/** * Returns the username for any user associated with the current RPC * request or not present if no user is set. */ public static Optional<String> getRequestUserName() { return getRequestUser().map(User::getShortName); }
protected void requirePermission(String request, Permission.Action perm) throws IOException { if (accessChecker != null) { accessChecker.requirePermission(RpcServer.getRequestUser().orElse(null), request, null, perm); } }
@Override public void stop(final String msg) { stop(msg, false, RpcServer.getRequestUser().orElse(null)); }
/** * Returns the active user to which authorization checks should be applied. * If we are in the context of an RPC call, the remote user is used, * otherwise the currently logged in user is used. */ private User getActiveUser() throws IOException { // for non-rpc handling, fallback to system user Optional<User> optionalUser = RpcServer.getRequestUser(); if (optionalUser.isPresent()) { return optionalUser.get(); } return userProvider.getCurrent(); } }
public User getRequestUser() { return RpcServer.getRequestUser().orElse(Superusers.getSystemUser()); }
@Override public void requestCompaction(String why, int priority, boolean major, CompactionLifeCycleTracker tracker) throws IOException { if (major) { stores.values().forEach(HStore::triggerMajorCompaction); } rsServices.getCompactionRequestor().requestCompaction(this, why, priority, tracker, RpcServer.getRequestUser().orElse(null)); }
private static User getActiveUser(final UserProvider userProvider, final Token userToken) throws IOException { User user = RpcServer.getRequestUser().orElse(userProvider.getCurrent()); if (user == null && userToken != null) { LOG.warn("No found of user credentials, but a token was got from user request"); } else if (user != null && userToken != null) { user.addToken(userToken); } return user; }
/** * @return User who called RPC method. For non-RPC handling, falls back to system user * @throws IOException When there is IOE in getting the system user (During non-RPC handling). */ public static User getActiveUser() throws IOException { Optional<User> optionalUser = RpcServer.getRequestUser(); User user; if (optionalUser.isPresent()) { user = optionalUser.get(); } else { user = User.getCurrent(); } if (LOG.isTraceEnabled()) { LOG.trace("Current active user name is " + user.getShortName()); } return user; }
private User getActiveUser() throws IOException { // for non-rpc handling, fallback to system user User user = RpcServer.getRequestUser().orElse(userProvider.getCurrent()); // this is for testing if (userProvider.isHadoopSecurityEnabled() && "simple".equalsIgnoreCase(conf.get(User.HBASE_SECURITY_CONF_KEY))) { return User.createUserForTesting(conf, user.getShortName(), new String[] {}); } return user; }
/** * Instantiates a new ObserverContext instance if the passed reference is <code>null</code> and * sets the environment in the new or existing instance. This allows deferring the instantiation * of a ObserverContext until it is actually needed. * @param <E> The environment type for the context * @param env The coprocessor environment to set * @return An instance of <code>ObserverContext</code> with the environment set */ @Deprecated @VisibleForTesting // TODO: Remove this method, ObserverContext should not depend on RpcServer public static <E extends CoprocessorEnvironment> ObserverContext<E> createAndPrepare(E env) { ObserverContextImpl<E> ctx = new ObserverContextImpl<>(RpcServer.getRequestUser().orElse(null)); ctx.prepare(env); return ctx; } }
@Override public void requestCompaction(byte[] family, String why, int priority, boolean major, CompactionLifeCycleTracker tracker) throws IOException { HStore store = stores.get(family); if (store == null) { throw new NoSuchColumnFamilyException("column family " + Bytes.toString(family) + " does not exist in region " + getRegionInfo().getRegionNameAsString()); } if (major) { store.triggerMajorCompaction(); } rsServices.getCompactionRequestor().requestCompaction(this, store, why, priority, tracker, RpcServer.getRequestUser().orElse(null)); }
