public static void install(SecurityUtils.SecurityConfiguration config, Map<String, ClientSecurityConfiguration> clientSecurityConfigurationMap) throws Exception { SecurityUtils.install(config); // install dynamic JAAS entries checkArgument(config.getSecurityModules().contains(JaasModule.class)); DynamicConfiguration jaasConf = (DynamicConfiguration) javax.security.auth.login.Configuration.getConfiguration(); for(Map.Entry<String,ClientSecurityConfiguration> e : clientSecurityConfigurationMap.entrySet()) { AppConfigurationEntry entry = KerberosUtils.keytabEntry(e.getValue().getKeytab(), e.getValue().getPrincipal()); jaasConf.addAppConfigurationEntry(e.getKey(), entry); } }
/** * Installs a process-wide security configuration. * * Applies the configuration using the available security modules (i.e. Hadoop, JAAS). */ public static void install(SecurityConfiguration config) throws Exception { // install the security modules List<SecurityModule> modules = new ArrayList<>(); try { for (Class<? extends SecurityModule> moduleClass : config.getSecurityModules()) { SecurityModule module = moduleClass.newInstance(); module.install(config); modules.add(module); } } catch(Exception ex) { throw new Exception("unable to establish the security context", ex); } installedModules = modules; // install a security context // use the Hadoop login user as the subject of the installed security context if (!(installedContext instanceof NoOpSecurityContext)) { LOG.warn("overriding previous security context"); } UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); installedContext = new HadoopSecurityContext(loginUser); }