List of usage examples for org.apache.hadoop.security UserGroupInformation getUserName
@InterfaceAudience.Public
@InterfaceStability.Evolving
public String getUserName()
From source file:org.apache.falcon.security.CurrentUserTest.java
License:Apache License
@Test public void testProxy() throws Exception { CurrentUser.authenticate("real"); CurrentUser.proxy(EntityBuilderTestUtil.USER, "users"); UserGroupInformation proxyUgi = CurrentUser.getProxyUGI(); Assert.assertNotNull(proxyUgi);//w w w. j a va 2 s .co m Assert.assertEquals(proxyUgi.getUserName(), EntityBuilderTestUtil.USER); Assert.assertEquals(CurrentUser.getAuthenticatedUser(), "real"); Assert.assertEquals(CurrentUser.getUser(), EntityBuilderTestUtil.USER); }
From source file:org.apache.falcon.security.CurrentUserTest.java
License:Apache License
@Test public void testProxySameUser() throws Exception { CurrentUser.authenticate(FalconTestUtil.TEST_USER_1); CurrentUser.proxy(FalconTestUtil.TEST_USER_1, "users"); UserGroupInformation proxyUgi = CurrentUser.getProxyUGI(); Assert.assertNotNull(proxyUgi);//from w w w. ja v a 2 s .c om Assert.assertEquals(proxyUgi.getUserName(), FalconTestUtil.TEST_USER_1); Assert.assertEquals(CurrentUser.getAuthenticatedUser(), FalconTestUtil.TEST_USER_1); Assert.assertEquals(CurrentUser.getUser(), FalconTestUtil.TEST_USER_1); }
From source file:org.apache.falcon.security.CurrentUserTest.java
License:Apache License
@Test public void testSuperUser() throws Exception { CurrentUser.authenticate(EntityBuilderTestUtil.USER); CurrentUser.proxy("proxy", "users"); UserGroupInformation proxyUgi = CurrentUser.getProxyUGI(); Assert.assertNotNull(proxyUgi);/*from www . j a va 2s . c o m*/ Assert.assertEquals(proxyUgi.getUserName(), "proxy"); Assert.assertEquals(CurrentUser.getAuthenticatedUser(), EntityBuilderTestUtil.USER); Assert.assertEquals(CurrentUser.getUser(), "proxy"); }
From source file:org.apache.falcon.security.CurrentUserTest.java
License:Apache License
@Test public void testProxyDoAsUser() throws Exception { CurrentUser.authenticate("foo"); CurrentUser.proxyDoAsUser(EntityBuilderTestUtil.USER, "localhost"); UserGroupInformation proxyUgi = CurrentUser.getProxyUGI(); Assert.assertNotNull(proxyUgi);//w ww .ja v a2 s . com Assert.assertEquals(proxyUgi.getUserName(), EntityBuilderTestUtil.USER); Assert.assertEquals(CurrentUser.getAuthenticatedUser(), "foo"); Assert.assertEquals(CurrentUser.getUser(), EntityBuilderTestUtil.USER); }
From source file:org.apache.falcon.security.CurrentUserTest.java
License:Apache License
@Test public void testProxyDoAsSameUser() throws Exception { CurrentUser.authenticate("foo"); CurrentUser.proxyDoAsUser("foo", "localhost"); UserGroupInformation proxyUgi = CurrentUser.getProxyUGI(); Assert.assertNotNull(proxyUgi);/*from w w w . j a v a 2s . c o m*/ Assert.assertEquals(proxyUgi.getUserName(), "foo"); Assert.assertEquals(CurrentUser.getAuthenticatedUser(), "foo"); Assert.assertEquals(CurrentUser.getUser(), "foo"); }
From source file:org.apache.falcon.security.SecurityUtilTest.java
License:Apache License
@Test public void testGetProxyUser() throws Exception { UserGroupInformation proxyUgi = SecurityUtil.getProxyUser("proxy"); Assert.assertNotNull(proxyUgi);// www. j a v a 2s. com Assert.assertEquals(proxyUgi.getUserName(), "proxy"); }
From source file:org.apache.flink.runtime.clusterframework.overlays.HadoopUserOverlayTest.java
License:Apache License
@Test public void testConfigure() throws Exception { final UserGroupInformation ugi = UserGroupInformation.createRemoteUser("test"); HadoopUserOverlay overlay = new HadoopUserOverlay(ugi); ContainerSpecification spec = new ContainerSpecification(); overlay.configure(spec);// w w w.j av a2 s . c o m assertEquals(ugi.getUserName(), spec.getEnvironmentVariables().get("HADOOP_USER_NAME")); }
From source file:org.apache.flume.auth.KerberosAuthenticator.java
License:Apache License
