Java Code Examples for org.apache.hadoop.security.UserGroupInformation.getUserName()

The following are Jave code examples for showing how to use getUserName() of the org.apache.hadoop.security.UserGroupInformation class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
Example 1
Project: hadoop   File: DefaultImpersonationProvider.java   Source Code and License Vote up 6 votes
@Override
public void authorize(UserGroupInformation user, 
    String remoteAddress) throws AuthorizationException {
  
  UserGroupInformation realUser = user.getRealUser();
  if (realUser == null) {
    return;
  }
  
  AccessControlList acl = proxyUserAcl.get(configPrefix +
      realUser.getShortUserName());
  if (acl == null || !acl.isUserAllowed(user)) {
    throw new AuthorizationException("User: " + realUser.getUserName()
        + " is not allowed to impersonate " + user.getUserName());
  }

  MachineList MachineList = proxyHosts.get(
      getProxySuperuserIpConfKey(realUser.getShortUserName()));

  if(MachineList == null || !MachineList.includes(remoteAddress)) {
    throw new AuthorizationException("Unauthorized connection for super-user: "
        + realUser.getUserName() + " from IP " + remoteAddress);
  }
}
 
Example 2
Project: flume-release-1.7.0   File: UGIExecutor.java   Source Code and License Vote up 6 votes
private void reloginUGI(UserGroupInformation ugi) {
  try {
    if (ugi.hasKerberosCredentials()) {
      long now = System.currentTimeMillis();
      if (now - lastReloginAttempt < MIN_TIME_BEFORE_RELOGIN) {
        return;
      }
      lastReloginAttempt = now;
      ugi.checkTGTAndReloginFromKeytab();
    }
  } catch (IOException e) {
    throw new SecurityException("Error trying to relogin from keytab for user "
            + ugi.getUserName(), e);
  }
}
 
Example 3
Project: hadoop   File: RMWebServices.java   Source Code and License Vote up 6 votes
@GET
@Path("/apps/{appid}/queue")
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public AppQueue getAppQueue(@Context HttpServletRequest hsr,
    @PathParam("appid") String appId) throws AuthorizationException {
  init();
  UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
  String userName = "UNKNOWN-USER";
  if (callerUGI != null) {
    userName = callerUGI.getUserName();
  }
  RMApp app = null;
  try {
    app = getRMAppForAppId(appId);
  } catch (NotFoundException e) {
    RMAuditLogger.logFailure(userName, AuditConstants.KILL_APP_REQUEST,
      "UNKNOWN", "RMWebService",
      "Trying to get state of an absent application " + appId);
    throw e;
  }

  AppQueue ret = new AppQueue();
  ret.setQueue(app.getQueue());

  return ret;
}
 
Example 4
Project: hadoop   File: TestClientRMService.java   Source Code and License Vote up 6 votes
private void checkTokenRenewal(UserGroupInformation owner,
    UserGroupInformation renewer) throws IOException, YarnException {
  RMDelegationTokenIdentifier tokenIdentifier =
      new RMDelegationTokenIdentifier(
          new Text(owner.getUserName()), new Text(renewer.getUserName()), null);
  Token<?> token =
      new Token<RMDelegationTokenIdentifier>(tokenIdentifier, dtsm);
  org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(
      token.getIdentifier(), token.getKind().toString(),
      token.getPassword(), token.getService().toString());
  RenewDelegationTokenRequest request =
      Records.newRecord(RenewDelegationTokenRequest.class);
  request.setDelegationToken(dToken);

  RMContext rmContext = mock(RMContext.class);
  ClientRMService rmService = new ClientRMService(
      rmContext, null, null, null, null, dtsm);
  rmService.renewDelegationToken(request);
}
 
