Java Code Examples for org.apache.hadoop.security.UserGroupInformation.createRemoteUser()

The following are Jave code examples for showing how to use createRemoteUser() of the org.apache.hadoop.security.UserGroupInformation class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
+ Save this method
Example 1
Project: hadoop   File: TestJHSSecurity.java   View Source Code Vote up 6 votes
private MRClientProtocol getMRClientProtocol(Token token,
    final InetSocketAddress hsAddress, String user, final Configuration conf) {
  UserGroupInformation ugi = UserGroupInformation.createRemoteUser(user);
  ugi.addToken(ConverterUtils.convertFromYarn(token, hsAddress));

  final YarnRPC rpc = YarnRPC.create(conf);
  MRClientProtocol hsWithDT = ugi
      .doAs(new PrivilegedAction<MRClientProtocol>() {

        @Override
        public MRClientProtocol run() {
          return (MRClientProtocol) rpc.getProxy(HSClientProtocol.class,
              hsAddress, conf);
        }
      });
  return hsWithDT;
}
 
Example 2
Project: hadoop-oss   File: Server.java   View Source Code Vote up 6 votes
private UserGroupInformation getAuthorizedUgi(String authorizedId)
    throws InvalidToken, AccessControlException {
  if (authMethod == AuthMethod.TOKEN) {
    TokenIdentifier tokenId = SaslRpcServer.getIdentifier(authorizedId,
        secretManager);
    UserGroupInformation ugi = tokenId.getUser();
    if (ugi == null) {
      throw new AccessControlException(
          "Can't retrieve username from tokenIdentifier.");
    }
    ugi.addTokenIdentifier(tokenId);
    return ugi;
  } else {
    return UserGroupInformation.createRemoteUser(authorizedId, authMethod);
  }
}
 
Example 3
Project: ditb   File: TestUser.java   View Source Code Vote up 6 votes
@Test
public void testCacheGetGroupsRoot() throws Exception {
  // Windows users don't have a root user.
  // However pretty much every other *NIX os will have root.
  if (!SystemUtils.IS_OS_WINDOWS) {
    Configuration conf = HBaseConfiguration.create();
    UserProvider up = UserProvider.instantiate(conf);


    String rootUserName = "root";

    // Create two UGI's for this username
    UserGroupInformation ugiOne = UserGroupInformation.createRemoteUser(rootUserName);
    UserGroupInformation ugiTwo = UserGroupInformation.createRemoteUser(rootUserName);

    // Now try and get the user twice.
    User uOne = up.create(ugiOne);
    User uTwo = up.create(ugiTwo);

    // Make sure that we didn't break groups and everything worked well.
    assertArrayEquals(uOne.getGroupNames(),uTwo.getGroupNames());
    String[] groupNames = ugiOne.getGroupNames();
    assertTrue(groupNames.length > 0);
  }
}
 
Example 4
Project: hadoop   File: TestContainerManagerRecovery.java   View Source Code Vote up 6 votes
private StartContainersResponse startContainer(Context context,
    final ContainerManagerImpl cm, ContainerId cid,
    ContainerLaunchContext clc, LogAggregationContext logAggregationContext)
        throws Exception {
  UserGroupInformation user = UserGroupInformation.createRemoteUser(
      cid.getApplicationAttemptId().toString());
  StartContainerRequest scReq = StartContainerRequest.newInstance(
      clc, TestContainerManager.createContainerToken(cid, 0,
          context.getNodeId(), user.getShortUserName(),
          context.getContainerTokenSecretManager(), logAggregationContext));
  final List<StartContainerRequest> scReqList =
      new ArrayList<StartContainerRequest>();
  scReqList.add(scReq);
  NMTokenIdentifier nmToken = new NMTokenIdentifier(
      cid.getApplicationAttemptId(), context.getNodeId(),
      user.getShortUserName(),
      context.getNMTokenSecretManager().getCurrentKey().getKeyId());
  user.addTokenIdentifier(nmToken);
  return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {
    @Override
    public StartContainersResponse run() throws Exception {
      return cm.startContainers(
          StartContainersRequest.newInstance(scReqList));
    }
  });
}
 
