UserProvider (Apache HBase 2.5.0 API)

java.lang.Object
- org.apache.hadoop.hbase.BaseConfigurable
- - org.apache.hadoop.hbase.security.UserProvider

All Implemented Interfaces:

org.apache.hadoop.conf.Configurable
```
@InterfaceAudience.Private
public class UserProvider
extends BaseConfigurable
```
Provide an instance of a user. Allows custom User creation.

Field Summary

Fields
Modifier and Type	Field and Description
`private static org.apache.hbase.thirdparty.com.google.common.util.concurrent.ListeningExecutorService`	`executor`
`private org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]>`	`groupCache`
`(package private) static org.apache.hadoop.security.Groups`	`groups`
`private static String`	`USER_PROVIDER_CONF_KEY`

Constructor Summary

Constructors
Constructor and Description

UserProvider()

Constructors
Constructor and Description
`UserProvider()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`User`	`create(org.apache.hadoop.security.UserGroupInformation ugi)` Wraps an underlying `UserGroupInformation` instance.
`User`	`getCurrent()` Return the current user within the current execution context
`String`	`getCurrentUserName()` Returns the userName for the current logged-in user.
`static org.apache.hadoop.security.Groups`	`getGroups()`
`static UserProvider`	`instantiate(org.apache.hadoop.conf.Configuration conf)` Instantiate the `UserProvider` specified in the configuration and set the passed configuration via `setConf(Configuration)`
`boolean`	`isHadoopSecurityEnabled()` Return whether or not Kerberos authentication is configured for Hadoop.
`boolean`	`isHBaseSecurityEnabled()` Returns `true` if security is enabled, `false` otherwise
`void`	`login(String fileConfKey, String principalConfKey)` Login with given keytab and principal.
`void`	`login(String fileConfKey, String principalConfKey, String localhost)` Log in the current process using the given configuration keys for the credential file and login principal.
`void`	`setConf(org.apache.hadoop.conf.Configuration conf)`
`static void`	`setGroups(org.apache.hadoop.security.Groups groups)`
`static void`	`setUserProviderForTesting(org.apache.hadoop.conf.Configuration conf, Class<? extends UserProvider> provider)` Set the `UserProvider` in the given configuration that should be instantiated
`boolean`	`shouldLoginFromKeytab()` In secure environment, if a user specified his keytab and principal, a hbase client will try to login with them.

Methods inherited from class org.apache.hadoop.hbase.BaseConfigurable
getConf

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - USER_PROVIDER_CONF_KEY
```
private static final String USER_PROVIDER_CONF_KEY
```
    See Also:
    
    Constant Field Values
  - executor
```
private static final org.apache.hbase.thirdparty.com.google.common.util.concurrent.ListeningExecutorService executor
```
  - groupCache
```
private org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]> groupCache
```
  - groups
```
static org.apache.hadoop.security.Groups groups
```
- Constructor Detail
  - UserProvider
```
public UserProvider()
```
- Method Detail
  - getGroups
```
public static org.apache.hadoop.security.Groups getGroups()
```
  - setGroups
```
public static void setGroups(org.apache.hadoop.security.Groups groups)
```
  - setConf
```
public void setConf(org.apache.hadoop.conf.Configuration conf)
```
    Specified by:
    
    setConf in interface org.apache.hadoop.conf.Configurable
    
    Overrides:
    
    setConf in class BaseConfigurable
  - instantiate
```
public static UserProvider instantiate(org.apache.hadoop.conf.Configuration conf)
```
    Instantiate the UserProvider specified in the configuration and set the passed configuration via setConf(Configuration)
    
    Parameters:
    
    conf - to read and set on the created UserProvider
    
    Returns:
    
    a UserProvider ready for use.
  - setUserProviderForTesting
```
public static void setUserProviderForTesting(org.apache.hadoop.conf.Configuration conf,
                                             Class<? extends UserProvider> provider)
```
    Set the UserProvider in the given configuration that should be instantiated
    
    Parameters:
    
    conf - to update
    
    provider - class of the provider to set
  - getCurrentUserName
```
public String getCurrentUserName()
                          throws IOException
```
    Returns the userName for the current logged-in user.
    
    Throws:
    
    IOException - if the underlying user cannot be obtained
  - isHBaseSecurityEnabled
```
public boolean isHBaseSecurityEnabled()
```
    Returns true if security is enabled, false otherwise
  - isHadoopSecurityEnabled
```
public boolean isHadoopSecurityEnabled()
```
    Return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, this always returns false. For secure Hadoop, it will return the value from UserGroupInformation.isSecurityEnabled().
  - shouldLoginFromKeytab
```
public boolean shouldLoginFromKeytab()
```
    In secure environment, if a user specified his keytab and principal, a hbase client will try to login with them. Otherwise, hbase client will try to obtain ticket(through kinit) from system.
  - getCurrent
```
public User getCurrent()
                throws IOException
```
    Return the current user within the current execution context
    
    Throws:
    
    IOException - if the user cannot be loaded
  - create
```
public User create(org.apache.hadoop.security.UserGroupInformation ugi)
```
    Wraps an underlying UserGroupInformation instance.
    
    Parameters:
    
    ugi - The base Hadoop user n
  - login
```
public void login(String fileConfKey,
                  String principalConfKey,
                  String localhost)
           throws IOException
```
    Log in the current process using the given configuration keys for the credential file and login principal. It is for SPN(Service Principal Name) login. SPN should be this format, servicename/fully.qualified.domain.name@REALM.
    This is only applicable when running on secure Hadoop -- see org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular Hadoop (without security features), this will safely be ignored.
    
    Parameters:
    
    fileConfKey - Property key used to configure path to the credential file
    
    principalConfKey - Property key used to configure login principal
    
    localhost - Current hostname to use in any credentials
    
    Throws:
    
    IOException - underlying exception from SecurityUtil.login() call
  - login
```
public void login(String fileConfKey,
                  String principalConfKey)
           throws IOException
```
    Login with given keytab and principal. This can be used for both SPN(Service Principal Name) and UPN(User Principal Name) which format should be clientname@REALM.
    
    Parameters:
    
    fileConfKey - config name for client keytab
    
    principalConfKey - config name for client principal
    
    Throws:
    
    IOException - underlying exception from UserGroupInformation.loginUserFromKeytab

Class UserProvider

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.hbase.BaseConfigurable

Methods inherited from class java.lang.Object

Field Detail

USER_PROVIDER_CONF_KEY

executor

groupCache

groups

Constructor Detail

UserProvider

Method Detail

getGroups

setGroups

setConf

instantiate

setUserProviderForTesting

getCurrentUserName

isHBaseSecurityEnabled

isHadoopSecurityEnabled

shouldLoginFromKeytab

getCurrent

create

login

login