InterfaceAudience.Private
in 4.0.0.@Deprecated @InterfaceAudience.Public public final class AuthUtil extends Object
{ @code ChoreService choreService = null; // Presumes HBase configuration files are on the classpath final Configuration conf = HBaseConfiguration.create(); final ScheduledChore authChore = AuthUtil.getAuthChore(conf); if (authChore != null) { choreService = new ChoreService("MY_APPLICATION"); choreService.scheduleChore(authChore); } try { // do application work } finally { if (choreService != null) { choreService.shutdown(); } } }See the "Running Canary in a Kerberos-enabled Cluster" section of the HBase Reference Guide for an example of configuring a user of this Auth Chore to run on a secure cluster.
This class will be internal used only from 2.2.0 version, and will transparently work for kerberized applications. For more, please refer Client-side Configuration for Secure Operation
Modifier and Type | Field and Description |
---|---|
private static String |
GROUP_PREFIX
Deprecated.
Prefix character to denote group names
|
static boolean |
HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_DEFAULT
Deprecated.
|
static String |
HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_KEY
Deprecated.
Configuration to automatically try to renew keytab-based logins
|
static String |
HBASE_CLIENT_KERBEROS_PRINCIPAL
Deprecated.
Client principal
|
static String |
HBASE_CLIENT_KEYTAB_FILE
Deprecated.
Client keytab file
|
private static org.slf4j.Logger |
LOG
Deprecated.
|
Modifier | Constructor and Description |
---|---|
private |
AuthUtil()
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
private static boolean |
checkPrincipalMatch(org.apache.hadoop.conf.Configuration conf,
String loginUserName)
Deprecated.
|
private static Stoppable |
createDummyStoppable()
Deprecated.
|
static ScheduledChore |
getAuthChore(org.apache.hadoop.conf.Configuration conf)
Deprecated.
Deprecated since 2.2.0, this method will be
InterfaceAudience.Private use only after 4.0.0. |
static ScheduledChore |
getAuthRenewalChore(org.apache.hadoop.security.UserGroupInformation user,
org.apache.hadoop.conf.Configuration conf)
Deprecated.
Checks if security is enabled and if so, launches chore for refreshing kerberos ticket.
|
static String |
getGroupName(String aclKey)
Deprecated.
Returns the actual name for a group principal (stripped of the group prefix).
|
(package private) static boolean |
isAuthRenewalChoreEnabled(org.apache.hadoop.conf.Configuration conf)
Deprecated.
Returns true if the chore to automatically renew Kerberos tickets (from keytabs) should be
started.
|
static boolean |
isGroupPrincipal(String name)
Deprecated.
Returns whether or not the given name should be interpreted as a group principal.
|
static User |
loginClient(org.apache.hadoop.conf.Configuration conf)
Deprecated.
For kerberized cluster, return login user (from kinit or from keytab if specified).
|
private static User |
loginClientAsService(org.apache.hadoop.conf.Configuration conf)
Deprecated.
For kerberized cluster, return login user (from kinit or from keytab).
|
private static User |
loginFromKeytabAndReturnUser(UserProvider provider)
Deprecated.
|
static String |
toGroupEntry(String name)
Deprecated.
Returns the group entry with the group prefix for a group principal.
|
private static final org.slf4j.Logger LOG
private static final String GROUP_PREFIX
public static final String HBASE_CLIENT_KEYTAB_FILE
public static final String HBASE_CLIENT_KERBEROS_PRINCIPAL
public static final String HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_KEY
public static final boolean HBASE_CLIENT_AUTOMATIC_KEYTAB_RENEWAL_DEFAULT
private AuthUtil()
@InterfaceAudience.Private public static User loginClient(org.apache.hadoop.conf.Configuration conf) throws IOException
conf
- configuartion file n * @throws IOException login exceptionIOException
private static boolean checkPrincipalMatch(org.apache.hadoop.conf.Configuration conf, String loginUserName)
private static User loginFromKeytabAndReturnUser(UserProvider provider) throws IOException
IOException
private static User loginClientAsService(org.apache.hadoop.conf.Configuration conf) throws IOException
NOT recommend to use to method unless you're sure what you're doing, it is for canary only. Please use User#loginClient.
conf
- configuration file n * @throws IOException login exceptionIOException
@InterfaceAudience.Private public static ScheduledChore getAuthRenewalChore(org.apache.hadoop.security.UserGroupInformation user, org.apache.hadoop.conf.Configuration conf)
@Deprecated public static ScheduledChore getAuthChore(org.apache.hadoop.conf.Configuration conf) throws IOException
InterfaceAudience.Private
use only after 4.0.0.conf
- the hbase service configurationIOException
private static Stoppable createDummyStoppable()
@InterfaceAudience.Private public static boolean isGroupPrincipal(String name)
@InterfaceAudience.Private public static String getGroupName(String aclKey)
@InterfaceAudience.Private public static String toGroupEntry(String name)
static boolean isAuthRenewalChoreEnabled(org.apache.hadoop.conf.Configuration conf)
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.