Example 5
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 6 votes
@Test(expected = IllegalArgumentException.class)
public void testNullIpAddress() throws Exception {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      "*");
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP_RANGE);
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);

  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // remote address is null
  ProxyUsers.authorize(proxyUserUgi, null);
}
 
Example 6
Project: hadoop   File: AMRMTokenIdentifier.java   View Source Code Vote up 5 votes
@Override
public UserGroupInformation getUser() {
  String appAttemptId = null;
  if (proto.hasAppAttemptId()) {
    appAttemptId = 
        new ApplicationAttemptIdPBImpl(proto.getAppAttemptId()).toString();
  }
  return UserGroupInformation.createRemoteUser(appAttemptId);
}
 
Example 7
Project: hadoop   File: TestApplicationACLs.java   View Source Code Vote up 5 votes
private ApplicationClientProtocol getRMClientForUser(String user)
    throws IOException, InterruptedException {
  UserGroupInformation userUGI = UserGroupInformation
      .createRemoteUser(user);
  ApplicationClientProtocol userClient = userUGI
      .doAs(new PrivilegedExceptionAction<ApplicationClientProtocol>() {
        @Override
        public ApplicationClientProtocol run() throws Exception {
          return (ApplicationClientProtocol) rpc.getProxy(ApplicationClientProtocol.class,
              rmAddress, conf);
        }
      });
  return userClient;
}
 
Example 8
Project: hadoop   File: JobTokenIdentifier.java   View Source Code Vote up 5 votes
/** {@inheritDoc} */
@Override
public UserGroupInformation getUser() {
  if (jobid == null || "".equals(jobid.toString())) {
    return null;
  }
  return UserGroupInformation.createRemoteUser(jobid.toString());
}
 
Example 9
Project: hadoop-oss   File: TestWebDelegationToken.java   View Source Code Vote up 5 votes
@Test
public void testFallbackToPseudoDelegationTokenAuthenticator()
    throws Exception {
  final Server jetty = createJettyServer();
  Context context = new Context();
  context.setContextPath("/foo");
  jetty.setHandler(context);
  context.addFilter(new FilterHolder(PseudoDTAFilter.class), "/*", 0);
  context.addServlet(new ServletHolder(UserServlet.class), "/bar");

  try {
    jetty.start();
    final URL url = new URL(getJettyURL() + "/foo/bar");

    UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER);
    ugi.doAs(new PrivilegedExceptionAction<Void>() {
      @Override
      public Void run() throws Exception {
        DelegationTokenAuthenticatedURL.Token token =
            new DelegationTokenAuthenticatedURL.Token();
        DelegationTokenAuthenticatedURL aUrl =
            new DelegationTokenAuthenticatedURL();
        HttpURLConnection conn = aUrl.openConnection(url, token);
        Assert.assertEquals(HttpURLConnection.HTTP_OK,
            conn.getResponseCode());
        List<String> ret = IOUtils.readLines(conn.getInputStream());
        Assert.assertEquals(1, ret.size());
        Assert.assertEquals(FOO_USER, ret.get(0));

        aUrl.getDelegationToken(url, token, FOO_USER);
        Assert.assertNotNull(token.getDelegationToken());
        Assert.assertEquals(new Text("token-kind"),
            token.getDelegationToken().getKind());
        return null;
      }
    });
  } finally {
    jetty.stop();
  }
}
 
Example 10
Project: hadoop-oss   File: TestRpcBase.java   View Source Code Vote up 5 votes
@Override
public UserGroupInformation getUser() {
  if (realUser.toString().isEmpty()) {
    return UserGroupInformation.createRemoteUser(tokenid.toString());
  } else {
    UserGroupInformation realUgi = UserGroupInformation
        .createRemoteUser(realUser.toString());
    return UserGroupInformation
        .createProxyUser(tokenid.toString(), realUgi);
  }
}
 
