org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator Java Examples

The following examples show how to use org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: HttpFSFileSystem.java    From hadoop with Apache License 2.0 6 votes vote down vote up
/**
 * Called after a new FileSystem instance is constructed.
 *
 * @param name a uri whose authority section names the host, port, etc. for this FileSystem
 * @param conf the configuration
 */
@Override
public void initialize(URI name, Configuration conf) throws IOException {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();

  //the real use is the one that has the Kerberos credentials needed for
  //SPNEGO to work
  realUser = ugi.getRealUser();
  if (realUser == null) {
    realUser = UserGroupInformation.getLoginUser();
  }
  super.initialize(name, conf);
  try {
    uri = new URI(name.getScheme() + "://" + name.getAuthority());
  } catch (URISyntaxException ex) {
    throw new IOException(ex);
  }

  Class<? extends DelegationTokenAuthenticator> klass =
      getConf().getClass("httpfs.authenticator.class",
          KerberosDelegationTokenAuthenticator.class,
          DelegationTokenAuthenticator.class);
  DelegationTokenAuthenticator authenticator =
      ReflectionUtils.newInstance(klass, getConf());
  authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
 
Example #2
Source File: HttpFSFileSystem.java    From big-c with Apache License 2.0 6 votes vote down vote up
/**
 * Called after a new FileSystem instance is constructed.
 *
 * @param name a uri whose authority section names the host, port, etc. for this FileSystem
 * @param conf the configuration
 */
@Override
public void initialize(URI name, Configuration conf) throws IOException {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();

  //the real use is the one that has the Kerberos credentials needed for
  //SPNEGO to work
  realUser = ugi.getRealUser();
  if (realUser == null) {
    realUser = UserGroupInformation.getLoginUser();
  }
  super.initialize(name, conf);
  try {
    uri = new URI(name.getScheme() + "://" + name.getAuthority());
  } catch (URISyntaxException ex) {
    throw new IOException(ex);
  }

  Class<? extends DelegationTokenAuthenticator> klass =
      getConf().getClass("httpfs.authenticator.class",
          KerberosDelegationTokenAuthenticator.class,
          DelegationTokenAuthenticator.class);
  DelegationTokenAuthenticator authenticator =
      ReflectionUtils.newInstance(klass, getConf());
  authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
 
Example #3
Source File: TimelineClientImpl.java    From hadoop with Apache License 2.0 4 votes vote down vote up
protected void serviceInit(Configuration conf) throws Exception {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUgi = ugi.getRealUser();
  if (realUgi != null) {
    authUgi = realUgi;
    doAsUser = ugi.getShortUserName();
  } else {
    authUgi = ugi;
    doAsUser = null;
  }
  ClientConfig cc = new DefaultClientConfig();
  cc.getClasses().add(YarnJacksonJaxbJsonProvider.class);
  connConfigurator = newConnConfigurator(conf);
  if (UserGroupInformation.isSecurityEnabled()) {
    authenticator = new KerberosDelegationTokenAuthenticator();
  } else {
    authenticator = new PseudoDelegationTokenAuthenticator();
  }
  authenticator.setConnectionConfigurator(connConfigurator);
  token = new DelegationTokenAuthenticatedURL.Token();

  connectionRetry = new TimelineClientConnectionRetry(conf);
  client = new Client(new URLConnectionClientHandler(
      new TimelineURLConnectionFactory()), cc);
  TimelineJerseyRetryFilter retryFilter = new TimelineJerseyRetryFilter();
  client.addFilter(retryFilter);

  if (YarnConfiguration.useHttps(conf)) {
    resURI = URI
        .create(JOINER.join("https://", conf.get(
            YarnConfiguration.TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS,
            YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS),
            RESOURCE_URI_STR));
  } else {
    resURI = URI.create(JOINER.join("http://", conf.get(
        YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS,
        YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_ADDRESS),
        RESOURCE_URI_STR));
  }
  LOG.info("Timeline service address: " + resURI);
  super.serviceInit(conf);
}
 
Example #4
Source File: TimelineClientImpl.java    From big-c with Apache License 2.0 4 votes vote down vote up
protected void serviceInit(Configuration conf) throws Exception {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUgi = ugi.getRealUser();
  if (realUgi != null) {
    authUgi = realUgi;
    doAsUser = ugi.getShortUserName();
  } else {
    authUgi = ugi;
    doAsUser = null;
  }
  ClientConfig cc = new DefaultClientConfig();
  cc.getClasses().add(YarnJacksonJaxbJsonProvider.class);
  connConfigurator = newConnConfigurator(conf);
  if (UserGroupInformation.isSecurityEnabled()) {
    authenticator = new KerberosDelegationTokenAuthenticator();
  } else {
    authenticator = new PseudoDelegationTokenAuthenticator();
  }
  authenticator.setConnectionConfigurator(connConfigurator);
  token = new DelegationTokenAuthenticatedURL.Token();

  connectionRetry = new TimelineClientConnectionRetry(conf);
  client = new Client(new URLConnectionClientHandler(
      new TimelineURLConnectionFactory()), cc);
  TimelineJerseyRetryFilter retryFilter = new TimelineJerseyRetryFilter();
  client.addFilter(retryFilter);

  if (YarnConfiguration.useHttps(conf)) {
    resURI = URI
        .create(JOINER.join("https://", conf.get(
            YarnConfiguration.TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS,
            YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS),
            RESOURCE_URI_STR));
  } else {
    resURI = URI.create(JOINER.join("http://", conf.get(
        YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS,
        YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_ADDRESS),
        RESOURCE_URI_STR));
  }
  LOG.info("Timeline service address: " + resURI);
  super.serviceInit(conf);
}