Java Code Examples for org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator

The following examples show how to use org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticator. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: hadoop   Source File: HttpFSFileSystem.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Called after a new FileSystem instance is constructed.
 *
 * @param name a uri whose authority section names the host, port, etc. for this FileSystem
 * @param conf the configuration
 */
@Override
public void initialize(URI name, Configuration conf) throws IOException {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();

  //the real use is the one that has the Kerberos credentials needed for
  //SPNEGO to work
  realUser = ugi.getRealUser();
  if (realUser == null) {
    realUser = UserGroupInformation.getLoginUser();
  }
  super.initialize(name, conf);
  try {
    uri = new URI(name.getScheme() + "://" + name.getAuthority());
  } catch (URISyntaxException ex) {
    throw new IOException(ex);
  }

  Class<? extends DelegationTokenAuthenticator> klass =
      getConf().getClass("httpfs.authenticator.class",
          KerberosDelegationTokenAuthenticator.class,
          DelegationTokenAuthenticator.class);
  DelegationTokenAuthenticator authenticator =
      ReflectionUtils.newInstance(klass, getConf());
  authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
 
Example 2
Source Project: big-c   Source File: HttpFSFileSystem.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Called after a new FileSystem instance is constructed.
 *
 * @param name a uri whose authority section names the host, port, etc. for this FileSystem
 * @param conf the configuration
 */
@Override
public void initialize(URI name, Configuration conf) throws IOException {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();

  //the real use is the one that has the Kerberos credentials needed for
  //SPNEGO to work
  realUser = ugi.getRealUser();
  if (realUser == null) {
    realUser = UserGroupInformation.getLoginUser();
  }
  super.initialize(name, conf);
  try {
    uri = new URI(name.getScheme() + "://" + name.getAuthority());
  } catch (URISyntaxException ex) {
    throw new IOException(ex);
  }

  Class<? extends DelegationTokenAuthenticator> klass =
      getConf().getClass("httpfs.authenticator.class",
          KerberosDelegationTokenAuthenticator.class,
          DelegationTokenAuthenticator.class);
  DelegationTokenAuthenticator authenticator =
      ReflectionUtils.newInstance(klass, getConf());
  authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
 
Example 3
Source Project: hadoop   Source File: TimelineClientImpl.java    License: Apache License 2.0 4 votes vote down vote up
protected void serviceInit(Configuration conf) throws Exception {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUgi = ugi.getRealUser();
  if (realUgi != null) {
    authUgi = realUgi;
    doAsUser = ugi.getShortUserName();
  } else {
    authUgi = ugi;
    doAsUser = null;
  }
  ClientConfig cc = new DefaultClientConfig();
  cc.getClasses().add(YarnJacksonJaxbJsonProvider.class);
  connConfigurator = newConnConfigurator(conf);
  if (UserGroupInformation.isSecurityEnabled()) {
    authenticator = new KerberosDelegationTokenAuthenticator();
  } else {
    authenticator = new PseudoDelegationTokenAuthenticator();
  }
  authenticator.setConnectionConfigurator(connConfigurator);
  token = new DelegationTokenAuthenticatedURL.Token();

  connectionRetry = new TimelineClientConnectionRetry(conf);
  client = new Client(new URLConnectionClientHandler(
      new TimelineURLConnectionFactory()), cc);
  TimelineJerseyRetryFilter retryFilter = new TimelineJerseyRetryFilter();
  client.addFilter(retryFilter);

  if (YarnConfiguration.useHttps(conf)) {
    resURI = URI
        .create(JOINER.join("https://", conf.get(
            YarnConfiguration.TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS,
            YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS),
            RESOURCE_URI_STR));
  } else {
    resURI = URI.create(JOINER.join("http://", conf.get(
        YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS,
        YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_ADDRESS),
        RESOURCE_URI_STR));
  }
  LOG.info("Timeline service address: " + resURI);
  super.serviceInit(conf);
}
 
Example 4
Source Project: big-c   Source File: TimelineClientImpl.java    License: Apache License 2.0 4 votes vote down vote up
protected void serviceInit(Configuration conf) throws Exception {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUgi = ugi.getRealUser();
  if (realUgi != null) {
    authUgi = realUgi;
    doAsUser = ugi.getShortUserName();
  } else {
    authUgi = ugi;
    doAsUser = null;
  }
  ClientConfig cc = new DefaultClientConfig();
  cc.getClasses().add(YarnJacksonJaxbJsonProvider.class);
  connConfigurator = newConnConfigurator(conf);
  if (UserGroupInformation.isSecurityEnabled()) {
    authenticator = new KerberosDelegationTokenAuthenticator();
  } else {
    authenticator = new PseudoDelegationTokenAuthenticator();
  }
  authenticator.setConnectionConfigurator(connConfigurator);
  token = new DelegationTokenAuthenticatedURL.Token();

  connectionRetry = new TimelineClientConnectionRetry(conf);
  client = new Client(new URLConnectionClientHandler(
      new TimelineURLConnectionFactory()), cc);
  TimelineJerseyRetryFilter retryFilter = new TimelineJerseyRetryFilter();
  client.addFilter(retryFilter);

  if (YarnConfiguration.useHttps(conf)) {
    resURI = URI
        .create(JOINER.join("https://", conf.get(
            YarnConfiguration.TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS,
            YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_HTTPS_ADDRESS),
            RESOURCE_URI_STR));
  } else {
    resURI = URI.create(JOINER.join("http://", conf.get(
        YarnConfiguration.TIMELINE_SERVICE_WEBAPP_ADDRESS,
        YarnConfiguration.DEFAULT_TIMELINE_SERVICE_WEBAPP_ADDRESS),
        RESOURCE_URI_STR));
  }
  LOG.info("Timeline service address: " + resURI);
  super.serviceInit(conf);
}