@InterfaceAudience.Public public abstract class User extends Object
This class provides a common interface for interacting with user and group information across
changing APIs in different versions of Hadoop. It only provides access to the common set of
functionality in UserGroupInformation
currently needed by
HBase, but can be extended as needs change.
Modifier and Type | Class and Description |
---|---|
static class |
User.SecureHadoopUser
Bridges
User invocations to underlying calls to
UserGroupInformation for secure Hadoop 0.20 and versions
0.21 and above. |
static class |
User.TestingGroups |
Modifier and Type | Field and Description |
---|---|
static String |
HBASE_SECURITY_AUTHORIZATION_CONF_KEY |
static String |
HBASE_SECURITY_CONF_KEY |
protected org.apache.hadoop.security.UserGroupInformation |
ugi |
Constructor and Description |
---|
User() |
Modifier and Type | Method and Description |
---|---|
void |
addToken(org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token)
Adds the given Token to the user's credentials.
|
static User |
create(org.apache.hadoop.security.UserGroupInformation ugi)
Wraps an underlying
UserGroupInformation instance. |
static User |
createUserForTesting(org.apache.hadoop.conf.Configuration conf,
String name,
String[] groups)
Generates a new
User instance specifically for use in test code. |
boolean |
equals(Object o) |
static User |
getCurrent()
Returns the
User instance within current execution context. |
String[] |
getGroupNames()
Returns the list of groups of which this user is a member.
|
String |
getName()
Returns the full user name.
|
abstract String |
getShortName()
Returns the shortened version of the user name -- the portion that maps to an operating system
user name.
|
org.apache.hadoop.security.token.Token<?> |
getToken(String kind,
String service)
Returns the Token of the specified kind associated with this user, or null if the Token is not
present.
|
Collection<org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier>> |
getTokens()
Returns all the tokens stored in the user's credentials.
|
org.apache.hadoop.security.UserGroupInformation |
getUGI() |
int |
hashCode() |
static boolean |
isHBaseSecurityEnabled(org.apache.hadoop.conf.Configuration conf)
Returns whether or not secure authentication is enabled for HBase.
|
boolean |
isLoginFromKeytab()
Returns true if user credentials are obtained from keytab.
|
static boolean |
isSecurityEnabled()
Returns whether or not Kerberos authentication is configured for Hadoop.
|
static void |
login(org.apache.hadoop.conf.Configuration conf,
String fileConfKey,
String principalConfKey,
String localhost)
Log in the current process using the given configuration keys for the credential file and login
principal.
|
static void |
login(String keytabLocation,
String pricipalName)
Login with the given keytab and principal.
|
abstract <T> T |
runAs(PrivilegedAction<T> action)
Executes the given action within the context of this user.
|
abstract <T> T |
runAs(PrivilegedExceptionAction<T> action)
Executes the given action within the context of this user.
|
static <T> T |
runAsLoginUser(PrivilegedExceptionAction<T> action)
Executes the given action as the login user
|
static boolean |
shouldLoginFromKeytab(org.apache.hadoop.conf.Configuration conf)
In secure environment, if a user specified his keytab and principal, a hbase client will try to
login with them.
|
String |
toString() |
public static final String HBASE_SECURITY_CONF_KEY
public static final String HBASE_SECURITY_AUTHORIZATION_CONF_KEY
protected org.apache.hadoop.security.UserGroupInformation ugi
public User()
public org.apache.hadoop.security.UserGroupInformation getUGI()
public String getName()
public String[] getGroupNames()
public abstract String getShortName()
public abstract <T> T runAs(PrivilegedAction<T> action)
public abstract <T> T runAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
IOException
InterruptedException
public org.apache.hadoop.security.token.Token<?> getToken(String kind, String service) throws IOException
kind
- the kind of tokenservice
- service on which the token is supposed to be usedIOException
public Collection<org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier>> getTokens()
public void addToken(org.apache.hadoop.security.token.Token<? extends org.apache.hadoop.security.token.TokenIdentifier> token)
token
- the token to addpublic boolean isLoginFromKeytab()
public static User getCurrent() throws IOException
User
instance within current execution context.IOException
public static <T> T runAsLoginUser(PrivilegedExceptionAction<T> action) throws IOException
IOException
public static User create(org.apache.hadoop.security.UserGroupInformation ugi)
UserGroupInformation
instance.ugi
- The base Hadoop user npublic static User createUserForTesting(org.apache.hadoop.conf.Configuration conf, String name, String[] groups)
User
instance specifically for use in test code.name
- the full usernamegroups
- the group names to which the test user will belongUser
instancepublic static void login(org.apache.hadoop.conf.Configuration conf, String fileConfKey, String principalConfKey, String localhost) throws IOException
This is only applicable when running on secure Hadoop -- see org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular Hadoop (without security features), this will safely be ignored.
conf
- The configuration data to usefileConfKey
- Property key used to configure path to the credential fileprincipalConfKey
- Property key used to configure login principallocalhost
- Current hostname to use in any credentialsIOException
- underlying exception from SecurityUtil.login() callpublic static void login(String keytabLocation, String pricipalName) throws IOException
keytabLocation
- path of keytabpricipalName
- login principalIOException
- underlying exception from UserGroupInformation.loginUserFromKeytabpublic static boolean isSecurityEnabled()
false
. For secure Hadoop, it will return the value from
UserGroupInformation.isSecurityEnabled()
.public static boolean isHBaseSecurityEnabled(org.apache.hadoop.conf.Configuration conf)
public static boolean shouldLoginFromKeytab(org.apache.hadoop.conf.Configuration conf)
conf
- configuration fileCopyright © 2007–2020 The Apache Software Foundation. All rights reserved.