/** * Log a user in from a keytab file. Loads a user identity from a keytab * file and logs them in. They become the currently logged-in user. * @param user the principal name to load from the keytab * @param path the path to the keytab file * @throws IOException * @throws KerberosAuthException if it's a kerberos login exception. */ @InterfaceAudience.Public @InterfaceStability.Evolving public static void loginUserFromKeytab(String user, String path ) throws IOException { if (!isSecurityEnabled()) return; setLoginUser(loginUserFromKeytabAndReturnUGI(user, path)); LOG.info("Login successful for user " + user + " using keytab file " + path); }
/** * <p> * A {@link RawComparator} that uses a {@link JavaSerialization} * {@link Deserializer} to deserialize objects that are then compared via * their {@link Comparable} interfaces. * </p> * @param <T> * @see JavaSerialization */ @InterfaceAudience.Public @InterfaceStability.Unstable public class JavaSerializationComparator<T extends Serializable&Comparable<T>> extends DeserializerComparator<T> { @InterfaceAudience.Private public JavaSerializationComparator() throws IOException { super(new JavaSerialization.JavaSerializationDeserializer<T>()); } @Override @InterfaceAudience.Private public int compare(T o1, T o2) { return o1.compareTo(o2); } }
/** * NotInMountpointException extends the UnsupportedOperationException. * Exception class used in cases where the given path is not mounted * through viewfs. */ @InterfaceAudience.Public @InterfaceStability.Evolving /*Evolving for a release,to be changed to Stable */ @SuppressWarnings("serial") public class NotInMountpointException extends UnsupportedOperationException { final String msg; public NotInMountpointException(Path path, String operation) { msg = operation + " on path `" + path + "' is not within a mount point"; } public NotInMountpointException(String operation) { msg = operation + " on empty path is invalid"; } @Override public String getMessage() { return msg; } }
/** * The metrics sink interface. <p> * Implementations of this interface consume the {@link MetricsRecord} generated * from {@link MetricsSource}. It registers with {@link MetricsSystem} which * periodically pushes the {@link MetricsRecord} to the sink using * {@link #putMetrics(MetricsRecord)} method. If the implementing class also * implements {@link Closeable}, then the MetricsSystem will close the sink when * it is stopped. */ @InterfaceAudience.Public @InterfaceStability.Evolving public interface MetricsSink extends MetricsPlugin { /** * Put a metrics record in the sink * @param record the record to put */ void putMetrics(MetricsRecord record); /** * Flush any buffered metrics */ void flush(); }
/** * The mutable gauge metric interface */ @InterfaceAudience.Public @InterfaceStability.Evolving public abstract class MutableGauge extends MutableMetric { private final MetricsInfo info; protected MutableGauge(MetricsInfo info) { this.info = checkNotNull(info, "metric info"); } protected MetricsInfo info() { return info; } /** * Increment the value of the metric by 1 */ public abstract void incr(); /** * Decrement the value of the metric by 1 */ public abstract void decr(); }
/** * The <code>KerberosDelegationTokenAuthenticator</code> provides support for * Kerberos SPNEGO authentication mechanism and support for Hadoop Delegation * Token operations. * <p/> * It falls back to the {@link PseudoDelegationTokenAuthenticator} if the HTTP * endpoint does not trigger a SPNEGO authentication */ @InterfaceAudience.Public @InterfaceStability.Evolving public class KerberosDelegationTokenAuthenticator extends DelegationTokenAuthenticator { public KerberosDelegationTokenAuthenticator() { super(new KerberosAuthenticator() { @Override protected Authenticator getFallBackAuthenticator() { return new PseudoDelegationTokenAuthenticator(); } }); } }
/** * Re-Login a user in from the ticket cache. This * method assumes that login had happened already. * The Subject field of this UserGroupInformation object is updated to have * the new credentials. * @throws IOException * @throws KerberosAuthException on a failure */ @InterfaceAudience.Public @InterfaceStability.Evolving public void reloginFromTicketCache() throws IOException { if (!shouldRelogin() || !isFromTicket()) { return; } HadoopLoginContext login = getLogin(); if (login == null) { throw new KerberosAuthException(MUST_FIRST_LOGIN); } relogin(login); }
@InterfaceStability.Unstable @InterfaceAudience.Public public interface ImpersonationProvider extends Configurable { /** * Specifies the configuration prefix for the proxy user properties and * initializes the provider. * * @param configurationPrefix the configuration prefix for the proxy user * properties */ public void init(String configurationPrefix); /** * Authorize the superuser which is doing doAs * * @param user ugi of the effective or proxy user which contains a real user * @param remoteAddress the ip address of client * @throws AuthorizationException */ public void authorize(UserGroupInformation user, String remoteAddress) throws AuthorizationException; }
/** * Create a UserGroupInformation from a Kerberos ticket cache. * * @param user The principal name to load from the ticket * cache * @param ticketCache the path to the ticket cache file * * @throws IOException if the kerberos login fails */ @InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getUGIFromTicketCache( String ticketCache, String user) throws IOException { if (!isAuthenticationMethodEnabled(AuthenticationMethod.KERBEROS)) { return getBestUGI(null, user); } LoginParams params = new LoginParams(); params.put(LoginParam.PRINCIPAL, user); params.put(LoginParam.CCACHE, ticketCache); return doSubjectLogin(null, params); }
