List of usage examples for org.apache.hadoop.security UserGroupInformation getGroupNames
public String[] getGroupNames()
From source file:org.apache.sentry.tests.e2e.kafka.AbstractKafkaSentryTestBase.java
License:Apache License
public static void setUserGroups() throws Exception { for (String user : StaticUserGroupRole.getUsers()) { Set<String> groups = StaticUserGroupRole.getGroups(user); policyFile.addGroupsToUser(user, groups.toArray(new String[groups.size()])); }/* ww w.j a v a 2 s. c om*/ UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); policyFile.addGroupsToUser(loginUser.getShortUserName(), loginUser.getGroupNames()); policyFile.write(policyFilePath); }
From source file:org.apache.sentry.tests.e2e.sqoop.AbstractSqoopSentryTestBase.java
License:Apache License
public static void setUserGroups() throws Exception { for (String user : StaticUserGroupRole.getUsers()) { Set<String> groups = StaticUserGroupRole.getGroups(user); policyFile.addGroupsToUser(user, groups.toArray(new String[groups.size()])); }// w w w .j av a2 s . co m policyFile.addGroupsToUser(ADMIN_USER, ADMIN_GROUP); UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); policyFile.addGroupsToUser(loginUser.getShortUserName(), loginUser.getGroupNames()); policyFile.write(policyFilePath); }
From source file:org.apache.tajo.master.rule.FileSystemRule.java
License:Apache License
private void canAccessToPath(FileStatus fsStatus, FsAction action) throws Exception { FsPermission permission = fsStatus.getPermission(); UserGroupInformation userGroupInformation = UserGroupInformation.getCurrentUser(); String userName = userGroupInformation.getShortUserName(); List<String> groupList = Arrays.asList(userGroupInformation.getGroupNames()); if (userName.equals(fsStatus.getOwner())) { if (permission.getUserAction().implies(action)) { return; }/* w ww. jav a 2s. co m*/ } else if (groupList.contains(fsStatus.getGroup())) { if (permission.getGroupAction().implies(action)) { return; } } else { if (permission.getOtherAction().implies(action)) { return; } } throw new AccessControlException( String.format("Permission denied: user=%s, path=\"%s\":%s:%s:%s%s", userName, fsStatus.getPath(), fsStatus.getOwner(), fsStatus.getGroup(), fsStatus.isDirectory() ? "d" : "-", permission)); }
From source file:org.apache.tez.common.security.ACLManager.java
License:Apache License
@VisibleForTesting boolean checkAccess(UserGroupInformation ugi, ACLType aclType) { if (!aclsEnabled) { return true; }/*from w ww.ja v a 2 s . com*/ String user = ugi.getShortUserName(); if (amUser.equals(user)) { return true; } if (EnumSet.of(ACLType.DAG_MODIFY_ACL, ACLType.DAG_VIEW_ACL).contains(aclType)) { if (dagUser != null && dagUser.equals(user)) { return true; } } if (users != null && !users.isEmpty()) { Set<String> set = users.get(aclType); if (set != null) { if (set.contains(WILDCARD_ACL_VALUE)) { return true; } if (set.contains(user)) { return true; } } } Collection<String> userGroups = Arrays.asList(ugi.getGroupNames()); if (userGroups != null && !userGroups.isEmpty() && groups != null && !groups.isEmpty()) { Set<String> set = groups.get(aclType); if (set != null) { for (String userGrp : userGroups) { if (set.contains(userGrp)) { return true; } } } } return false; }
From source file:skewtune.mapreduce.STJobTracker.java
License:Apache License
/** * Is the calling user a super user? Or part of the supergroup? * /*from w ww . j a v a 2s . co m*/ * @return true, if it is a super user */ static boolean isSuperUserOrSuperGroup(UserGroupInformation callerUGI, UserGroupInformation superUser, String superGroup) { if (superUser.getShortUserName().equals(callerUGI.getShortUserName())) { return true; } String[] groups = callerUGI.getGroupNames(); for (int i = 0; i < groups.length; ++i) { if (groups[i].equals(superGroup)) { return true; } } return false; }