Package org.apache.hadoop.hbase.security

Class User.SecureHadoopUser

java.lang.Object

org.apache.hadoop.hbase.security.User

org.apache.hadoop.hbase.security.User.SecureHadoopUser

Enclosing class:

User

@Private
public static final class User.SecureHadoopUser
extends User

Bridges User invocations to underlying calls to UserGroupInformation for secure Hadoop 0.20 and versions 0.21 and above.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.hbase.security.User

User.SecureHadoopUser, User.TestingGroups

Field Summary

Fields

Modifier and Type	Field	Description
private org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]>	cache
private String	shortName
private final String	toString	Cache value of this instance's toString() value.

Fields inherited from class org.apache.hadoop.hbase.security.User

HBASE_SECURITY_AUTHORIZATION_CONF_KEY, HBASE_SECURITY_CONF_KEY, ugi

Constructor Summary

Constructors

Constructor	Description
SecureHadoopUser()
SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi)
SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi, org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]> cache)

Method Summary

Modifier and Type	Method	Description
static User	createUserForTesting(org.apache.hadoop.conf.Configuration conf, String name, String[] groups)	Create a user for testing.
String[]	getGroupNames()	Returns the list of groups of which this user is a member.
String	getShortName()	Returns the shortened version of the user name -- the portion that maps to an operating system user name.
static boolean	isSecurityEnabled()	Returns the result of UserGroupInformation.isSecurityEnabled().
static void	login(String keytabLocation, String principalName)	Login through configured keytab and pricipal.
static void	login(org.apache.hadoop.conf.Configuration conf, String fileConfKey, String principalConfKey, String localhost)	Obtain credentials for the current process using the configured Kerberos keytab file and principal.
<T> T	runAs(PrivilegedAction<T> action)	Executes the given action within the context of this user.
<T> T	runAs(PrivilegedExceptionAction<T> action)	Executes the given action within the context of this user.
String	toString()

Methods inherited from class org.apache.hadoop.hbase.security.User

addToken, create, equals, getCurrent, getName, getToken, getTokens, getUGI, hashCode, isHBaseSecurityEnabled, isLoginFromKeytab, runAsLoginUser, shouldLoginFromKeytab

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details

shortName

private String shortName

cache

private org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]> cache

toString

private final String toString

Cache value of this instance's toString() value. Computing this value is expensive. Assumes the UGI is never updated. See HBASE-27708.

Constructor Details

SecureHadoopUser

public SecureHadoopUser()
                 throws IOException

Throws:

IOException

SecureHadoopUser

public SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi)

SecureHadoopUser

public SecureHadoopUser(org.apache.hadoop.security.UserGroupInformation ugi,
 org.apache.hbase.thirdparty.com.google.common.cache.LoadingCache<String,String[]> cache)

Method Details

getShortName

public String getShortName()

Description copied from class: User

Returns the shortened version of the user name -- the portion that maps to an operating system user name.

Specified by:

getShortName in class User

Returns:

Short name

getGroupNames

public String[] getGroupNames()

Description copied from class: User

Returns the list of groups of which this user is a member. On secure Hadoop this returns the group information for the user as resolved on the server. For 0.20 based Hadoop, the group names are passed from the client.

Overrides:

getGroupNames in class User

runAs

public <T> T runAs(PrivilegedAction<T> action)

Description copied from class: User

Executes the given action within the context of this user.

Specified by:

runAs in class User

runAs

public <T> T runAs(PrivilegedExceptionAction<T> action)
            throws IOException,
InterruptedException

Description copied from class: User

Executes the given action within the context of this user.

Specified by:

runAs in class User

Throws:

IOException

InterruptedException

toString

public String toString()

Overrides:

toString in class User

createUserForTesting

public static User createUserForTesting(org.apache.hadoop.conf.Configuration conf,
 String name,
 String[] groups)

Create a user for testing.

See Also:

• User.createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[])

login

public static void login(org.apache.hadoop.conf.Configuration conf,
 String fileConfKey,
 String principalConfKey,
 String localhost)
                  throws IOException

Obtain credentials for the current process using the configured Kerberos keytab file and principal.

Parameters:

conf - the Configuration to use

fileConfKey - Configuration property key used to store the path to the keytab file

principalConfKey - Configuration property key used to store the principal name to login as

localhost - the local hostname

Throws:

IOException

See Also:

• User.login(org.apache.hadoop.conf.Configuration, String, String, String)

login

public static void login(String keytabLocation,
 String principalName)
                  throws IOException

Login through configured keytab and pricipal.

Parameters:

keytabLocation - location of keytab

principalName - principal in keytab

Throws:

IOException - exception from UserGroupInformation.loginUserFromKeytab

isSecurityEnabled

public static boolean isSecurityEnabled()

Returns the result of UserGroupInformation.isSecurityEnabled().