List of usage examples for org.apache.hadoop.security UserGroupInformation getLoginUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getLoginUser() throws IOException
From source file:org.apache.hive.hcatalog.streaming.HiveEndPoint.java
License:Apache License
private static UserGroupInformation getUserGroupInfo(String user) throws ImpersonationFailed { try {//from w ww . java 2 s. c om return UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); } catch (IOException e) { LOG.error("Unable to get UserGroupInfo for user : " + user, e); throw new ImpersonationFailed(user, e); } }
From source file:org.apache.hive.hcatalog.templeton.SecureProxySupport.java
License:Apache License
private Token<?>[] getFSDelegationToken(String user, final Configuration conf) throws IOException, InterruptedException { LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); final TokenWrapper twrapper = new TokenWrapper(); ugi.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws IOException, URISyntaxException { Credentials creds = new Credentials(); //get Tokens for default FS. Not all FSs support delegation tokens, e.g. WASB collectTokens(FileSystem.get(conf), twrapper, creds, ugi.getShortUserName()); //get tokens for all other known FSs since Hive tables may result in different ones //passing "creds" prevents duplicate tokens from being added Collection<String> URIs = conf.getStringCollection("mapreduce.job.hdfs-servers"); for (String uri : URIs) { LOG.debug("Getting tokens for " + uri); collectTokens(FileSystem.get(new URI(uri), conf), twrapper, creds, ugi.getShortUserName()); }/*from w w w .j a v a2 s . c o m*/ return null; } }); return twrapper.tokens; }
From source file:org.apache.hive.hcatalog.templeton.SecureProxySupport.java
License:Apache License
/** * @param fsTokens not null/*from w w w .java2 s .c om*/ */ private void writeProxyDelegationTokens(final Token<?> fsTokens[], final Token<?> msToken, final Configuration conf, String user, final Path tokenPath) throws IOException, InterruptedException { LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); ugi.doAs(new PrivilegedExceptionAction<Object>() { public Object run() throws IOException { Credentials cred = new Credentials(); for (Token<?> fsToken : fsTokens) { cred.addToken(fsToken.getService(), fsToken); } cred.addToken(msToken.getService(), msToken); cred.writeTokenStorageFile(tokenPath, conf); return null; } }); }
From source file:org.apache.hive.hcatalog.templeton.SecureProxySupport.java
License:Apache License
private String buildHcatDelegationToken(String user) throws IOException, InterruptedException, TException { final HiveConf c = new HiveConf(); final IMetaStoreClient client = HCatUtil.getHiveMetastoreClient(c); LOG.info("user: " + user + " loginUser: " + UserGroupInformation.getLoginUser().getUserName()); final UserGroupInformation ugi = UgiFactory.getUgi(user); String s = ugi.doAs(new PrivilegedExceptionAction<String>() { public String run() throws IOException, MetaException, TException { String u = ugi.getUserName(); return client.getDelegationToken(c.getUser(), u); }//ww w . j av a 2 s.com }); return s; }
From source file:org.apache.hive.hcatalog.templeton.tool.TempletonUtils.java
License:Apache License
public static Path hadoopFsPath(String fname, final Configuration conf, String user) throws URISyntaxException, IOException, InterruptedException { if (fname == null || conf == null) { return null; }/*w w w . j a v a2s . com*/ UserGroupInformation ugi; if (user != null) { ugi = UgiFactory.getUgi(user); } else { ugi = UserGroupInformation.getLoginUser(); } final String finalFName = new String(fname); final FileSystem defaultFs = ugi.doAs(new PrivilegedExceptionAction<FileSystem>() { @Override public FileSystem run() throws URISyntaxException, IOException, InterruptedException { return FileSystem.get(new URI(finalFName), conf); } }); fname = addUserHomeDirectoryIfApplicable(fname, user); URI u = new URI(fname); Path p = new Path(u).makeQualified(defaultFs); if (hadoopFsIsMissing(defaultFs, p)) throw new FileNotFoundException("File " + fname + " does not exist."); return p; }
From source file:org.apache.hive.hcatalog.templeton.UgiFactory.java
License:Apache License
public static UserGroupInformation getUgi(String user) throws IOException { UserGroupInformation ugi = userUgiMap.get(user); if (ugi == null) { //create new ugi and add to map final UserGroupInformation newUgi = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); //if another thread adds an entry before the check in this one // the one created here will not be added. userUgiMap.putIfAbsent(user, newUgi); //use the UGI object that got added return userUgiMap.get(user); }// w w w . j ava2 s . co m return ugi; }
