Package org.apache.hadoop.hbase.security

Class UserProvider

java.lang.Object
org.apache.hadoop.hbase.BaseConfigurable
org.apache.hadoop.hbase.security.UserProvider
All Implemented Interfaces:
org.apache.hadoop.conf.Configurable
@Private public class UserProvider extends BaseConfigurable
Provide an instance of a user. Allows custom User creation.

  • Field Details

  • Constructor Details

  • Method Details

    • getGroups

      public static org.apache.hadoop.security.Groups getGroups()

    • setGroups

      public static void setGroups(org.apache.hadoop.security.Groups groups)

    • setConf

      public void setConf(org.apache.hadoop.conf.Configuration conf)
      Specified by:
      setConf in interface org.apache.hadoop.conf.Configurable
      Overrides:
      setConf in class BaseConfigurable

    • instantiate

      public static UserProvider instantiate(org.apache.hadoop.conf.Configuration conf)
      Instantiate the UserProvider specified in the configuration and set the passed configuration via setConf(Configuration)
      Parameters:
      conf - to read and set on the created UserProvider
      Returns:
      a UserProvider ready for use.

    • setUserProviderForTesting

      public static void setUserProviderForTesting(org.apache.hadoop.conf.Configuration conf, Class<? extends UserProvider> provider)
      Set the UserProvider in the given configuration that should be instantiated
      Parameters:
      conf - to update
      provider - class of the provider to set

    • getCurrentUserName

      public String getCurrentUserName() throws IOException
      Returns the userName for the current logged-in user.
      Throws:
      IOException - if the underlying user cannot be obtained

    • isHBaseSecurityEnabled

      public boolean isHBaseSecurityEnabled()
      Returns true if security is enabled, false otherwise

    • isHadoopSecurityEnabled

      public boolean isHadoopSecurityEnabled()
      Return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, this always returns false. For secure Hadoop, it will return the value from UserGroupInformation.isSecurityEnabled().

    • shouldLoginFromKeytab

      public boolean shouldLoginFromKeytab()
      In secure environment, if a user specified his keytab and principal, a hbase client will try to login with them. Otherwise, hbase client will try to obtain ticket(through kinit) from system.

    • getCurrent

      public User getCurrent() throws IOException
      Return the current user within the current execution context
      Throws:
      IOException - if the user cannot be loaded

    • create

      public User create(org.apache.hadoop.security.UserGroupInformation ugi)
      Wraps an underlying UserGroupInformation instance.
      Parameters:
      ugi - The base Hadoop user

    • login

      public void login(String fileConfKey, String principalConfKey, String localhost) throws IOException
      Log in the current process using the given configuration keys for the credential file and login principal. It is for SPN(Service Principal Name) login. SPN should be this format, servicename/fully.qualified.domain.name@REALM.

      This is only applicable when running on secure Hadoop -- see org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular Hadoop (without security features), this will safely be ignored.

      Parameters:
      fileConfKey - Property key used to configure path to the credential file
      principalConfKey - Property key used to configure login principal
      localhost - Current hostname to use in any credentials
      Throws:
      IOException - underlying exception from SecurityUtil.login() call

    • login

      public void login(String fileConfKey, String principalConfKey) throws IOException
      Login with given keytab and principal. This can be used for both SPN(Service Principal Name) and UPN(User Principal Name) which format should be clientname@REALM.
      Parameters:
      fileConfKey - config name for client keytab
      principalConfKey - config name for client principal
      Throws:
      IOException - underlying exception from UserGroupInformation.loginUserFromKeytab