/** * When valid principal and keytab are provided and if authentication has * not yet been done for this object, this method authenticates the * credentials and populates the ugi. In case of null or invalid credentials * IllegalArgumentException is thrown. In case of failure to authenticate, * SecurityException is thrown. If authentication has already happened on * this KerberosAuthenticator object, then this method checks to see if the current * credentials passed are same as the validated credentials. If not, it throws * an exception as this authenticator can represent only one Principal. * * @param principal/* w w w. j av a2 s.co m*/ * @param keytab */ public synchronized void authenticate(String principal, String keytab) { // sanity checking Preconditions.checkArgument(principal != null && !principal.isEmpty(), "Invalid Kerberos principal: " + String.valueOf(principal)); Preconditions.checkArgument(keytab != null && !keytab.isEmpty(), "Invalid Kerberos keytab: " + String.valueOf(keytab)); File keytabFile = new File(keytab); Preconditions.checkArgument(keytabFile.isFile() && keytabFile.canRead(), "Keytab is not a readable file: " + String.valueOf(keytab)); // resolve the requested principal String resolvedPrincipal; try { // resolves _HOST pattern using standard Hadoop search/replace // via DNS lookup when 2nd argument is empty resolvedPrincipal = SecurityUtil.getServerPrincipal(principal, ""); } catch (IOException e) { throw new IllegalArgumentException( "Host lookup error resolving kerberos principal (" + principal + "). Exception follows.", e); } Preconditions.checkNotNull(resolvedPrincipal, "Resolved Principal must not be null"); // be cruel and unusual when user tries to login as multiple principals // this isn't really valid with a reconfigure but this should be rare // enough to warrant a restart of the agent JVM // TODO: find a way to interrogate the entire current config state, // since we don't have to be unnecessarily protective if they switch all // HDFS sinks to use a different principal all at once. KerberosUser newUser = new KerberosUser(resolvedPrincipal, keytab); Preconditions.checkState(prevUser == null || prevUser.equals(newUser), "Cannot use multiple kerberos principals in the same agent. " + " Must restart agent to use new principal or keytab. " + "Previous = %s, New = %s", prevUser, newUser); // enable the kerberos mode of UGI, before doing anything else if (!UserGroupInformation.isSecurityEnabled()) { Configuration conf = new Configuration(false); conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); } // We are interested in currently logged in user with kerberos creds UserGroupInformation curUser = null; try { curUser = UserGroupInformation.getLoginUser(); if (curUser != null && !curUser.hasKerberosCredentials()) { curUser = null; } } catch (IOException e) { LOG.warn("User unexpectedly had no active login. Continuing with " + "authentication", e); } /* * if ugi is not null, * if ugi matches currently logged in kerberos user, we are good * else we are logged out, so relogin our ugi * else if ugi is null, login and populate state */ try { if (ugi != null) { if (curUser != null && curUser.getUserName().equals(ugi.getUserName())) { LOG.debug("Using existing principal login: {}", ugi); } else { LOG.info("Attempting kerberos Re-login as principal ({}) ", new Object[] { ugi.getUserName() }); ugi.reloginFromKeytab(); } } else { LOG.info("Attempting kerberos login as principal ({}) from keytab " + "file ({})", new Object[] { resolvedPrincipal, keytab }); UserGroupInformation.loginUserFromKeytab(resolvedPrincipal, keytab); this.ugi = UserGroupInformation.getLoginUser(); this.prevUser = new KerberosUser(resolvedPrincipal, keytab); this.privilegedExecutor = new UGIExecutor(this.ugi); } } catch (IOException e) { throw new SecurityException( "Authentication error while attempting to " + "login as kerberos principal (" + resolvedPrincipal + ") using " + "keytab (" + keytab + "). Exception follows.", e); } printUGI(this.ugi); }
From source file:org.apache.flume.auth.KerberosAuthenticator.java
License:Apache License
private void printUGI(UserGroupInformation ugi) { if (ugi != null) { // dump login information AuthenticationMethod authMethod = ugi.getAuthenticationMethod(); LOG.info("\n{} \nUser: {} \nAuth method: {} \nKeytab: {} \n", new Object[] { authMethod.equals(AuthenticationMethod.PROXY) ? "Proxy as: " : "Logged as: ", ugi.getUserName(), authMethod, ugi.isFromKeytab() }); }/*from w ww . java2s . c o m*/ }
From source file:org.apache.flume.auth.UGIExecutor.java
License:Apache License
private void reloginUGI(UserGroupInformation ugi) { try {//from w w w. jav a 2s . co m if (ugi.hasKerberosCredentials()) { long now = System.currentTimeMillis(); if (now - lastReloginAttempt < MIN_TIME_BEFORE_RELOGIN) { return; } lastReloginAttempt = now; ugi.checkTGTAndReloginFromKeytab(); } } catch (IOException e) { throw new SecurityException("Error trying to relogin from keytab for user " + ugi.getUserName(), e); } }