Java Code Examples for org.apache.hadoop.security.UserGroupInformation#getAuthenticationMethod()

The following examples show how to use org.apache.hadoop.security.UserGroupInformation#getAuthenticationMethod() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: Bats   File: BitConnectionConfig.java    License: Apache License 2.0 6 votes vote down vote up
public Map<String, ?> getSaslClientProperties(final DrillbitEndpoint remoteEndpoint,
                                              final Map<String, String> overrides) throws IOException {
  final DrillProperties properties = DrillProperties.createEmpty();

  final UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  if (loginUser.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.KERBEROS) {
    final HadoopKerberosName loginPrincipal = new HadoopKerberosName(loginUser.getUserName());
    if (!useLoginPrincipal) {
      properties.setProperty(DrillProperties.SERVICE_PRINCIPAL,
          KerberosUtil.getPrincipalFromParts(loginPrincipal.getShortName(),
              remoteEndpoint.getAddress(),
              loginPrincipal.getRealm()));
    } else {
      properties.setProperty(DrillProperties.SERVICE_PRINCIPAL, loginPrincipal.toString());
    }
  }

  properties.merge(overrides);
  return properties.stringPropertiesAsMap();
}
 
Example 2
Source Project: hadoop   File: TestWebDelegationToken.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
  UserGroupInformation ugi = HttpUserGroupInformation.get();
  if (ugi != null) {
    String ret = "remoteuser=" + req.getRemoteUser() + ":ugi=" +
        ugi.getShortUserName();
    if (ugi.getAuthenticationMethod() ==
        UserGroupInformation.AuthenticationMethod.PROXY) {
      ret = "realugi=" + ugi.getRealUser().getShortUserName() + ":" + ret;
    }
    resp.setStatus(HttpServletResponse.SC_OK);
    resp.getWriter().write(ret);
  } else {
    resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
  }
}
 
Example 3
Source Project: big-c   File: TestWebDelegationToken.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
  UserGroupInformation ugi = HttpUserGroupInformation.get();
  if (ugi != null) {
    String ret = "remoteuser=" + req.getRemoteUser() + ":ugi=" +
        ugi.getShortUserName();
    if (ugi.getAuthenticationMethod() ==
        UserGroupInformation.AuthenticationMethod.PROXY) {
      ret = "realugi=" + ugi.getRealUser().getShortUserName() + ":" + ret;
    }
    resp.setStatus(HttpServletResponse.SC_OK);
    resp.getWriter().write(ret);
  } else {
    resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
  }
}
 
Example 4
@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain filterChain) throws IOException, ServletException {
  // include Impersonator User Name in case someone (e.g. logger) wants it
  FilterChain filterChainWrapper = new FilterChain() {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
        throws IOException, ServletException {
      Locale.setDefault(defaultLocale);
      HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;

      UserGroupInformation ugi = HttpUserGroupInformation.get();
      if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
        UserGroupInformation realUserUgi = ugi.getRealUser();
        if (realUserUgi != null) {
          httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
        }
      }
      filterChain.doFilter(servletRequest, servletResponse);
    }
  };

  // A hack until HADOOP-15681 get committed
  Locale.setDefault(Locale.US);
  super.doFilter(request, response, filterChainWrapper);
}
 
Example 5
Source Project: lucene-solr   File: HadoopAuthFilter.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain filterChain) throws IOException, ServletException {
  // include Impersonator User Name in case someone (e.g. logger) wants it
  FilterChain filterChainWrapper = new FilterChain() {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse)
        throws IOException, ServletException {
      Locale.setDefault(defaultLocale);
      HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;

      UserGroupInformation ugi = HttpUserGroupInformation.get();
      if (ugi != null && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.PROXY) {
        UserGroupInformation realUserUgi = ugi.getRealUser();
        if (realUserUgi != null) {
          httpRequest.setAttribute(KerberosPlugin.IMPERSONATOR_USER_NAME, realUserUgi.getShortUserName());
        }
      }
      filterChain.doFilter(servletRequest, servletResponse);
    }
  };

  // A hack until HADOOP-15681 get committed
  Locale.setDefault(Locale.US);
  super.doFilter(request, response, filterChainWrapper);
}
 
Example 6
Source Project: ranger   File: KMSAuditLogger.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * @param op
 *          The operation being audited (either {@link KMS.KMSOp} or
 *          {@link Type} N.B this is passed as an {@link Object} to allow
 *          either enum to be passed in.
 * @param ugi
 *          The user's security context
 * @param keyName
 *          The String name of the key if applicable
 * @param remoteHost
 *          The hostname of the requesting service
 * @param msg
 *          Any extra details for auditing
 */
AuditEvent(Object op, UserGroupInformation ugi, String keyName,
    String remoteHost, String msg) {
  this.keyName = keyName;
  if (ugi == null) {
    this.user = null;
    this.impersonator = null;
  } else {
    this.user = ugi.getShortUserName();
    if (ugi.getAuthenticationMethod()
        == UserGroupInformation.AuthenticationMethod.PROXY) {
      this.impersonator = ugi.getRealUser().getUserName();
    } else {
      this.impersonator = null;
    }
  }
  this.remoteHost = remoteHost;
  this.op = op;
  this.extraMsg = msg;
}
 
