List of usage examples for org.apache.hadoop.security UserGroupInformation setConfiguration
@InterfaceAudience.Public @InterfaceStability.Evolving public static void setConfiguration(Configuration conf)
From source file:com.github.sakserv.minicluster.impl.KdcLocalClusterHBaseIntegrationTest.java
License:Apache License
@Test public void testHBase() throws Exception { UserGroupInformation.loginUserFromKeytab(kdcLocalCluster.getKrbPrincipalWithRealm("hbase"), kdcLocalCluster.getKeytabForPrincipal("hbase")); assertTrue(UserGroupInformation.isSecurityEnabled()); assertTrue(UserGroupInformation.isLoginKeytabBased()); Configuration configuration = hbaseLocalCluster.getHbaseConfiguration(); configuration.set("hbase.client.retries.number", "1"); configuration.set("hbase.client.pause", "1000"); configuration.set("zookeeper.recovery.retry", "1"); // Write data try (Connection connection = ConnectionFactory.createConnection(configuration)) { Admin admin = connection.getAdmin(); TableName tableName = TableName.valueOf("test-kdc"); if (admin.tableExists(tableName)) { admin.disableTable(tableName); admin.deleteTable(tableName); }//from ww w.j a va 2s . c o m admin.createTable(new HTableDescriptor(tableName).addFamily(new HColumnDescriptor("cf"))); try (BufferedMutator mutator = connection.getBufferedMutator(tableName)) { mutator.mutate(new Put(Bytes.toBytes("key")).addColumn(Bytes.toBytes("cf"), Bytes.toBytes("col1"), Bytes.toBytes("azerty"))); } } // Log out LOG.info("Logout..."); UserGroupInformation.getLoginUser().logoutUserFromKeytab(); UserGroupInformation.reset(); try { Configuration unauthenticatedConfiguration = HBaseConfiguration.create(); hbaseLocalCluster.configure(unauthenticatedConfiguration); unauthenticatedConfiguration.set("hbase.client.retries.number", "1"); unauthenticatedConfiguration.set("hbase.client.pause", "1000"); unauthenticatedConfiguration.set("zookeeper.recovery.retry", "1"); UserGroupInformation.setConfiguration(unauthenticatedConfiguration); try (Connection connection = ConnectionFactory.createConnection(unauthenticatedConfiguration)) { Admin admin = connection.getAdmin(); TableName tableName = TableName.valueOf("test-kdc2"); if (admin.tableExists(tableName)) { admin.disableTable(tableName); admin.deleteTable(tableName); } try (BufferedMutator mutator = connection.getBufferedMutator(tableName)) { mutator.mutate(new Put(Bytes.toBytes("key")).addColumn(Bytes.toBytes("cf"), Bytes.toBytes("col1"), Bytes.toBytes("azerty"))); } } fail(); } catch (RetriesExhaustedException e) { LOG.info("Alright, this is expected!", e); assertTrue(e.getCause() instanceof IOException); System.out.println("Not authenticated!"); } }
From source file:com.github.sakserv.minicluster.impl.KdcLocalClusterHdfsIntegrationTest.java
License:Apache License
@Test public void testHdfs() throws Exception { FileSystem hdfsFsHandle = hdfsLocalCluster.getHdfsFileSystemHandle(); UserGroupInformation.loginUserFromKeytab(kdcLocalCluster.getKrbPrincipalWithRealm("hdfs"), kdcLocalCluster.getKeytabForPrincipal("hdfs")); assertTrue(UserGroupInformation.isSecurityEnabled()); assertTrue(UserGroupInformation.isLoginKeytabBased()); // Write a file to HDFS containing the test string FSDataOutputStream writer = hdfsFsHandle .create(new Path(propertyParser.getProperty(ConfigVars.HDFS_TEST_FILE_KEY))); writer.writeUTF(propertyParser.getProperty(ConfigVars.HDFS_TEST_STRING_KEY)); writer.close();//w ww . ja v a 2s .co m // Read the file and compare to test string FSDataInputStream reader = hdfsFsHandle .open(new Path(propertyParser.getProperty(ConfigVars.HDFS_TEST_FILE_KEY))); assertEquals(reader.readUTF(), propertyParser.getProperty(ConfigVars.HDFS_TEST_STRING_KEY)); reader.close(); // Log out UserGroupInformation.getLoginUser().logoutUserFromKeytab(); UserGroupInformation.reset(); try { Configuration conf = new Configuration(); UserGroupInformation.setConfiguration(conf); FileSystem.get(hdfsFsHandle.getUri(), conf) .open(new Path(propertyParser.getProperty(ConfigVars.HDFS_TEST_FILE_KEY))); fail(); } catch (AccessControlException e) { LOG.info("Not authenticated!"); } }
From source file:com.hortonworks.streamline.streams.cluster.service.metadata.HBaseMetadataService.java
License:Apache License