Example 11
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
public static void loadTest(String ipString, int testRange) {
  Configuration conf = new Configuration();
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      StringUtils.join(",", Arrays.asList(GROUP_NAMES)));

  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      ipString
      );
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);


  // First try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
      .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  long startTime = System.nanoTime();
  SecureRandom sr = new SecureRandom();
  for (int i=1; i < 1000000; i++){
    try {
      ProxyUsers.authorize(proxyUserUgi,  "1.2.3."+ sr.nextInt(testRange));
     } catch (AuthorizationException e) {
    }
  }
  long stopTime = System.nanoTime();
  long elapsedTime = stopTime - startTime;
  System.out.println(elapsedTime/1000000 + " ms");
}
 
Example 12
Project: hadoop   File: MRAMSimulator.java   View Source Code Vote up 5 votes
/**
 * send out request for AM container
 */
protected void requestAMContainer()
        throws YarnException, IOException, InterruptedException {
  List<ResourceRequest> ask = new ArrayList<ResourceRequest>();
  ResourceRequest amRequest = createResourceRequest(
          BuilderUtils.newResource(MR_AM_CONTAINER_RESOURCE_MEMORY_MB,
                  MR_AM_CONTAINER_RESOURCE_VCORES),
          ResourceRequest.ANY, 1, 1);
  ask.add(amRequest);
  LOG.debug(MessageFormat.format("Application {0} sends out allocate " +
          "request for its AM", appId));
  final AllocateRequest request = this.createAllocateRequest(ask);

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}
 
Example 13
Project: hadoop   File: TestFileSystem.java   View Source Code Vote up 5 votes
public void testFsCache() throws Exception {
  {
    long now = System.currentTimeMillis();
    String[] users = new String[]{"foo","bar"};
    final Configuration conf = new Configuration();
    FileSystem[] fs = new FileSystem[users.length];

    for(int i = 0; i < users.length; i++) {
      UserGroupInformation ugi = UserGroupInformation.createRemoteUser(users[i]);
      fs[i] = ugi.doAs(new PrivilegedExceptionAction<FileSystem>() {
        public FileSystem run() throws IOException {
          return FileSystem.get(conf);
      }});
      for(int j = 0; j < i; j++) {
        assertFalse(fs[j] == fs[i]);
      }
    }
    FileSystem.closeAll();
  }
  
  {
    try {
      runTestCache(NameNode.DEFAULT_PORT);
    } catch(java.net.BindException be) {
      LOG.warn("Cannot test NameNode.DEFAULT_PORT (="
          + NameNode.DEFAULT_PORT + ")", be);
    }

    runTestCache(0);
  }
}
 
Example 14
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 5 votes
@Test
public void testNoHostsForUsers() throws Exception {
  Configuration conf = new Configuration(false);
  conf.set("y." + REAL_USER_NAME + ".users",
    StringUtils.join(",", Arrays.asList(AUTHORIZED_PROXY_USER_NAME)));
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf, "y");

  UserGroupInformation realUserUgi = UserGroupInformation
    .createRemoteUser(REAL_USER_NAME);
  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
    AUTHORIZED_PROXY_USER_NAME, realUserUgi, GROUP_NAMES);

  // IP doesn't matter
  assertNotAuthorized(proxyUserUgi, "1.2.3.4");
}
 
Example 15
Project: hadoop   File: MRAMSimulator.java   View Source Code Vote up 4 votes
@Override
protected void sendContainerRequest()
        throws YarnException, IOException, InterruptedException {
  if (isFinished) {
    return;
  }

