/** * Checks if security is enabled. * * @param conf Alluxio configuration * @return true if security is enabled, false otherwise */ public static boolean isSecurityEnabled(AlluxioConfiguration conf) { return isAuthenticationEnabled(conf) && isAuthorizationEnabled(conf); }
/** * Gets the {@link User} from the {@link ThreadLocal} variable. * * @param conf Alluxio configuration * @return the client user, null if the user is not present */ // TODO(peis): Fail early if the user is not able to be set to avoid returning null. public static User get(AlluxioConfiguration conf) throws IOException { if (!SecurityUtils.isAuthenticationEnabled(conf)) { throw new IOException(ExceptionMessage.AUTHENTICATION_IS_NOT_ENABLED.getMessage()); } return sUserThreadLocal.get(); }
private GrpcServerBuilder(NettyServerBuilder nettyServerBuilder, AlluxioConfiguration conf) { mConfiguration = conf; mServices = new HashSet<>(); mNettyServerBuilder = nettyServerBuilder; if (SecurityUtils.isAuthenticationEnabled(conf)) { LoggerFactory.getLogger(GrpcServerBuilder.class).warn("Authentication ENABLED"); mAuthenticationServer = new DefaultAuthenticationServer(conf); addService(new GrpcService(mAuthenticationServer).disableAuthentication()); } }
/** * Add a service to this server. * * @param serviceDefinition the service definition of new service * @return an updated instance of this {@link GrpcServerBuilder} */ public GrpcServerBuilder addService(GrpcService serviceDefinition) { ServerServiceDefinition service = serviceDefinition.getServiceDefinition(); if (SecurityUtils.isAuthenticationEnabled(mConfiguration) && serviceDefinition.isAuthenticated()) { service = ServerInterceptors.intercept(service, mAuthenticationServer.getInterceptors()); } mNettyServerBuilder = mNettyServerBuilder.addService(service); return this; }
private String getQualifiedMetricName(String metricName) { try { if (SecurityUtils.isAuthenticationEnabled(mContext.getConf()) && LoginUser.get(mContext.getConf()) != null) { return Metric.getMetricNameWithTags(metricName, CommonMetrics.TAG_USER, LoginUser.get(mContext.getConf()).getName()); } else { return metricName; } } catch (IOException e) { return metricName; } }
/** * Creates context with given option data. * * @param optionsBuilder the options builder */ protected CreatePathContext(T optionsBuilder) { super(optionsBuilder); mMountPoint = false; mOperationTimeMs = System.currentTimeMillis(); mAcl = Collections.emptyList(); mMetadataLoad = false; mGroup = ""; mOwner = ""; if (SecurityUtils.isAuthenticationEnabled(ServerConfiguration.global())) { mOwner = SecurityUtils.getOwnerFromGrpcClient(ServerConfiguration.global()); mGroup = SecurityUtils.getGroupFromGrpcClient(ServerConfiguration.global()); } // Initialize mPersisted based on proto write type. WritePType writeType = WritePType.NONE; if (optionsBuilder instanceof CreateFilePOptions.Builder) { writeType = ((CreateFilePOptions.Builder) optionsBuilder).getWriteType(); } else if (optionsBuilder instanceof CreateDirectoryPOptions.Builder) { writeType = ((CreateDirectoryPOptions.Builder) optionsBuilder).getWriteType(); } mPersisted = WriteType.fromProto(writeType).isThrough(); }
private String getQualifiedMetricName(String metricName) { try { if (SecurityUtils.isAuthenticationEnabled(mConfiguration) && AuthenticatedClientUser.get(mConfiguration) != null) { return Metric.getMetricNameWithTags(metricName, CommonMetrics.TAG_USER, AuthenticatedClientUser.get(mConfiguration).getName(), WorkerMetrics.TAG_UFS, MetricsSystem.escape(new AlluxioURI(mPath)), WorkerMetrics.TAG_UFS_TYPE, mUnderFileSystem.getUnderFSType()); } } catch (IOException e) { // fall through } return Metric.getMetricNameWithTags(metricName, WorkerMetrics.TAG_UFS, MetricsSystem.escape(new AlluxioURI(mPath)), WorkerMetrics.TAG_UFS_TYPE, mUnderFileSystem.getUnderFSType()); }