Example 5
Project: hadoop   File: TestClientRMService.java   Source Code and License Vote up 6 votes
private void checkTokenCancellation(ClientRMService rmService,
    UserGroupInformation owner, UserGroupInformation renewer)
    throws IOException, YarnException {
  RMDelegationTokenIdentifier tokenIdentifier =
      new RMDelegationTokenIdentifier(new Text(owner.getUserName()),
        new Text(renewer.getUserName()), null);
  Token<?> token =
      new Token<RMDelegationTokenIdentifier>(tokenIdentifier, dtsm);
  org.apache.hadoop.yarn.api.records.Token dToken =
      BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind()
        .toString(), token.getPassword(), token.getService().toString());
  CancelDelegationTokenRequest request =
      Records.newRecord(CancelDelegationTokenRequest.class);
  request.setDelegationToken(dToken);
  rmService.cancelDelegationToken(request);
}
 
Example 6
Project: hadoop   File: TestMRAppComponentDependencies.java   Source Code and License Vote up 6 votes
@Override
protected Job createJob(Configuration conf, JobStateInternal forcedState,
    String diagnostic) {
  UserGroupInformation currentUser = null;
  try {
    currentUser = UserGroupInformation.getCurrentUser();
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  Job newJob =
      new TestJob(getJobId(), getAttemptID(), conf, getDispatcher()
        .getEventHandler(), getTaskAttemptListener(), getContext()
        .getClock(), getCommitter(), isNewApiCommitter(),
        currentUser.getUserName(), getContext(), forcedState, diagnostic);
  ((AppContext) getContext()).getAllJobs().put(newJob.getID(), newJob);

  getDispatcher().register(JobFinishEvent.Type.class,
    createJobFinishEventHandler());

  return newJob;
}
 
Example 7
Project: hadoop   File: TestStagingCleanup.java   Source Code and License Vote up 6 votes
@Override
protected Job createJob(Configuration conf, JobStateInternal forcedState, 
    String diagnostic) {
  UserGroupInformation currentUser = null;
  try {
    currentUser = UserGroupInformation.getCurrentUser();
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  Job newJob = new TestJob(getJobId(), getAttemptID(), conf,
      getDispatcher().getEventHandler(),
      getTaskAttemptListener(), getContext().getClock(),
      getCommitter(), isNewApiCommitter(),
      currentUser.getUserName(), getContext(),
      forcedState, diagnostic);
  ((AppContext) getContext()).getAllJobs().put(newJob.getID(), newJob);

  getDispatcher().register(JobFinishEvent.Type.class,
      createJobFinishEventHandler());

  return newJob;
}
 
Example 8
Project: hadoop   File: TestWebHdfsUrl.java   Source Code and License Vote up 6 votes
private WebHdfsFileSystem getWebHdfsFileSystem(UserGroupInformation ugi,
    Configuration conf) throws IOException {
  if (UserGroupInformation.isSecurityEnabled()) {
    DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(new Text(
        ugi.getUserName()), null, null);
    FSNamesystem namesystem = mock(FSNamesystem.class);
    DelegationTokenSecretManager dtSecretManager = new DelegationTokenSecretManager(
        86400000, 86400000, 86400000, 86400000, namesystem);
    dtSecretManager.startThreads();
    Token<DelegationTokenIdentifier> token = new Token<DelegationTokenIdentifier>(
        dtId, dtSecretManager);
    SecurityUtil.setTokenService(
        token, NetUtils.createSocketAddr(uri.getAuthority()));
    token.setKind(WebHdfsFileSystem.TOKEN_KIND);
    ugi.addToken(token);
  }
  return (WebHdfsFileSystem) FileSystem.get(uri, conf);
}
 
Example 9
Project: hadoop   File: TestIdentityProviders.java   Source Code and License Vote up 5 votes
@Test
public void testUserIdentityProvider() throws IOException {
  UserIdentityProvider uip = new UserIdentityProvider();
  String identity = uip.makeIdentity(new FakeSchedulable());

  // Get our username
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  String username = ugi.getUserName();

  assertEquals(username, identity);
}
 
Example 10
Project: hadoop-oss   File: TestProxyUsers.java   Source Code and License Vote up 5 votes
/**
 * Authorize a user (superuser) to impersonate another user (user1) if the 
 * superuser belongs to the group "sudo_user1" .
 */

public void authorize(UserGroupInformation user, 
    String remoteAddress) throws AuthorizationException{
  UserGroupInformation superUser = user.getRealUser();