/** * Creates secure {@link HBaseMetadataService} which delegates to {@link Admin} * instantiated with with the {@link Configuration} provided using the first parameter *//*from w w w . j a v a 2 s. c o m*/ public static HBaseMetadataService newInstance(Configuration hbaseConfig, SecurityContext securityContext, Subject subject, Component hbaseMaster, Collection<ComponentProcess> hbaseMasterProcesses) throws IOException, EntityNotFoundException { if (SecurityUtil.isKerberosAuthenticated(securityContext)) { UserGroupInformation.setConfiguration(hbaseConfig); // Sets Kerberos rules final UserGroupInformation ugiFromSubject = UserGroupInformation.getUGIFromSubject(subject); // Adds User principal to the subject final UserGroupInformation proxyUserForImpersonation = UserGroupInformation .createProxyUser(securityContext.getUserPrincipal().getName(), ugiFromSubject); final User user = User.create(proxyUserForImpersonation); return new HBaseMetadataService(ConnectionFactory.createConnection(hbaseConfig, user).getAdmin(), securityContext, subject, user, hbaseMaster, hbaseMasterProcesses); } else { return newInstance(hbaseConfig); } }
From source file:com.hortonworks.streamline.streams.cluster.service.metadata.HiveMetadataService.java
License:Apache License
/** * Creates secure {@link HiveMetadataService}, which delegates to {@link HiveMetaStoreClient} * instantiated with the {@link HiveConf} provided using the first parameter *//*w w w. j a va2 s . c o m*/ public static HiveMetadataService newInstance(HiveConf hiveConf, SecurityContext securityContext, Subject subject, Component hiveMetastore, Collection<ComponentProcess> hiveMetastoreProcesses) throws MetaException, IOException, EntityNotFoundException, PrivilegedActionException { if (SecurityUtil.isKerberosAuthenticated(securityContext)) { UserGroupInformation.setConfiguration(hiveConf); // Sets Kerberos rules UserGroupInformation.getUGIFromSubject(subject); // Adds User principal to this subject return new HiveMetadataService( SecurityUtil.execute(() -> new HiveMetaStoreClient(hiveConf), securityContext, subject), hiveConf, securityContext, subject, hiveMetastore, hiveMetastoreProcesses); } else { return new HiveMetadataService(new HiveMetaStoreClient(hiveConf), hiveConf, securityContext, subject, hiveMetastore, hiveMetastoreProcesses); } }
From source file:com.kakao.hbase.common.HBaseClient.java
License:Apache License
private static synchronized void login(Args args, Configuration conf) throws Exception { if (args.has(Args.OPTION_DEBUG)) { System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("sun.security.spnego.debug", "true"); }// ww w . j a v a 2s . c om System.setProperty("java.security.auth.login.config", createJaasConfigFile(args, "hbase-client.jaas")); System.setProperty("java.security.krb5.conf", kerberosConfigFile(args)); Config krbConfig = Config.getInstance(); final String realm; if (args.has(Args.OPTION_REALM)) { realm = (String) args.valueOf(Args.OPTION_REALM); System.setProperty("java.security.krb5.realm", realm); System.setProperty("java.security.krb5.kdc", krbConfig.getKDCList(realm)); Config.refresh(); } else { realm = krbConfig.getDefaultRealm(); } updateConf(conf, realm); if (args.has(Args.OPTION_KEY_TAB)) { UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(principal(args), (String) args.valueOf(Args.OPTION_KEY_TAB)); } else if (args.has(Args.OPTION_KEY_TAB_SHORT)) { UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(principal(args), (String) args.valueOf(Args.OPTION_KEY_TAB_SHORT)); } else { loginWithPassword(args, conf); } UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); System.out.println(currentUser + "\n"); }
From source file:com.kakao.hbase.specific.CommandAdapter.java
License:Apache License
public static void loginUserFromSubject(Configuration conf, Subject subject) throws IOException { UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromSubject(subject); }
From source file:com.kappaware.hbtools.common.Utils.java
License:Apache License