Example 7
Source Project: hadoop-ozone   File: OzoneManager.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Returns authentication method used to establish the connection.
 *
 * @return AuthenticationMethod used to establish connection
 * @throws IOException
 */
private AuthenticationMethod getConnectionAuthenticationMethod()
    throws IOException {
  UserGroupInformation ugi = getRemoteUser();
  AuthenticationMethod authMethod = ugi.getAuthenticationMethod();
  if (authMethod == AuthenticationMethod.PROXY) {
    authMethod = ugi.getRealUser().getAuthenticationMethod();
  }
  return authMethod;
}
 
Example 8
Source Project: hbase   File: TokenProvider.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * @param ugi A user group information.
 * @return true if delegation token operation is allowed
 */
private boolean isAllowedDelegationTokenOp(UserGroupInformation ugi) throws IOException {
  AuthenticationMethod authMethod = ugi.getAuthenticationMethod();
  if (authMethod == AuthenticationMethod.PROXY) {
    authMethod = ugi.getRealUser().getAuthenticationMethod();
  }
  if (authMethod != AuthenticationMethod.KERBEROS
      && authMethod != AuthenticationMethod.KERBEROS_SSL
      && authMethod != AuthenticationMethod.CERTIFICATE) {
    return false;
  }
  return true;
}
 
Example 9
Source Project: datacollector   File: ClusterHdfsSource.java    License: Apache License 2.0 4 votes vote down vote up
@VisibleForTesting
void validateHadoopFS(List<ConfigIssue> issues) {
  boolean validHadoopFsUri;
  String hdfsUriInConf;
  if (!Strings.isNullOrEmpty(conf.hdfsUri)) {
    hadoopConf.set(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY, conf.hdfsUri);
  } else {
    hdfsUriInConf = hadoopConf.get(CommonConfigurationKeys.FS_DEFAULT_NAME_KEY);
    if (hdfsUriInConf == null) {
      issues.add(
          getContext().createConfigIssue(
              Groups.HADOOP_FS.name(),
              CLUSTER_HDFS_CONFIG_BEAN_PREFIX + HDFS_URI,
              Errors.HADOOPFS_19
          )
      );
      return;
    } else {
      conf.hdfsUri = hdfsUriInConf;
    }
  }
  validHadoopFsUri = validateHadoopFsURI(issues);
  StringBuilder logMessage = new StringBuilder();
  try {
    UserGroupInformation loginUgi = HadoopSecurityUtil.getLoginUser(hadoopConf);
    userUgi = HadoopSecurityUtil.getProxyUser(
        conf.hdfsUser,
        getContext(),
        loginUgi,
        issues,
        Groups.HADOOP_FS.name(),
        CLUSTER_HDFS_CONFIG_BEAN_PREFIX + "hdfsUser"
    );
    if (userUgi != loginUgi) {
      proxyUser = userUgi.getUserName();
      LOG.debug("Proxy user submitting cluster batch job is {}", proxyUser);
    }
    if (conf.hdfsKerberos) {
      logMessage.append("Using Kerberos");
      if (loginUgi.getAuthenticationMethod() != UserGroupInformation.AuthenticationMethod.KERBEROS) {
        issues.add(
            getContext().createConfigIssue(
                Groups.HADOOP_FS.name(),
                CLUSTER_HDFS_CONFIG_BEAN_PREFIX + "hdfsKerberos",
                Errors.HADOOPFS_00,
                loginUgi.getAuthenticationMethod(),
                UserGroupInformation.AuthenticationMethod.KERBEROS
            )
        );
      }
    } else {
      logMessage.append("Using Simple");
      hadoopConf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
          UserGroupInformation.AuthenticationMethod.SIMPLE.name());
    }
    if (validHadoopFsUri) {
      getUGI().doAs((PrivilegedExceptionAction<Void>) () -> {
        try (FileSystem fs = getFileSystemForInitDestroy(null)) { // NOSONAR
          // to trigger fs close
        }
        return null;
      });
    }
  } catch (Exception ex) {
    LOG.info("Error connecting to FileSystem: " + ex, ex);
    issues.add(
        getContext().createConfigIssue(
            Groups.HADOOP_FS.name(),
            null,
            Errors.HADOOPFS_11,
            conf.hdfsUri,
            String.valueOf(ex),
            ex
        )
    );
  }
  LOG.info("Authentication Config: {}", logMessage);
}
 
Example 10
Source Project: flink   File: HadoopUtils.java    License: Apache License 2.0 4 votes vote down vote up
public static boolean isKerberosSecurityEnabled(UserGroupInformation ugi) {
	return UserGroupInformation.isSecurityEnabled() && ugi.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.KERBEROS;
}