  String sudoGroupName = "sudo_" + user.getShortUserName();
  if (!Arrays.asList(superUser.getGroupNames()).contains(sudoGroupName)){
    throw new AuthorizationException("User: " + superUser.getUserName()
        + " is not allowed to impersonate " + user.getUserName());
  }
}
 
Example 11
Project: hadoop-oss   File: GetGroupsTestBase.java   Source Code and License Vote up 5 votes
private static String getExpectedOutput(UserGroupInformation user) {
  String expectedOutput = user.getUserName() + " :";
  for (String group : user.getGroupNames()) {
    expectedOutput += " " + group;
  }
  return expectedOutput + System.getProperty("line.separator");
}
 
Example 12
Project: hadoop-oss   File: TestIdentityProviders.java   Source Code and License Vote up 5 votes
@Test
public void testUserIdentityProvider() throws IOException {
  UserIdentityProvider uip = new UserIdentityProvider();
  String identity = uip.makeIdentity(new FakeSchedulable());

  // Get our username
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  String username = ugi.getUserName();

  assertEquals(username, identity);
}
 
Example 13
Project: hadoop   File: TestSaslRPC.java   Source Code and License Vote up 5 votes
private void doDigestRpc(Server server, TestTokenSecretManager sm
                         ) throws Exception {
  server.start();

  final UserGroupInformation current = UserGroupInformation.getCurrentUser();
  final InetSocketAddress addr = NetUtils.getConnectAddress(server);
  TestTokenIdentifier tokenId = new TestTokenIdentifier(new Text(current
      .getUserName()));
  Token<TestTokenIdentifier> token = new Token<TestTokenIdentifier>(tokenId,
      sm);
  SecurityUtil.setTokenService(token, addr);
  current.addToken(token);

  TestSaslProtocol proxy = null;
  try {
    proxy = RPC.getProxy(TestSaslProtocol.class,
        TestSaslProtocol.versionID, addr, conf);
    AuthMethod authMethod = proxy.getAuthMethod();
    assertEquals(TOKEN, authMethod);
    //QOP must be auth
    assertEquals(expectedQop.saslQop,
                 RPC.getConnectionIdForProxy(proxy).getSaslQop());            
    proxy.ping();
  } finally {
    server.stop();
    if (proxy != null) {
      RPC.stopProxy(proxy);
    }
  }
}
 
Example 14
Project: hadoop   File: MRApp.java   Source Code and License Vote up 5 votes
@Override
protected Job createJob(Configuration conf, JobStateInternal forcedState, 
    String diagnostic) {
  UserGroupInformation currentUser = null;
  try {
    currentUser = UserGroupInformation.getCurrentUser();
  } catch (IOException e) {
    throw new YarnRuntimeException(e);
  }
  Job newJob = new TestJob(getJobId(), getAttemptID(), conf, 
  		getDispatcher().getEventHandler(),
          getTaskAttemptListener(), getContext().getClock(),
          getCommitter(), isNewApiCommitter(),
          currentUser.getUserName(), getContext(),
          forcedState, diagnostic);
  ((AppContext) getContext()).getAllJobs().put(newJob.getID(), newJob);

  getDispatcher().register(JobFinishEvent.Type.class,
      new EventHandler<JobFinishEvent>() {
        @Override
        public void handle(JobFinishEvent event) {
          stop();
        }
      });

  return newJob;
}
 
Example 15
Project: hadoop   File: GetGroupsTestBase.java   Source Code and License Vote up 5 votes
private static String getExpectedOutput(UserGroupInformation user) {
  String expectedOutput = user.getUserName() + " :";
  for (String group : user.getGroupNames()) {
    expectedOutput += " " + group;
  }
  return expectedOutput + System.getProperty("line.separator");
}
 