public static Configuration buildHBaseConfiguration(HBaseParameters parameters) throws ConfigurationException, IOException { Configuration config = HBaseConfiguration.create(); for (String cf : parameters.getConfigFiles()) { File f = new File(cf); if (!f.canRead()) { throw new ConfigurationException(String.format("Unable to read file '%s'", cf)); }//from w w w . j a va 2 s. c om log.debug(String.format("Will load '%s'", cf)); config.addResource(new Path(cf)); } config.set("hbase.client.retries.number", Integer.toString(parameters.getClientRetries())); //config.reloadConfiguration(); if (Utils.hasText(parameters.getDumpConfigFile())) { Utils.dumpConfiguration(config, parameters.getDumpConfigFile()); } if (Utils.hasText(parameters.getKeytab()) && Utils.hasText(parameters.getPrincipal())) { // Check if keytab file exists and is readable File f = new File(parameters.getKeytab()); if (!f.canRead()) { throw new ConfigurationException( String.format("Unable to read keytab file: '%s'", parameters.getKeytab())); } UserGroupInformation.setConfiguration(config); if (!UserGroupInformation.isSecurityEnabled()) { throw new ConfigurationException( "Security is not enabled in core-site.xml while Kerberos principal and keytab are provided."); } try { UserGroupInformation userGroupInformation = UserGroupInformation .loginUserFromKeytabAndReturnUGI(parameters.getPrincipal(), parameters.getKeytab()); UserGroupInformation.setLoginUser(userGroupInformation); } catch (Exception e) { throw new ConfigurationException( String.format("Kerberos: Unable to authenticate with principal='%s' and keytab='%s': %s.", parameters.getPrincipal(), parameters.getKeytab(), e.getMessage())); } } return config; }
From source file:com.linkedin.drelephant.security.HadoopSecurity.java
License:Apache License
public HadoopSecurity() throws IOException { Configuration conf = new Configuration(); UserGroupInformation.setConfiguration(conf); _securityEnabled = UserGroupInformation.isSecurityEnabled(); if (_securityEnabled) { logger.info("This cluster is Kerberos enabled."); boolean login = true; _keytabUser = System.getProperty("keytab.user"); if (_keytabUser == null) { logger.error("Keytab user not set. Please set keytab_user in the configuration file"); login = false;//from w w w . ja v a2 s.c om } _keytabLocation = System.getProperty("keytab.location"); if (_keytabLocation == null) { logger.error("Keytab location not set. Please set keytab_location in the configuration file"); login = false; } else if (!new File(_keytabLocation).exists()) { logger.error("The keytab file at location [" + _keytabLocation + "] does not exist."); login = false; } if (!login) { throw new IOException("Cannot login. This cluster is security enabled."); } checkLogin(); } }
From source file:com.linkedin.pinot.common.segment.fetcher.HdfsSegmentFetcher.java
License:Apache License
private void authenticate(Configuration hadoopConf, org.apache.commons.configuration.Configuration configs) { String principal = configs.getString(PRINCIPLE); String keytab = configs.getString(KEYTAB); if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(keytab)) { UserGroupInformation.setConfiguration(hadoopConf); if (UserGroupInformation.isSecurityEnabled()) { try { if (!UserGroupInformation.getCurrentUser().hasKerberosCredentials() || !UserGroupInformation.getCurrentUser().getUserName().equals(principal)) { LOGGER.info("Trying to authenticate user [%s] with keytab [%s]..", principal, keytab); UserGroupInformation.loginUserFromKeytab(principal, keytab); }/*from w ww . j a v a 2 s. c om*/ } catch (IOException e) { throw new RuntimeException(String.format( "Failed to authenticate user principal [%s] with keytab [%s]", principal, keytab), e); } } } }
From source file:com.linkedin.pinot.filesystem.HadoopPinotFS.java
License:Apache License
private void authenticate(org.apache.hadoop.conf.Configuration hadoopConf, org.apache.commons.configuration.Configuration configs) { String principal = configs.getString(PRINCIPAL); String keytab = configs.getString(KEYTAB); if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(keytab)) { UserGroupInformation.setConfiguration(hadoopConf); if (UserGroupInformation.isSecurityEnabled()) { try { if (!UserGroupInformation.getCurrentUser().hasKerberosCredentials() || !UserGroupInformation.getCurrentUser().getUserName().equals(principal)) { LOGGER.info("Trying to authenticate user [%s] with keytab [%s]..", principal, keytab); UserGroupInformation.loginUserFromKeytab(principal, keytab); }//from w w w. ja v a 2 s . c o m } catch (IOException e) { throw new RuntimeException(String.format( "Failed to authenticate user principal [%s] with keytab [%s]", principal, keytab), e); } } } }