  // send out request
  List<ResourceRequest> ask = null;
  if (isAMContainerRunning) {
    if (mapFinished != mapTotal) {
      // map phase
      if (! pendingMaps.isEmpty()) {
        ask = packageRequests(pendingMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} mappers.", appId, pendingMaps.size()));
        scheduledMaps.addAll(pendingMaps);
        pendingMaps.clear();
      } else if (! pendingFailedMaps.isEmpty() && scheduledMaps.isEmpty()) {
        ask = packageRequests(pendingFailedMaps, PRIORITY_MAP);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} failed mappers.", appId,
                pendingFailedMaps.size()));
        scheduledMaps.addAll(pendingFailedMaps);
        pendingFailedMaps.clear();
      }
    } else if (reduceFinished != reduceTotal) {
      // reduce phase
      if (! pendingReduces.isEmpty()) {
        ask = packageRequests(pendingReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "requests for {1} reducers.", appId, pendingReduces.size()));
        scheduledReduces.addAll(pendingReduces);
        pendingReduces.clear();
      } else if (! pendingFailedReduces.isEmpty()
              && scheduledReduces.isEmpty()) {
        ask = packageRequests(pendingFailedReduces, PRIORITY_REDUCE);
        LOG.debug(MessageFormat.format("Application {0} sends out " +
                "request for {1} failed reducers.", appId,
                pendingFailedReduces.size()));
        scheduledReduces.addAll(pendingFailedReduces);
        pendingFailedReduces.clear();
      }
    }
  }
  if (ask == null) {
    ask = new ArrayList<ResourceRequest>();
  }
  
  final AllocateRequest request = createAllocateRequest(ask);
  if (totalContainers == 0) {
    request.setProgress(1.0f);
  } else {
    request.setProgress((float) finishedContainers / totalContainers);
  }

  UserGroupInformation ugi =
          UserGroupInformation.createRemoteUser(appAttemptId.toString());
  Token<AMRMTokenIdentifier> token = rm.getRMContext().getRMApps()
          .get(appAttemptId.getApplicationId())
          .getRMAppAttempt(appAttemptId).getAMRMToken();
  ugi.addTokenIdentifier(token.decodeIdentifier());
  AllocateResponse response = ugi.doAs(
          new PrivilegedExceptionAction<AllocateResponse>() {
    @Override
    public AllocateResponse run() throws Exception {
      return rm.getApplicationMasterService().allocate(request);
    }
  });
  if (response != null) {
    responseQueue.put(response);
  }
}
 
Example 16
Project: hadoop   File: TestApplicationACLs.java   View Source Code Vote up 4 votes
@BeforeClass
public static void setup() throws InterruptedException, IOException {
  RMStateStore store = RMStateStoreFactory.getStore(conf);
  conf.setBoolean(YarnConfiguration.YARN_ACL_ENABLE, true);
  AccessControlList adminACL = new AccessControlList("");
  adminACL.addGroup(SUPER_GROUP);
  conf.set(YarnConfiguration.YARN_ADMIN_ACL, adminACL.getAclString());
  resourceManager = new MockRM(conf) {

    @Override
    protected QueueACLsManager createQueueACLsManager(
        ResourceScheduler scheduler,
        Configuration conf) {
      QueueACLsManager mockQueueACLsManager = mock(QueueACLsManager.class);
      when(mockQueueACLsManager.checkAccess(any(UserGroupInformation.class),
          any(QueueACL.class), anyString())).thenAnswer(new Answer() {
        public Object answer(InvocationOnMock invocation) {
          return isQueueUser;
        }
      });
      return mockQueueACLsManager;
    }