Example 16
Project: hadoop   File: TestCopyFiles.java   Source Code and License Vote up 5 votes
static Path createHomeDirectory(FileSystem fs, UserGroupInformation ugi
    ) throws IOException {
  final Path home = new Path("/user/" + ugi.getUserName());
  fs.mkdirs(home);
  fs.setOwner(home, ugi.getUserName(), ugi.getGroupNames()[0]);
  fs.setPermission(home, new FsPermission((short)0700));
  return home;
}
 
Example 17
Project: hadoop   File: RMWebServices.java   Source Code and License Vote up 4 votes
protected Response killApp(RMApp app, UserGroupInformation callerUGI,
    HttpServletRequest hsr) throws IOException, InterruptedException {

  if (app == null) {
    throw new IllegalArgumentException("app cannot be null");
  }
  String userName = callerUGI.getUserName();
  final ApplicationId appid = app.getApplicationId();
  KillApplicationResponse resp = null;
  try {
    resp =
        callerUGI
          .doAs(new PrivilegedExceptionAction<KillApplicationResponse>() {
            @Override
            public KillApplicationResponse run() throws IOException,
                YarnException {
              KillApplicationRequest req =
                  KillApplicationRequest.newInstance(appid);
              return rm.getClientRMService().forceKillApplication(req);
            }
          });
  } catch (UndeclaredThrowableException ue) {
    // if the root cause is a permissions issue
    // bubble that up to the user
    if (ue.getCause() instanceof YarnException) {
      YarnException ye = (YarnException) ue.getCause();
      if (ye.getCause() instanceof AccessControlException) {
        String appId = app.getApplicationId().toString();
        String msg =
            "Unauthorized attempt to kill appid " + appId
                + " by remote user " + userName;
        return Response.status(Status.FORBIDDEN).entity(msg).build();
      } else {
        throw ue;
      }
    } else {
      throw ue;
    }
  }

  AppState ret = new AppState();
  ret.setState(app.getState().toString());

  if (resp.getIsKillCompleted()) {
    RMAuditLogger.logSuccess(userName, AuditConstants.KILL_APP_REQUEST,
      "RMWebService", app.getApplicationId());
  } else {
    return Response.status(Status.ACCEPTED).entity(ret)
      .header(HttpHeaders.LOCATION, hsr.getRequestURL()).build();
  }
  return Response.status(Status.OK).entity(ret).build();
}
 
Example 18
Project: hadoop   File: RMWebServices.java   Source Code and License Vote up 4 votes
protected Response moveApp(RMApp app, UserGroupInformation callerUGI,
    String targetQueue) throws IOException, InterruptedException {

  if (app == null) {
    throw new IllegalArgumentException("app cannot be null");
  }
  String userName = callerUGI.getUserName();
  final ApplicationId appid = app.getApplicationId();
  final String reqTargetQueue = targetQueue;
  try {
    callerUGI
      .doAs(new PrivilegedExceptionAction<Void>() {
        @Override
        public Void run() throws IOException,
            YarnException {
          MoveApplicationAcrossQueuesRequest req =
              MoveApplicationAcrossQueuesRequest.newInstance(appid,
                reqTargetQueue);
          rm.getClientRMService().moveApplicationAcrossQueues(req);
          return null;
        }
      });
  } catch (UndeclaredThrowableException ue) {
    // if the root cause is a permissions issue
    // bubble that up to the user
    if (ue.getCause() instanceof YarnException) {
      YarnException ye = (YarnException) ue.getCause();
      if (ye.getCause() instanceof AccessControlException) {
        String appId = app.getApplicationId().toString();
        String msg =
            "Unauthorized attempt to move appid " + appId
                + " by remote user " + userName;
        return Response.status(Status.FORBIDDEN).entity(msg).build();
      } else if (ye.getMessage().startsWith("App in")
          && ye.getMessage().endsWith("state cannot be moved.")) {
        return Response.status(Status.BAD_REQUEST).entity(ye.getMessage())
          .build();
      } else {
        throw ue;
      }
    } else {
      throw ue;
    }
  }

  AppQueue ret = new AppQueue();
  ret.setQueue(app.getQueue());
  return Response.status(Status.OK).entity(ret).build();
}
 
