org.apache.hadoop.hbase.security

Class User.SecureHadoopUser

java.lang.Object

org.apache.hadoop.hbase.security.User

org.apache.hadoop.hbase.security.User.SecureHadoopUser

Enclosing class:

User

@InterfaceAudience.Private
public static final class User.SecureHadoopUser
extends User

Bridges User invocations to underlying calls to UserGroupInformation for secure Hadoop 0.20 and versions 0.21 and above.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.hbase.security.User

User.SecureHadoopUser, User.TestingGroups

Field Summary

Fields

Modifier and Type	Field and Description
private org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]>	cache
private String	shortName

Fields inherited from class org.apache.hadoop.hbase.security.User

HBASE_SECURITY_AUTHORIZATION_CONF_KEY, HBASE_SECURITY_CONF_KEY, ugi

Constructor Summary

Constructors

Constructor and Description
SecureHadoopUser()
SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi)
SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi, org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]> cache)

Method Summary

Modifier and Type	Method and Description
static User	createUserForTesting(org.apache.hadoop.conf.Configuration conf, String name, String[] groups)
String[]	getGroupNames() Returns the list of groups of which this user is a member.
String	getShortName() Returns the shortened version of the user name -- the portion that maps to an operating system user name.
static boolean	isSecurityEnabled() Returns the result of UserGroupInformation.isSecurityEnabled().
static void	login(org.apache.hadoop.conf.Configuration conf, String fileConfKey, String principalConfKey, String localhost) Obtain credentials for the current process using the configured Kerberos keytab file and principal.
static void	login(String keytabLocation, String principalName) Login through configured keytab and pricipal.
<T> T	runAs(PrivilegedAction<T> action) Executes the given action within the context of this user.
<T> T	runAs(PrivilegedExceptionAction<T> action) Executes the given action within the context of this user.

Methods inherited from class org.apache.hadoop.hbase.security.User

addToken, create, equals, getCurrent, getName, getToken, getTokens, getUGI, hashCode, isHBaseSecurityEnabled, isLoginFromKeytab, runAsLoginUser, shouldLoginFromKeytab, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

shortName

private String shortName

cache

private org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]> cache

Constructor Detail

SecureHadoopUser

public SecureHadoopUser()
                 throws IOException

Throws:

IOException

SecureHadoopUser

public SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi)

SecureHadoopUser

public SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi,
                        org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]> cache)

Method Detail

getShortName

public String getShortName()

Description copied from class: User

Returns the shortened version of the user name -- the portion that maps to an operating system user name.

Specified by:

getShortName in class User

Returns:

Short name

getGroupNames

public String[] getGroupNames()

Description copied from class: User

Returns the list of groups of which this user is a member. On secure Hadoop this returns the group information for the user as resolved on the server. For 0.20 based Hadoop, the group names are passed from the client.

Overrides:

getGroupNames in class User

runAs

public <T> T runAs(PrivilegedAction<T> action)

Description copied from class: User

Executes the given action within the context of this user.

Specified by:

runAs in class User

runAs

public <T> T runAs(PrivilegedExceptionAction<T> action)
            throws IOException,
                   InterruptedException

Description copied from class: User

Executes the given action within the context of this user.

Specified by:

runAs in class User

Throws:

IOException

InterruptedException

createUserForTesting

public static User createUserForTesting(org.apache.hadoop.conf.Configuration conf,
                                        String name,
                                        String[] groups)

See Also:

User.createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[])

login

public static void login(org.apache.hadoop.conf.Configuration conf,
                         String fileConfKey,
                         String principalConfKey,
                         String localhost)
                  throws IOException

Obtain credentials for the current process using the configured Kerberos keytab file and principal.

Parameters:

conf - the Configuration to use

fileConfKey - Configuration property key used to store the path to the keytab file

principalConfKey - Configuration property key used to store the principal name to login as

localhost - the local hostname

Throws:

IOException

See Also:

User.login(org.apache.hadoop.conf.Configuration, String, String, String)

login

public static void login(String keytabLocation,
                         String principalName)
                  throws IOException

Login through configured keytab and pricipal.

Parameters:

keytabLocation - location of keytab

principalName - principal in keytab

Throws:

IOException - exception from UserGroupInformation.loginUserFromKeytab

isSecurityEnabled

public static boolean isSecurityEnabled()

Returns the result of UserGroupInformation.isSecurityEnabled().