    protected ClientRMService createClientRMService() {
      return new ClientRMService(getRMContext(), this.scheduler,
          this.rmAppManager, this.applicationACLsManager,
          this.queueACLsManager, null);
    };
  };
  new Thread() {
    public void run() {
      UserGroupInformation.createUserForTesting(ENEMY, new String[] {});
      UserGroupInformation.createUserForTesting(FRIEND,
          new String[] { FRIENDLY_GROUP });
      UserGroupInformation.createUserForTesting(SUPER_USER,
          new String[] { SUPER_GROUP });
      resourceManager.start();
    };
  }.start();
  int waitCount = 0;
  while (resourceManager.getServiceState() == STATE.INITED
      && waitCount++ < 60) {
    LOG.info("Waiting for RM to start...");
    Thread.sleep(1500);
  }
  if (resourceManager.getServiceState() != STATE.STARTED) {
    // RM could have failed.
    throw new IOException(
        "ResourceManager failed to start. Final state is "
            + resourceManager.getServiceState());
  }

  UserGroupInformation owner = UserGroupInformation
      .createRemoteUser(APP_OWNER);
  rmClient = owner.doAs(new PrivilegedExceptionAction<ApplicationClientProtocol>() {
    @Override
    public ApplicationClientProtocol run() throws Exception {
      return (ApplicationClientProtocol) rpc.getProxy(ApplicationClientProtocol.class,
          rmAddress, conf);
    }
  });
}
 
Example 17
Project: hadoop-oss   File: TestProxyUsers.java   View Source Code Vote up 4 votes
/**
 * Test the netgroups (groups in ACL rules that start with @)
 *
 * This is a  manual test because it requires:
 *   - host setup
 *   - native code compiled
 *   - specify the group mapping class
 *
 * Host setup:
 *
 * /etc/nsswitch.conf should have a line like this:
 * netgroup: files
 *
 * /etc/netgroup should be (the whole file):
 * foo_group (,proxied_user,)
 *
 * To run this test:
 *
 * export JAVA_HOME='path/to/java'
 * mvn test \
 *   -Dtest=TestProxyUsers \
 *   -DTestProxyUsersGroupMapping=$className \
 *   
 * where $className is one of the classes that provide group
 * mapping services, i.e. classes that implement
 * GroupMappingServiceProvider interface, at this time:
 *   - org.apache.hadoop.security.JniBasedUnixGroupsNetgroupMapping
 *   - org.apache.hadoop.security.ShellBasedUnixGroupsNetgroupMapping
 *
 */

@Test
public void testNetgroups () throws IOException{

  if(!NativeCodeLoader.isNativeCodeLoaded()) {
    LOG.info("Not testing netgroups, " +
      "this test only runs when native code is compiled");
    return;
  }

  String groupMappingClassName =
    System.getProperty("TestProxyUsersGroupMapping");

  if(groupMappingClassName == null) {
    LOG.info("Not testing netgroups, no group mapping class specified, " +
      "use -DTestProxyUsersGroupMapping=$className to specify " +
      "group mapping class (must implement GroupMappingServiceProvider " +
      "interface and support netgroups)");
    return;
  }

  LOG.info("Testing netgroups using: " + groupMappingClassName);

  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_GROUP_MAPPING,
    groupMappingClassName);

  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserGroupConfKey(REAL_USER_NAME),
      StringUtils.join(",", Arrays.asList(NETGROUP_NAMES)));
  conf.set(
      DefaultImpersonationProvider.getTestProvider().
          getProxySuperuserIpConfKey(REAL_USER_NAME),
      PROXY_IP);
  
  ProxyUsers.refreshSuperUserGroupsConfiguration(conf);
  Groups groups = Groups.getUserToGroupsMappingService(conf);

  // try proxying a group that's allowed
  UserGroupInformation realUserUgi = UserGroupInformation
  .createRemoteUser(REAL_USER_NAME);

