Java Code Examples for org.apache.hadoop.security.UserGroupInformation.hasKerberosCredentials()

The following are Jave code examples for showing how to use hasKerberosCredentials() of the org.apache.hadoop.security.UserGroupInformation class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
+ Save this method
Example 1
Project: flume-release-1.7.0   File: UGIExecutor.java   View Source Code Vote up 6 votes
private void reloginUGI(UserGroupInformation ugi) {
  try {
    if (ugi.hasKerberosCredentials()) {
      long now = System.currentTimeMillis();
      if (now - lastReloginAttempt < MIN_TIME_BEFORE_RELOGIN) {
        return;
      }
      lastReloginAttempt = now;
      ugi.checkTGTAndReloginFromKeytab();
    }
  } catch (IOException e) {
    throw new SecurityException("Error trying to relogin from keytab for user "
            + ugi.getUserName(), e);
  }
}
 
Example 2
Project: hadoop-oss   File: Client.java   View Source Code Vote up 5 votes
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  if (authMethod == AuthMethod.KERBEROS && loginUser != null &&
  // Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser))) {
    return true;
  }
  return false;
}
 
Example 3
Project: hadoop   File: RegistrySecurity.java   View Source Code Vote up 5 votes
/**
 * Create a SASL ACL for the user
 * @param perms permissions
 * @return an ACL for the current user or null if they aren't a kerberos user
 * @throws IOException
 */
public ACL createSaslACLFromCurrentUser(int perms) throws IOException {
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  if (currentUser.hasKerberosCredentials()) {
    return createSaslACL(currentUser, perms);
  } else {
    return null;
  }
}
 
Example 4
Project: hadoop   File: Client.java   View Source Code Vote up 5 votes
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  if (authMethod == AuthMethod.KERBEROS && loginUser != null &&
  // Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser))) {
    return true;
  }
  return false;
}
 
Example 5
Project: ditb   File: RpcClientImpl.java   View Source Code Vote up 5 votes
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser =
    UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  return authMethod == AuthMethod.KERBEROS &&
      loginUser != null &&
      //Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser));
}
 
Example 6
Project: ditb   File: AsyncRpcChannel.java   View Source Code Vote up 5 votes
/**
 * Check if user should authenticate over Kerberos
 *
 * @return true if should be authenticated over Kerberos
 * @throws java.io.IOException on failure of check
 */
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  return authMethod == AuthMethod.KERBEROS &&
      loginUser != null &&
      //Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser));
}
 
Example 7
Project: hadoop-oss   File: Client.java   View Source Code Vote up 4 votes
private synchronized void setupConnection() throws IOException {
  short ioFailures = 0;
  short timeoutFailures = 0;
  while (true) {
    try {
      this.socket = socketFactory.createSocket();
      this.socket.setTcpNoDelay(tcpNoDelay);
      this.socket.setKeepAlive(true);
      
      if (tcpLowLatency) {
        /*
         * This allows intermediate switches to shape IPC traffic
         * differently from Shuffle/HDFS DataStreamer traffic.
         *
         * IPTOS_RELIABILITY (0x04) | IPTOS_LOWDELAY (0x10)
         *
         * Prefer to optimize connect() speed & response latency over net
         * throughput.
         */
        this.socket.setTrafficClass(0x04 | 0x10);
        this.socket.setPerformancePreferences(1, 2, 0);
      }

      /*
       * Bind the socket to the host specified in the principal name of the
       * client, to ensure Server matching address of the client connection
       * to host name in principal passed.
       */
      UserGroupInformation ticket = remoteId.getTicket();
      if (ticket != null && ticket.hasKerberosCredentials()) {
        KerberosInfo krbInfo = 
          remoteId.getProtocol().getAnnotation(KerberosInfo.class);
        if (krbInfo != null && krbInfo.clientPrincipal() != null) {
          String host = 
            SecurityUtil.getHostFromPrincipal(remoteId.getTicket().getUserName());
          
          // If host name is a valid local address then bind socket to it
          InetAddress localAddr = NetUtils.getLocalInetAddress(host);
          if (localAddr != null) {
            this.socket.setReuseAddress(true);
            this.socket.bind(new InetSocketAddress(localAddr, 0));
          }
        }
      }
      
      NetUtils.connect(this.socket, server, connectionTimeout);
      if (rpcTimeout > 0) {
        pingInterval = rpcTimeout;  // rpcTimeout overwrites pingInterval
      }
      this.socket.setSoTimeout(pingInterval);
      return;
    } catch (ConnectTimeoutException toe) {
      /* Check for an address change and update the local reference.
       * Reset the failure counter if the address was changed
       */
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionTimeout(timeoutFailures++,
          maxRetriesOnSocketTimeouts, toe);
    } catch (IOException ie) {
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionFailure(ioFailures++, ie);
    }
  }
}
 
Example 8
Project: hadoop   File: Client.java   View Source Code Vote up 4 votes
private synchronized void setupConnection() throws IOException {
  short ioFailures = 0;
  short timeoutFailures = 0;
  while (true) {
    try {
      this.socket = socketFactory.createSocket();
      this.socket.setTcpNoDelay(tcpNoDelay);
      this.socket.setKeepAlive(true);
      
      /*
       * Bind the socket to the host specified in the principal name of the
       * client, to ensure Server matching address of the client connection
       * to host name in principal passed.
       */
      UserGroupInformation ticket = remoteId.getTicket();
      if (ticket != null && ticket.hasKerberosCredentials()) {
        KerberosInfo krbInfo = 
          remoteId.getProtocol().getAnnotation(KerberosInfo.class);
        if (krbInfo != null && krbInfo.clientPrincipal() != null) {
          String host = 
            SecurityUtil.getHostFromPrincipal(remoteId.getTicket().getUserName());
          
          // If host name is a valid local address then bind socket to it
          InetAddress localAddr = NetUtils.getLocalInetAddress(host);
          if (localAddr != null) {
            this.socket.bind(new InetSocketAddress(localAddr, 0));
          }
        }
      }
      
      NetUtils.connect(this.socket, server, connectionTimeout);
      if (rpcTimeout > 0) {
        pingInterval = rpcTimeout;  // rpcTimeout overwrites pingInterval
      }
      this.socket.setSoTimeout(pingInterval);
      return;
    } catch (ConnectTimeoutException toe) {
      /* Check for an address change and update the local reference.
       * Reset the failure counter if the address was changed
       */
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionTimeout(timeoutFailures++,
          maxRetriesOnSocketTimeouts, toe);
    } catch (IOException ie) {
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionFailure(ioFailures++, ie);
    }
  }
}