Example 19
Project: hadoop   File: TestSaslRPC.java   Source Code and License Vote up 4 votes
@Test
public void testPerConnectionConf() throws Exception {
  TestTokenSecretManager sm = new TestTokenSecretManager();
  final Server server = new RPC.Builder(conf)
      .setProtocol(TestSaslProtocol.class).setInstance(new TestSaslImpl())
      .setBindAddress(ADDRESS).setPort(0).setNumHandlers(5).setVerbose(true)
      .setSecretManager(sm).build();
  server.start();
  final UserGroupInformation current = UserGroupInformation.getCurrentUser();
  final InetSocketAddress addr = NetUtils.getConnectAddress(server);
  TestTokenIdentifier tokenId = new TestTokenIdentifier(new Text(current
      .getUserName()));
  Token<TestTokenIdentifier> token = new Token<TestTokenIdentifier>(tokenId,
      sm);
  SecurityUtil.setTokenService(token, addr);
  current.addToken(token);

  Configuration newConf = new Configuration(conf);
  newConf.set(CommonConfigurationKeysPublic.
      HADOOP_RPC_SOCKET_FACTORY_CLASS_DEFAULT_KEY, "");

  Client client = null;
  TestSaslProtocol proxy1 = null;
  TestSaslProtocol proxy2 = null;
  TestSaslProtocol proxy3 = null;
  int timeouts[] = {111222, 3333333};
  try {
    newConf.setInt(CommonConfigurationKeysPublic.IPC_CLIENT_CONNECTION_MAXIDLETIME_KEY, timeouts[0]);
    proxy1 = RPC.getProxy(TestSaslProtocol.class,
        TestSaslProtocol.versionID, addr, newConf);
    proxy1.getAuthMethod();
    client = WritableRpcEngine.getClient(newConf);
    Set<ConnectionId> conns = client.getConnectionIds();
    assertEquals("number of connections in cache is wrong", 1, conns.size());
    // same conf, connection should be re-used
    proxy2 = RPC.getProxy(TestSaslProtocol.class,
        TestSaslProtocol.versionID, addr, newConf);
    proxy2.getAuthMethod();
    assertEquals("number of connections in cache is wrong", 1, conns.size());
    // different conf, new connection should be set up
    newConf.setInt(CommonConfigurationKeysPublic.IPC_CLIENT_CONNECTION_MAXIDLETIME_KEY, timeouts[1]);
    proxy3 = RPC.getProxy(TestSaslProtocol.class,
        TestSaslProtocol.versionID, addr, newConf);
    proxy3.getAuthMethod();
    assertEquals("number of connections in cache is wrong", 2, conns.size());
    // now verify the proxies have the correct connection ids and timeouts
    ConnectionId[] connsArray = {
        RPC.getConnectionIdForProxy(proxy1),
        RPC.getConnectionIdForProxy(proxy2),
        RPC.getConnectionIdForProxy(proxy3)
    };
    assertEquals(connsArray[0], connsArray[1]);
    assertEquals(connsArray[0].getMaxIdleTime(), timeouts[0]);
    assertFalse(connsArray[0].equals(connsArray[2]));
    assertNotSame(connsArray[2].getMaxIdleTime(), timeouts[1]);
  } finally {
    server.stop();
    // this is dirty, but clear out connection cache for next run
    if (client != null) {
      client.getConnectionIds().clear();
    }
    if (proxy1 != null) RPC.stopProxy(proxy1);
    if (proxy2 != null) RPC.stopProxy(proxy2);
    if (proxy3 != null) RPC.stopProxy(proxy3);
  }
}
 
Example 20
Project: hadoop   File: RegistrySecurity.java   Source Code and License Vote up 2 votes
/**
 * Given a UGI, create a SASL ACL from it
 * @param ugi UGI
 * @param perms permissions
 * @return a new ACL
 */
public ACL createSaslACL(UserGroupInformation ugi, int perms) {
  String userName = ugi.getUserName();
  return new ACL(perms, new Id(SCHEME_SASL, userName));
}