List of usage examples for org.apache.hadoop.security UserGroupInformation doAs
@InterfaceAudience.Public @InterfaceStability.Evolving public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
From source file:org.apache.oozie.action.hadoop.MainTestCase.java
License:Apache License
public static void execute(String user, final Callable<Void> callable) throws Exception { UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { callable.call();//from w w w . ja v a 2 s . c om return null; } }); }
From source file:org.apache.oozie.client.ProxyOozieClient.java
License:Apache License
@Override protected HttpURLConnection createConnection(URL url, final String method) throws IOException, OozieClientException { final URL decoratedUrl = decorateUrlWithUser(url); LOG.debug("ProxyOozieClient.createConnection: u={}, m={}", url, method); // Login User "falcon" has the kerberos credentials UserGroupInformation loginUserUGI = UserGroupInformation.getLoginUser(); try {//from w ww. j a v a 2 s .c o m return loginUserUGI.doAs(new PrivilegedExceptionAction<HttpURLConnection>() { public HttpURLConnection run() throws Exception { HttpURLConnection conn = ProxyOozieClient.super.createConnection(decoratedUrl, method); int connectTimeout = Integer .parseInt(RuntimeProperties.get().getProperty("oozie.connect.timeout", "1000")); conn.setConnectTimeout(connectTimeout); int readTimeout = Integer .parseInt(RuntimeProperties.get().getProperty("oozie.read.timeout", "45000")); conn.setReadTimeout(readTimeout); return conn; } }); } catch (InterruptedException e) { throw new IOException("Could not connect to oozie: " + e.getMessage(), e); } }
From source file:org.apache.oozie.dependency.HCatURIHandler.java
License:Apache License
private HCatClientWithToken getHCatClient(URI uri, Configuration conf, String user) throws HCatAccessorException { final HiveConf hiveConf = getHiveConf(uri, conf); String delegationToken = null; try {/* www .j av a2 s . c o m*/ // Get UGI to doAs() as the specified user UserGroupInformation ugi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); // Define the label for the Delegation Token for the HCat instance. hiveConf.set("hive.metastore.token.signature", "HCatTokenSignature"); if (hiveConf.getBoolean(HiveConf.ConfVars.METASTORE_USE_THRIFT_SASL.varname, false)) { HCatClient tokenClient = null; try { // Retrieve Delegation token for HCatalog tokenClient = HCatClient.create(hiveConf); delegationToken = tokenClient.getDelegationToken(user, UserGroupInformation.getLoginUser().getUserName()); // Store Delegation token in the UGI Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(); token.decodeFromUrlString(delegationToken); token.setService(new Text(hiveConf.get("hive.metastore.token.signature"))); ugi.addToken(token); } finally { if (tokenClient != null) { tokenClient.close(); } } } XLog.getLog(HCatURIHandler.class).info( "Creating HCatClient for user [{0}] login_user [{1}] and server [{2}] ", user, UserGroupInformation.getLoginUser(), hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname)); HCatClient hcatClient = ugi.doAs(new PrivilegedExceptionAction<HCatClient>() { @Override public HCatClient run() throws Exception { HCatClient client = HCatClient.create(hiveConf); return client; } }); HCatClientWithToken clientWithToken = new HCatClientWithToken(hcatClient, delegationToken); return clientWithToken; } catch (IOException e) { throw new HCatAccessorException(ErrorCode.E1501, e.getMessage()); } catch (Exception e) { throw new HCatAccessorException(ErrorCode.E1501, e.getMessage()); } }
From source file:org.apache.oozie.service.HadoopAccessorService.java
License:Apache License
/** * Return a JobClient created with the provided user/group. * * * @param conf JobConf with all necessary information to create the * JobClient.//from ww w . jav a2 s . c o m * @return JobClient created with the provided user/group. * @throws HadoopAccessorException if the client could not be created. */ public JobClient createJobClient(String user, final JobConf conf) throws HadoopAccessorException { ParamChecker.notEmpty(user, "user"); if (!conf.getBoolean(OOZIE_HADOOP_ACCESSOR_SERVICE_CREATED, false)) { throw new HadoopAccessorException(ErrorCode.E0903); } String jobTracker = conf.get(JavaActionExecutor.HADOOP_JOB_TRACKER); validateJobTracker(jobTracker); try { UserGroupInformation ugi = getUGI(user); JobClient jobClient = ugi.doAs(new PrivilegedExceptionAction<JobClient>() { public JobClient run() throws Exception { return new JobClient(conf); } }); Token<DelegationTokenIdentifier> mrdt = jobClient.getDelegationToken(getMRDelegationTokenRenewer(conf)); conf.getCredentials().addToken(MR_TOKEN_ALIAS, mrdt); return jobClient; } catch (InterruptedException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex.getMessage(), ex); } catch (IOException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex.getMessage(), ex); } }
From source file:org.apache.oozie.service.HadoopAccessorService.java
License:Apache License
/** * Return a FileSystem created with the provided user for the specified URI. * * * @param uri file system URI.//from w w w. ja v a 2 s .c o m * @param conf Configuration with all necessary information to create the FileSystem. * @return FileSystem created with the provided user/group. * @throws HadoopAccessorException if the filesystem could not be created. */ public FileSystem createFileSystem(String user, final URI uri, final Configuration conf) throws HadoopAccessorException { ParamChecker.notEmpty(user, "user"); if (!conf.getBoolean(OOZIE_HADOOP_ACCESSOR_SERVICE_CREATED, false)) { throw new HadoopAccessorException(ErrorCode.E0903); } checkSupportedFilesystem(uri); String nameNode = uri.getAuthority(); if (nameNode == null) { nameNode = conf.get("fs.default.name"); if (nameNode != null) { try { nameNode = new URI(nameNode).getAuthority(); } catch (URISyntaxException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex.getMessage(), ex); } } } validateNameNode(nameNode); try { UserGroupInformation ugi = getUGI(user); return ugi.doAs(new PrivilegedExceptionAction<FileSystem>() { public FileSystem run() throws Exception { return FileSystem.get(uri, conf); } }); } catch (InterruptedException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex.getMessage(), ex); } catch (IOException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex.getMessage(), ex); } }