From source file:org.apache.hive.service.auth.HiveAuthFactory.java
License:Apache License
public static void verifyProxyAccess(String realUser, String proxyUser, String ipAddress, HiveConf hiveConf) throws HiveSQLException { try {// www .j av a2 s .c o m UserGroupInformation sessionUgi; if (UserGroupInformation.isSecurityEnabled()) { KerberosNameShim kerbName = ShimLoader.getHadoopShims().getKerberosNameShim(realUser); sessionUgi = UserGroupInformation.createProxyUser(kerbName.getServiceName(), UserGroupInformation.getLoginUser()); } else { sessionUgi = UserGroupInformation.createRemoteUser(realUser); } if (!proxyUser.equalsIgnoreCase(realUser)) { ProxyUsers.refreshSuperUserGroupsConfiguration(hiveConf); ProxyUsers.authorize(UserGroupInformation.createProxyUser(proxyUser, sessionUgi), ipAddress, hiveConf); } } catch (IOException e) { throw new HiveSQLException("Failed to validate proxy privilege of " + realUser + " for " + proxyUser, "08S01", e); } }
From source file:org.apache.hive.service.cli.session.HiveSessionImplwithUGI.java
License:Apache License
public void setSessionUGI(String owner) throws HiveSQLException { if (owner == null) { throw new HiveSQLException("No username provided for impersonation"); }//from w w w . j a va2 s . c om if (UserGroupInformation.isSecurityEnabled()) { try { sessionUgi = UserGroupInformation.createProxyUser(owner, UserGroupInformation.getLoginUser()); } catch (IOException e) { throw new HiveSQLException("Couldn't setup proxy user", e); } } else { sessionUgi = UserGroupInformation.createRemoteUser(owner); } }
From source file:org.apache.hive.service.cli.thrift.DisconnectCleanupEventHandler.java
License:Apache License
private void closeSessionDoAs() throws IOException, InterruptedException { UserGroupInformation.createProxyUser(getUser(), UserGroupInformation.getLoginUser()) .doAs(new PrivilegedExceptionAction<Boolean>() { public Boolean run() throws HiveSQLException { cleanupSession();/*from w ww . j a v a 2s .com*/ return true; // We don't care about any return values for now } }); }
From source file:org.apache.hive.streaming.HiveStreamingConnection.java
License:Apache License
private HiveStreamingConnection(Builder builder) throws StreamingException { this.database = builder.database.toLowerCase(); this.table = builder.table.toLowerCase(); this.staticPartitionValues = builder.staticPartitionValues; this.conf = builder.hiveConf; this.agentInfo = builder.agentInfo; this.streamingOptimizations = builder.streamingOptimizations; this.writeId = builder.writeId; this.statementId = builder.statementId; this.tableObject = builder.tableObject; this.setPartitionedTable(builder.isPartitioned); this.manageTransactions = builder.manageTransactions; UserGroupInformation loggedInUser = null; try {/*w w w.j a v a 2s . c o m*/ loggedInUser = UserGroupInformation.getLoginUser(); } catch (IOException e) { LOG.warn("Unable to get logged in user via UGI. err: {}", e.getMessage()); } if (loggedInUser == null) { this.username = System.getProperty("user.name"); this.secureMode = false; } else { this.username = loggedInUser.getShortUserName(); this.secureMode = loggedInUser.hasKerberosCredentials(); } this.transactionBatchSize = builder.transactionBatchSize; this.recordWriter = builder.recordWriter; this.connectionStats = new ConnectionStats(); if (agentInfo == null) { try { agentInfo = username + ":" + InetAddress.getLocalHost().getHostName() + ":" + Thread.currentThread().getName(); } catch (UnknownHostException e) { // ignore and use UUID instead this.agentInfo = UUID.randomUUID().toString(); } } if (conf == null) { conf = createHiveConf(this.getClass(), DEFAULT_METASTORE_URI); } overrideConfSettings(conf); if (manageTransactions) { this.metastoreUri = conf.get(MetastoreConf.ConfVars.THRIFT_URIS.getHiveName()); this.msClient = getMetaStoreClient(conf, metastoreUri, secureMode, "streaming-connection"); // We use a separate metastore client for heartbeat calls to ensure heartbeat RPC calls are // isolated from the other transaction related RPC calls. this.heartbeatMSClient = getMetaStoreClient(conf, metastoreUri, secureMode, "streaming-connection-heartbeat"); validateTable(); } LOG.info("STREAMING CONNECTION INFO: {}", toConnectionInfoString()); }