/** * Gets the {@link User} from the {@link ThreadLocal} variable. * * @return the client user, null if the user is not present */ // TODO(peis): Fail early if the user is not able to be set to avoid returning null. public static User get() throws IOException { if (!SecurityUtils.isAuthenticationEnabled()) { throw new IOException(ExceptionMessage.AUTHENTICATION_IS_NOT_ENABLED.getMessage()); } return sUserThreadLocal.get(); }
/** * Checks if security is enabled. * * @return true if security is enabled, false otherwise */ public static boolean isSecurityEnabled() { return isAuthenticationEnabled() && isAuthorizationEnabled(); }
private String getQualifiedMetricName(String metricName) { try { if (SecurityUtils.isAuthenticationEnabled() && LoginUser.get() != null) { return Metric.getMetricNameWithTags(metricName, CommonMetrics.TAG_USER, LoginUser.get() .getName()); } else { return metricName; } } catch (IOException e) { return metricName; } }
private String getQualifiedMetricName(String metricName) { try { if (SecurityUtils.isAuthenticationEnabled() && AuthenticatedClientUser.get() != null) { return Metric.getMetricNameWithTags(metricName, CommonMetrics.TAG_USER, AuthenticatedClientUser.get().getName(), WorkerMetrics.TAG_UFS, MetricsSystem.escape(new AlluxioURI(mPath)), WorkerMetrics.TAG_UFS_TYPE, mUnderFileSystem.getUnderFSType()); } } catch (IOException e) { // fall through } return Metric.getMetricNameWithTags(metricName, WorkerMetrics.TAG_UFS, MetricsSystem.escape(new AlluxioURI(mPath)), WorkerMetrics.TAG_UFS_TYPE, mUnderFileSystem.getUnderFSType()); }
/** * Constructs an instance of {@link CreateFileOptions} from {@link CreateFileTOptions}. The option * of permission is constructed with the username obtained from thrift transport. * * @param options the {@link CreateFileTOptions} to use */ public CreateFileOptions(CreateFileTOptions options) { this(); if (options != null) { if (options.isSetCommonOptions()) { mCommonOptions = new CommonOptions(options.getCommonOptions()); } mBlockSizeBytes = options.getBlockSizeBytes(); mPersisted = options.isPersisted(); mRecursive = options.isRecursive(); mTtl = options.getTtl(); mTtlAction = TtlAction.fromThrift(options.getTtlAction()); if (SecurityUtils.isAuthenticationEnabled()) { mOwner = SecurityUtils.getOwnerFromThriftClient(); mGroup = SecurityUtils.getGroupFromThriftClient(); } if (options.isSetMode()) { mMode = new Mode(options.getMode()); } else { mMode.applyFileUMask(); } } }
/** * Constructs an instance of {@link CreateDirectoryOptions} from {@link CreateDirectoryTOptions}. * The option of permission is constructed with the username obtained from thrift * transport. * * @param options the {@link CreateDirectoryTOptions} to use */ public CreateDirectoryOptions(CreateDirectoryTOptions options) { this(); if (options != null) { if (options.isSetCommonOptions()) { mCommonOptions = new CommonOptions(options.getCommonOptions()); } mAllowExists = options.isAllowExists(); mPersisted = options.isPersisted(); mRecursive = options.isRecursive(); mTtl = options.getTtl(); mTtlAction = TtlAction.fromThrift(options.getTtlAction()); if (SecurityUtils.isAuthenticationEnabled()) { mOwner = SecurityUtils.getOwnerFromThriftClient(); mGroup = SecurityUtils.getGroupFromThriftClient(); } if (options.isSetMode()) { mMode = new Mode(options.getMode()); } else { mMode.applyDirectoryUMask(); } } }