/*from www. j a va 2 s. c o m*/ protected FileSystem create(String usrName) throws IOException, InterruptedException { UserGroupInformation proxyUgi = UserGroupInformation.createProxyUser(usrName, UserGroupInformation.getLoginUser()); return proxyUgi.doAs(new PrivilegedExceptionAction<FileSystem>() { @Override public FileSystem run() throws Exception { FileSystem fs = FileSystem.get(fullUri, cfg); if (workDir != null) fs.setWorkingDirectory(workDir); return fs; } }); }
From source file:org.apache.ignite.internal.processors.hadoop.impl.igfs.HadoopIgfs20FileSystemAbstractSelfTest.java
License:Apache License
/** {@inheritDoc} */ @Override//from www .j av a 2 s . com protected void beforeTest() throws Exception { primaryFsUri = new URI(primaryFileSystemUriPath()); primaryFsCfg = new Configuration(); primaryFsCfg.addResource(U.resolveIgniteUrl(primaryFileSystemConfigPath())); UserGroupInformation ugi = UserGroupInformation.getBestUGI(null, getClientFsUser()); // Create Fs on behalf of the client user: ugi.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { fs = AbstractFileSystem.get(primaryFsUri, primaryFsCfg); return null; } }); barrier = new CyclicBarrier(THREAD_CNT); }
From source file:org.apache.ignite.internal.processors.hadoop.impl.igfs.IgniteHadoopFileSystemAbstractSelfTest.java
License:Apache License
/** {@inheritDoc} */ @Override//from www . ja v a 2s .c o m protected void beforeTest() throws Exception { primaryFsUri = new URI(PRIMARY_URI); primaryFsCfg = configuration(PRIMARY_AUTHORITY, skipEmbed, skipLocShmem); UserGroupInformation clientUgi = UserGroupInformation.getBestUGI(null, getClientFsUser()); assertNotNull(clientUgi); // Create the Fs on behalf of the specific user: clientUgi.doAs(new PrivilegedExceptionAction<Object>() { @Override public Object run() throws Exception { fs = FileSystem.get(primaryFsUri, primaryFsCfg); return null; } }); barrier = new CyclicBarrier(THREAD_CNT); }