List of usage examples for org.apache.hadoop.security UserGroupInformation getLoginUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getLoginUser() throws IOException
From source file:com.thinkbiganalytics.nifi.security.SecurityUtil.java
License:Apache License
/** * Initializes UserGroupInformation with the given Configuration and returns UserGroupInformation.getLoginUser(). * All logins should happen through this class to ensure other threads are not concurrently modifying * UserGroupInformation./*from w w w.j av a 2s . co m*/ * * @param config the configuration instance * @return the UGI for the given principal * @throws IOException if login failed */ public static synchronized UserGroupInformation loginSimple(final Configuration config) throws IOException { Validate.notNull(config); UserGroupInformation.setConfiguration(config); return UserGroupInformation.getLoginUser(); }
From source file:com.trendmicro.hdfs.webdav.HDFSResource.java
License:Apache License
public void setProxyUser(final String user) throws IOException { if (user != null) { this.user = UserGroupInformation.createProxyUser(user, UserGroupInformation.getLoginUser()); }//from w ww .j ava 2 s. co m if (this.user == null) { this.user = UserGroupInformation.getCurrentUser(); } }
From source file:gobblin.compliance.HivePartitionVersionFinder.java
License:Apache License
private void setVersions(final String name, final State state) throws IOException { try {//w ww .ja v a2 s . co m UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); loginUser.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws IOException { HiveDatasetFinder finder = new HiveDatasetFinder(fs, state.getProperties()); for (HiveDataset hiveDataset : finder.findDatasets()) { List<Partition> partitions = hiveDataset.getPartitionsFromDataset(); for (String pattern : patterns) { if (hiveDataset.getTable().getTableName().contains(pattern)) { addPartitionsToVersions(versions, name, hiveDataset, partitions); } } } return null; } }); } catch (InterruptedException | IOException e) { throw new IOException(e); } }
From source file:gobblin.compliance.purger.HivePurgerPublisher.java
License:Apache License
public void initHiveMetastoreClient() throws Exception { if (this.state.contains(ConfigurationKeys.SUPER_USER_KEY_TAB_LOCATION)) { String superUser = this.state.getProp(ComplianceConfigurationKeys.GOBBLIN_COMPLIANCE_SUPER_USER); String realm = this.state.getProp(ConfigurationKeys.KERBEROS_REALM); String keytabLocation = this.state.getProp(ConfigurationKeys.SUPER_USER_KEY_TAB_LOCATION); log.info("Establishing MetastoreClient connection using " + keytabLocation); UserGroupInformation.loginUserFromKeytab(HostUtils.getPrincipalUsingHostname(superUser, realm), keytabLocation);//from ww w . j a v a2 s . c om UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); loginUser.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws TException { HivePurgerPublisher.this.client = new HiveMetaStoreClient(new HiveConf()); return null; } }); } else { HivePurgerPublisher.this.client = new HiveMetaStoreClient(new HiveConf()); } }
From source file:gobblin.hadoop.token.TokenUtils.java
License:Open Source License
private static void getFsAndJtTokens(final State state, final Configuration conf, final Optional<String> userToProxy, final Credentials cred) throws IOException, InterruptedException { if (userToProxy.isPresent()) { UserGroupInformation.createProxyUser(userToProxy.get(), UserGroupInformation.getLoginUser()) .doAs(new PrivilegedExceptionAction<Void>() { @Override/*from ww w.j a va 2 s . c om*/ public Void run() throws Exception { getFsAndJtTokensImpl(state, conf, cred); return null; } }); } else { getFsAndJtTokensImpl(state, conf, cred); } }
From source file:gobblin.util.ProxiedFileSystemUtils.java
License:Apache License
/** * Create a {@link FileSystem} that can perform any operations allowed the by the specified userNameToProxyAs. The * method first proxies as userNameToProxyAs, and then adds the specified {@link Token} to the given * {@link UserGroupInformation} object. It then uses the {@link UserGroupInformation#doAs(PrivilegedExceptionAction)} * method to create a {@link FileSystem}. * * @param userNameToProxyAs The name of the user the super user should proxy as * @param userNameToken The {@link Token} to add to the proxied user's {@link UserGroupInformation}. * @param fsURI The {@link URI} for the {@link FileSystem} that should be created * @param conf The {@link Configuration} for the {@link FileSystem} that should be created * * @return a {@link FileSystem} that can execute commands on behalf of the specified userNameToProxyAs *///from w w w .j a v a2 s. c o m static FileSystem createProxiedFileSystemUsingToken(@NonNull String userNameToProxyAs, @NonNull Token<?> userNameToken, URI fsURI, Configuration conf) throws IOException, InterruptedException { UserGroupInformation ugi = UserGroupInformation.createProxyUser(userNameToProxyAs, UserGroupInformation.getLoginUser()); ugi.addToken(userNameToken); return ugi.doAs(new ProxiedFileSystem(fsURI, conf)); }
From source file:gobblin.util.ProxiedFileSystemUtils.java
License:Apache License