From source file:org.apache.oozie.service.HadoopAccessorService.java
License:Apache License
public void addFileToClassPath(String user, final Path file, final Configuration conf) throws IOException { ParamChecker.notEmpty(user, "user"); try {/*from www . ja va 2 s. co m*/ UserGroupInformation ugi = getUGI(user); ugi.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { JobUtils.addFileToClassPath(file, conf, null); return null; } }); } catch (InterruptedException ex) { throw new IOException(ex); } }
From source file:org.apache.oozie.service.KerberosHadoopAccessorService.java
License:Open Source License
/** * Return a JobClient created with the provided user/group. * * @param conf JobConf with all necessary information to create the JobClient. * @return JobClient created with the provided user/group. * @throws HadoopAccessorException if the client could not be created. *///from w w w .jav a 2 s .c o m public JobClient createJobClient(String user, String group, final JobConf conf) throws HadoopAccessorException { ParamChecker.notEmpty(user, "user"); ParamChecker.notEmpty(group, "group"); validateJobTracker(conf.get("mapred.job.tracker")); try { UserGroupInformation ugi = getUGI(user); JobClient jobClient = ugi.doAs(new PrivilegedExceptionAction<JobClient>() { public JobClient run() throws Exception { return new JobClient(conf); } }); Token<DelegationTokenIdentifier> mrdt = jobClient.getDelegationToken(new Text("mr token")); conf.getCredentials().addToken(new Text("mr token"), mrdt); return jobClient; } catch (InterruptedException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex); } catch (IOException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex); } }
From source file:org.apache.oozie.service.KerberosHadoopAccessorService.java
License:Open Source License
/** * Return a FileSystem created with the provided user/group. * * @param conf Configuration with all necessary information to create the FileSystem. * @return FileSystem created with the provided user/group. * @throws HadoopAccessorException if the filesystem could not be created. *///from w w w . ja va 2s . c om public FileSystem createFileSystem(String user, String group, final Configuration conf) throws HadoopAccessorException { ParamChecker.notEmpty(user, "user"); ParamChecker.notEmpty(group, "group"); try { validateNameNode(new URI(conf.get("fs.default.name")).getAuthority()); UserGroupInformation ugi = getUGI(user); return ugi.doAs(new PrivilegedExceptionAction<FileSystem>() { public FileSystem run() throws Exception { Configuration defaultConf = new Configuration(); XConfiguration.copy(conf, defaultConf); return FileSystem.get(defaultConf); } }); } catch (InterruptedException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex); } catch (IOException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex); } catch (URISyntaxException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex); } }
From source file:org.apache.oozie.service.KerberosHadoopAccessorService.java
License:Open Source License
/** * Return a FileSystem created with the provided user/group for the specified URI. * * @param uri file system URI.//from ww w . j a v a 2 s. co m * @param conf Configuration with all necessary information to create the FileSystem. * @return FileSystem created with the provided user/group. * @throws HadoopAccessorException if the filesystem could not be created. */ public FileSystem createFileSystem(String user, String group, final URI uri, final Configuration conf) throws HadoopAccessorException { ParamChecker.notEmpty(user, "user"); ParamChecker.notEmpty(group, "group"); validateNameNode(uri.getAuthority()); try { UserGroupInformation ugi = getUGI(user); return ugi.doAs(new PrivilegedExceptionAction<FileSystem>() { public FileSystem run() throws Exception { Configuration defaultConf = new Configuration(); defaultConf.set(WorkflowAppService.HADOOP_JT_KERBEROS_NAME, "mapred/_HOST@" + localRealm); defaultConf.set(WorkflowAppService.HADOOP_NN_KERBEROS_NAME, "hdfs/_HOST@" + localRealm); XConfiguration.copy(conf, defaultConf); return FileSystem.get(uri, defaultConf); } }); } catch (InterruptedException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex); } catch (IOException ex) { throw new HadoopAccessorException(ErrorCode.E0902, ex); } }
From source file:org.apache.oozie.service.KerberosHadoopAccessorService.java
License:Open Source License
public void addFileToClassPath(String user, String group, final Path file, final Configuration conf) throws IOException { ParamChecker.notEmpty(user, "user"); ParamChecker.notEmpty(group, "group"); try {/*from ww w . j a v a2 s . c om*/ UserGroupInformation ugi = getUGI(user); ugi.doAs(new PrivilegedExceptionAction<Void>() { public Void run() throws Exception { Configuration defaultConf = new Configuration(); XConfiguration.copy(conf, defaultConf); //Doing this NOP add first to have the FS created and cached DistributedCache.addFileToClassPath(file, defaultConf); DistributedCache.addFileToClassPath(file, conf); return null; } }); } catch (InterruptedException ex) { throw new IOException(ex); } }