/** * Opaque, serializable reference to an uploadId for multipart uploads. */ @InterfaceAudience.Public @InterfaceStability.Evolving public interface UploadHandle extends Serializable { /** * @return Serialized from in bytes. */ default byte[] toByteArray() { ByteBuffer bb = bytes(); byte[] ret = new byte[bb.remaining()]; bb.get(ret); return ret; } ByteBuffer bytes(); @Override boolean equals(Object other); }
/** * Opaque, serializable reference to a part id for multipart uploads. */ @InterfaceAudience.Public @InterfaceStability.Evolving public interface PartHandle extends Serializable { /** * @return Serialized from in bytes. */ default byte[] toByteArray() { ByteBuffer bb = bytes(); byte[] ret = new byte[bb.remaining()]; bb.get(ret); return ret; } ByteBuffer bytes(); @Override boolean equals(Object other); }
/** * Create a UGI for testing HDFS and MapReduce * @param user the full user principal name * @param userGroups the names of the groups that the user belongs to * @return a fake user for running unit tests */ @InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createUserForTesting(String user, String[] userGroups) { ensureInitialized(); UserGroupInformation ugi = createRemoteUser(user); // make sure that the testing object is setup if (!(groups instanceof TestingGroups)) { groups = new TestingGroups(groups); } // add the user groups ((TestingGroups) groups).setUserGroups(ugi.getShortUserName(), userGroups); return ugi; }
/** * The metrics collector interface */ @InterfaceAudience.Public @InterfaceStability.Evolving public interface MetricsCollector { /** * Add a metrics record * @param name of the record * @return a {@link MetricsRecordBuilder} for the record {@code name} */ public MetricsRecordBuilder addRecord(String name); /** * Add a metrics record * @param info of the record * @return a {@link MetricsRecordBuilder} for metrics {@code info} */ public MetricsRecordBuilder addRecord(MetricsInfo info); }
/** * Login as a principal specified in config. Substitute $host in * user's Kerberos principal name with a dynamically looked-up fully-qualified * domain name of the current host. * * @param conf * conf to use * @param keytabFileKey * the key to look for keytab file in conf * @param userNameKey * the key to look for user's Kerberos principal name in conf * @throws IOException if login fails */ @InterfaceAudience.Public @InterfaceStability.Evolving public static void login(final Configuration conf, final String keytabFileKey, final String userNameKey) throws IOException { login(conf, keytabFileKey, userNameKey, getLocalHostName(conf)); }
/** * Interface to provide immutable metainfo for metrics. */ @InterfaceAudience.Public @InterfaceStability.Evolving public interface MetricsInfo { /** * Typically name corresponds to annotation {@link Metric#value()} or * the name of the class. * @return the name of the metric/tag */ String name(); /** * Typically the description corresponds to annotation {@link Metric#about()} * or the name of the class. * @return the description of the metric/tag */ String description(); }
/** * The mutable counter (monotonically increasing) metric interface */ @InterfaceAudience.Public @InterfaceStability.Evolving public abstract class MutableCounter extends MutableMetric { private final MetricsInfo info; protected MutableCounter(MetricsInfo info) { this.info = checkNotNull(info, "counter info"); } protected MetricsInfo info() { return info; } /** * Increment the metric value by 1. */ public abstract void incr(); }
/** * Client side authentication token that handles Delegation Tokens. */ @InterfaceAudience.Public @InterfaceStability.Unstable public static class Token extends AuthenticatedURL.Token { private org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> delegationToken; public org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> getDelegationToken() { return delegationToken; } public void setDelegationToken( org.apache.hadoop.security.token.Token<AbstractDelegationTokenIdentifier> delegationToken) { this.delegationToken = delegationToken; } }
/** * Create a user from a login name. It is intended to be used for remote * users in RPC, since it won't have any credentials. * @param user the full user principal name, must not be empty or null * @return the UserGroupInformation for the remote user. */ @InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation createRemoteUser(String user, AuthMethod authMethod) { if (user == null || user.isEmpty()) { throw new IllegalArgumentException("Null user"); } Subject subject = new Subject(); subject.getPrincipals().add(new User(user)); UserGroupInformation result = new UserGroupInformation(subject); result.setAuthenticationMethod(authMethod); return result; }
/** * A serializable lifecycle event: the time a state * transition occurred, and what state was entered. */ @Public @Evolving public class LifecycleEvent implements Serializable { private static final long serialVersionUID = 1648576996238247836L; /** * Local time in milliseconds when the event occurred */ public long time; /** * new state */ public Service.STATE state; }
/** * Return the current user, including any doAs in the current stack. * @return the current user * @throws IOException if login fails */ @InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getCurrentUser() throws IOException { AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); if (subject == null || subject.getPrincipals(User.class).isEmpty()) { return getLoginUser(); } else { return new UserGroupInformation(subject); } }