private static UserGroupInformation loginAndProxyAsUser(@NonNull String userNameToProxyAs, @NonNull String superUserName, Path superUserKeytabLocation) throws IOException { if (!UserGroupInformation.getLoginUser().getUserName().equals(superUserName)) { Preconditions.checkNotNull(superUserKeytabLocation); UserGroupInformation.loginUserFromKeytab(superUserName, superUserKeytabLocation.toString()); }/* w ww. j a va 2s .c o m*/ return UserGroupInformation.createProxyUser(userNameToProxyAs, UserGroupInformation.getLoginUser()); }
From source file:gobblin.util.ProxiedFileSystemWrapper.java
License:Apache License
/** * Getter for proxiedFs, using the passed parameters to create an instance of a proxiedFs. * @param properties// w w w . j av a2 s .c om * @param authType is either TOKEN or KEYTAB. * @param authPath is the KEYTAB location if the authType is KEYTAB; otherwise, it is the token file. * @param uri File system URI. * @throws IOException * @throws InterruptedException * @throws URISyntaxException * @return proxiedFs */ public FileSystem getProxiedFileSystem(State properties, AuthType authType, String authPath, String uri, final Configuration conf) throws IOException, InterruptedException, URISyntaxException { Preconditions.checkArgument( StringUtils.isNotBlank(properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME)), "State does not contain a proper proxy user name"); String proxyUserName = properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME); UserGroupInformation proxyUser; switch (authType) { case KEYTAB: // If the authentication type is KEYTAB, log in a super user first before creating a proxy user. Preconditions.checkArgument( StringUtils .isNotBlank(properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS)), "State does not contain a proper proxy token file name"); String superUser = properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS); UserGroupInformation.loginUserFromKeytab(superUser, authPath); proxyUser = UserGroupInformation.createProxyUser(proxyUserName, UserGroupInformation.getLoginUser()); break; case TOKEN: // If the authentication type is TOKEN, create a proxy user and then add the token to the user. proxyUser = UserGroupInformation.createProxyUser(proxyUserName, UserGroupInformation.getLoginUser()); Optional<Token<?>> proxyToken = getTokenFromSeqFile(authPath, proxyUserName); if (proxyToken.isPresent()) { proxyUser.addToken(proxyToken.get()); } else { LOG.warn("No delegation token found for the current proxy user."); } break; default: LOG.warn( "Creating a proxy user without authentication, which could not perform File system operations."); proxyUser = UserGroupInformation.createProxyUser(proxyUserName, UserGroupInformation.getLoginUser()); break; } final URI fsURI = URI.create(uri); proxyUser.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws IOException { LOG.debug("Now performing file system operations as :" + UserGroupInformation.getCurrentUser()); proxiedFs = FileSystem.get(fsURI, conf); return null; } }); return this.proxiedFs; }
From source file:gobblin.yarn.YarnAppSecurityManager.java
License:Apache License
public YarnAppSecurityManager(Config config, HelixManager helixManager, FileSystem fs, Path tokenFilePath) throws IOException { this.config = config; this.helixManager = helixManager; this.fs = fs; this.tokenFilePath = tokenFilePath; this.fs.makeQualified(tokenFilePath); this.loginUser = UserGroupInformation.getLoginUser(); this.loginIntervalInMinutes = config.getLong(GobblinYarnConfigurationKeys.LOGIN_INTERVAL_IN_MINUTES); this.tokenRenewIntervalInMinutes = config .getLong(GobblinYarnConfigurationKeys.TOKEN_RENEW_INTERVAL_IN_MINUTES); this.loginExecutor = Executors.newSingleThreadScheduledExecutor( ExecutorsUtils.newThreadFactory(Optional.of(LOGGER), Optional.of("KeytabReLoginExecutor"))); this.tokenRenewExecutor = Executors.newSingleThreadScheduledExecutor( ExecutorsUtils.newThreadFactory(Optional.of(LOGGER), Optional.of("TokenRenewExecutor"))); }
From source file:gobblin.yarn.YarnAppSecurityManager.java
License:Apache License
/** * Login the user from a given keytab file. *//*from www.j a va 2 s . co m*/ private void loginFromKeytab() throws IOException { String keyTabFilePath = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_FILE_PATH); if (Strings.isNullOrEmpty(keyTabFilePath)) { throw new IOException("Keytab file path is not defined for Kerberos login"); } if (!new File(keyTabFilePath).exists()) { throw new IOException("Keytab file not found at: " + keyTabFilePath); } String principal = this.config.getString(GobblinYarnConfigurationKeys.KEYTAB_PRINCIPAL_NAME); if (Strings.isNullOrEmpty(principal)) { principal = this.loginUser.getShortUserName() + "/localhost@LOCALHOST"; } Configuration conf = new Configuration(); conf.set("hadoop.security.authentication", UserGroupInformation.AuthenticationMethod.KERBEROS.toString().toLowerCase()); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(principal, keyTabFilePath); LOGGER.info(String.format("Logged in from keytab file %s using principal %s", keyTabFilePath, principal)); this.loginUser = UserGroupInformation.getLoginUser(); getNewDelegationTokenForLoginUser(); writeDelegationTokenToFile(); if (!this.firstLogin) { // Send a message to the controller and all the participants sendTokenFileUpdatedMessage(InstanceType.CONTROLLER); sendTokenFileUpdatedMessage(InstanceType.PARTICIPANT); } }