  UserGroupInformation proxyUserUgi = UserGroupInformation.createProxyUserForTesting(
      PROXY_USER_NAME, realUserUgi, groups.getGroups(PROXY_USER_NAME).toArray(
          new String[groups.getGroups(PROXY_USER_NAME).size()]));

  assertAuthorized(proxyUserUgi, PROXY_IP);
}
 
Example 18
Project: hadoop-oss   File: TestFileSystemCaching.java   View Source Code Vote up 4 votes
@SuppressWarnings("unchecked")
@Test
public <T extends TokenIdentifier> void testCacheForUgi() throws Exception {
  final Configuration conf = new Configuration();
  conf.set("fs.cachedfile.impl", FileSystem.getFileSystemClass("file", null).getName());
  UserGroupInformation ugiA = UserGroupInformation.createRemoteUser("foo");
  UserGroupInformation ugiB = UserGroupInformation.createRemoteUser("bar");
  FileSystem fsA = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {
    @Override
    public FileSystem run() throws Exception {
      return FileSystem.get(new URI("cachedfile://a"), conf);
    }
  });
  FileSystem fsA1 = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {
    @Override
    public FileSystem run() throws Exception {
      return FileSystem.get(new URI("cachedfile://a"), conf);
    }
  });
  //Since the UGIs are the same, we should have the same filesystem for both
  assertSame(fsA, fsA1);
  
  FileSystem fsB = ugiB.doAs(new PrivilegedExceptionAction<FileSystem>() {
    @Override
    public FileSystem run() throws Exception {
      return FileSystem.get(new URI("cachedfile://a"), conf);
    }
  });
  //Since the UGIs are different, we should end up with different filesystems
  //corresponding to the two UGIs
  assertNotSame(fsA, fsB);
  
  Token<T> t1 = mock(Token.class);
  UserGroupInformation ugiA2 = UserGroupInformation.createRemoteUser("foo");
  
  fsA = ugiA2.doAs(new PrivilegedExceptionAction<FileSystem>() {
    @Override
    public FileSystem run() throws Exception {
      return FileSystem.get(new URI("cachedfile://a"), conf);
    }
  });
  // Although the users in the UGI are same, they have different subjects
  // and so are different.
  assertNotSame(fsA, fsA1);
  
  ugiA.addToken(t1);
  
  fsA = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {
    @Override
    public FileSystem run() throws Exception {
      return FileSystem.get(new URI("cachedfile://a"), conf);
    }
  });
  // Make sure that different UGI's with the same subject lead to the same
  // file system.
  assertSame(fsA, fsA1);
}
 
Example 19
Project: hadoop-oss   File: HttpServer2.java   View Source Code Vote up 3 votes
/**
 * Get the admin ACLs from the given ServletContext and check if the given
 * user is in the ACL.
 *
 * @param servletContext the context containing the admin ACL.
 * @param remoteUser the remote user to check for.
 * @return true if the user is present in the ACL, false if no ACL is set or
 *         the user is not present
 */
public static boolean userHasAdministratorAccess(ServletContext servletContext,
    String remoteUser) {
  AccessControlList adminsAcl = (AccessControlList) servletContext
      .getAttribute(ADMINS_ACL);
  UserGroupInformation remoteUserUGI =
      UserGroupInformation.createRemoteUser(remoteUser);
  return adminsAcl != null && adminsAcl.isUserAllowed(remoteUserUGI);
}
 
Example 20
Project: hadoop   File: HttpServer2.java   View Source Code Vote up 3 votes
/**
 * Get the admin ACLs from the given ServletContext and check if the given
 * user is in the ACL.
 *
 * @param servletContext the context containing the admin ACL.
 * @param remoteUser the remote user to check for.
 * @return true if the user is present in the ACL, false if no ACL is set or
 *         the user is not present
 */
public static boolean userHasAdministratorAccess(ServletContext servletContext,
    String remoteUser) {
  AccessControlList adminsAcl = (AccessControlList) servletContext
      .getAttribute(ADMINS_ACL);
  UserGroupInformation remoteUserUGI =
      UserGroupInformation.createRemoteUser(remoteUser);
  return adminsAcl != null && adminsAcl.isUserAllowed(remoteUserUGI);
}