com.streamsets.datacollector.security.MapRLoginUgiProvider.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.streamsets.datacollector.security.MapRLoginUgiProvider.java

Introduction

Here is the source code for com.streamsets.datacollector.security.MapRLoginUgiProvider.java

Source

/*
 * Copyright 2017 StreamSets Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.streamsets.datacollector.security;

import com.streamsets.datacollector.stage.HadoopConfigurationUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.security.auth.Subject;
import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;

public class MapRLoginUgiProvider extends LoginUgiProvider {

    private static final Logger LOG = LoggerFactory.getLogger(MapRLoginUgiProvider.class);
    public static final String MAPR_USERNAME_PASSWORD_SECURITY_ENABLED_KEY = "maprlogin.password.enabled";
    public static final String MAPR_USERNAME_PASSWORD_SECURITY_ENABLED_DEFAULT = "false";

    @Override
    public UserGroupInformation getLoginUgi(Configuration hdfsConfiguration) throws IOException {
        // check system property to see if MapR U/P security is enabled
        String maprLoginEnabled = System.getProperty(MAPR_USERNAME_PASSWORD_SECURITY_ENABLED_KEY,
                MAPR_USERNAME_PASSWORD_SECURITY_ENABLED_DEFAULT);
        boolean isMapRLogin = Boolean.parseBoolean(maprLoginEnabled);
        AccessControlContext accessControlContext = AccessController.getContext();
        Subject subject = Subject.getSubject(accessControlContext);
        //HADOOP-13805
        HadoopConfigurationUtils.configureHadoopTreatSubjectExternal(hdfsConfiguration);
        // SDC-4015 As privateclassloader is false for MapR, UGI is shared and it also needs to be under jvm lock
        UserGroupInformation.setConfiguration(hdfsConfiguration);
        UserGroupInformation loginUgi;

        if (UserGroupInformation.isSecurityEnabled() && !isMapRLogin) {
            // The code in this block must only be executed in case Kerberos is enabled.
            // MapR implementation of UserGroupInformation.isSecurityEnabled() returns true even if Kerberos is not enabled.
            // System property helps to avoid this code path in such a case
            loginUgi = UserGroupInformation.getUGIFromSubject(subject);
        } else {
            UserGroupInformation.loginUserFromSubject(subject);
            loginUgi = UserGroupInformation.getLoginUser();
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Subject = {}, Principals = {}, Login UGI = {}", subject,
                    subject == null ? "null" : subject.getPrincipals(), loginUgi);
        }
        return loginUgi;

    }
}