final int numWrites, final int numReads, final int numScans) throws IOException, RpcThrottlingException { Optional<User> user = RpcServer.getRequestUser(); UserGroupInformation ugi; if (user.isPresent()) {
@Override public void whoAmI(RpcController controller, AuthenticationProtos.WhoAmIRequest request, RpcCallback<AuthenticationProtos.WhoAmIResponse> done) { AuthenticationProtos.WhoAmIResponse.Builder response = AuthenticationProtos.WhoAmIResponse.newBuilder(); RpcServer.getRequestUser().ifPresent(requestUser -> { response.setUsername(requestUser.getShortName()); AuthenticationMethod method = requestUser.getUGI().getAuthenticationMethod(); if (method != null) { response.setAuthMethod(method.name()); } }); done.run(response.build()); } }
throw new CoprocessorException("AccessController not yet initialized"); User caller = RpcServer.getRequestUser().orElse(null); if (LOG.isDebugEnabled()) { LOG.debug("Received request from {} to revoke access permission {}",
throw new CoprocessorException("AccessController not yet initialized"); User caller = RpcServer.getRequestUser().orElse(null); if (LOG.isDebugEnabled()) { LOG.debug("Received request from {} to grant access permission {}",
AccessControlProtos.HasPermissionResponse response = null; try { User caller = RpcServer.getRequestUser().orElse(null);
@Override public void getAuthenticationToken(RpcController controller, AuthenticationProtos.GetAuthenticationTokenRequest request, RpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> done) { AuthenticationProtos.GetAuthenticationTokenResponse.Builder response = AuthenticationProtos.GetAuthenticationTokenResponse.newBuilder(); try { if (secretManager == null) { throw new IOException( "No secret manager configured for token authentication"); } User currentUser = RpcServer.getRequestUser() .orElseThrow(() -> new AccessDeniedException("No authenticated user for request!")); UserGroupInformation ugi = currentUser.getUGI(); if (!isAllowedDelegationTokenOp(ugi)) { LOG.warn("Token generation denied for user=" + currentUser.getName() + ", authMethod=" + ugi.getAuthenticationMethod()); throw new AccessDeniedException( "Token generation only allowed for Kerberos authenticated clients"); } Token<AuthenticationTokenIdentifier> token = secretManager.generateToken(currentUser.getName()); response.setToken(TokenUtil.toToken(token)).build(); } catch (IOException ioe) { CoprocessorRpcUtils.setControllerException(controller, ioe); } done.run(response.build()); }
!Superusers.isSuperUser(RpcServer.getRequestUser().orElse(null)) && this.regionServer.getRegionServerSpaceQuotaManager() .areCompactionsDisabled(region.getTableDescriptor().getTableName())) {
/** * Triggers an asynchronous attempt to run a distributed procedure. * {@inheritDoc} */ @Override public ExecProcedureResponse execProcedure(RpcController controller, ExecProcedureRequest request) throws ServiceException { try { master.checkInitialized(); ProcedureDescription desc = request.getProcedure(); MasterProcedureManager mpm = master.getMasterProcedureManagerHost().getProcedureManager( desc.getSignature()); if (mpm == null) { throw new ServiceException(new DoNotRetryIOException("The procedure is not registered: " + desc.getSignature())); } LOG.info(master.getClientIdAuditPrefix() + " procedure request for: " + desc.getSignature()); mpm.checkPermissions(desc, accessChecker, RpcServer.getRequestUser().orElse(null)); mpm.execProcedure(desc); // send back the max amount of time the client should wait for the procedure // to complete long waitTime = SnapshotDescriptionUtils.DEFAULT_MAX_WAIT_TIME; return ExecProcedureResponse.newBuilder().setExpectedTimeout( waitTime).build(); } catch (ForeignException e) { throw new ServiceException(e.getCause()); } catch (IOException e) { throw new ServiceException(e); } }
User user = RpcServer.getRequestUser().orElse(null); TableName tableName = regionEnv.getRegion().getTableDescriptor().getTableName(); for (Permission permission : permissions) {