/** * @return <tt>true</tt> if security is enabled, <tt>false</tt> otherwise */ public boolean isHBaseSecurityEnabled() { return User.isHBaseSecurityEnabled(this.getConf()); }
private void addHBaseDelegationToken(Configuration conf) throws IOException, MetaException { if (User.isHBaseSecurityEnabled(conf)) { Connection connection = ConnectionFactory.createConnection(hbaseConf); try { User curUser = User.getCurrent(); Job job = new Job(conf); TokenUtil.addTokenForJob(connection, curUser, job); } catch (InterruptedException e) { throw new IOException("Error while obtaining hbase delegation token", e); } finally { if (connection != null) { connection.close(); } } } }
if (User.isHBaseSecurityEnabled(hconf)) { try { System.out.println("--------------Getting kerberos credential for user " + UserGroupInformation.getCurrentUser().getUserName());
if(user.isHBaseSecurityEnabled(hbaseConf)) { final Connection connection = ConnectionFactory.createConnection(hbaseConf, user); TokenUtil.obtainAndCacheToken(connection, user);
@Override protected String[] getArgsForLoadTestTool(String mode, String modeSpecificArg, long startKey, long numKeys) { String[] args = super.getArgsForLoadTestTool(mode, modeSpecificArg, startKey, numKeys); List<String> tmp = new ArrayList<>(Arrays.asList(args)); tmp.add(HYPHEN + LoadTestTool.OPT_GENERATOR); StringBuilder sb = new StringBuilder(LoadTestDataGeneratorWithACL.class.getName()); sb.append(COLON); if (User.isHBaseSecurityEnabled(getConf())) { sb.append(authnFileName); sb.append(COLON); } sb.append(superUser); sb.append(COLON); sb.append(userNames); sb.append(COLON); sb.append(Integer.toString(SPECIAL_PERM_CELL_INSERTION_FACTOR)); tmp.add(sb.toString()); return tmp.toArray(new String[tmp.size()]); } @Override
@Test public void testSecurityForNonSecureHadoop() { assertFalse("Security should be disable in non-secure Hadoop", User.isSecurityEnabled()); Configuration conf = HBaseConfiguration.create(); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf)); conf = HBaseConfiguration.create(); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); assertFalse("HBase security should not be enabled if " + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly", User.isHBaseSecurityEnabled(conf)); conf = HBaseConfiguration.create(); conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); assertTrue("HBase security should be enabled regardless of underlying " + "HDFS settings", User.isHBaseSecurityEnabled(conf)); } }
Set<SecurityCapabilitiesResponse.Capability> capabilities = new HashSet<>(); if (User.isHBaseSecurityEnabled(master.getConfiguration())) { capabilities.add(SecurityCapabilitiesResponse.Capability.SECURE_AUTHENTICATION); } else {
if (User.isHBaseSecurityEnabled(conf)) {
try { if (!users.containsKey(userNames[mod])) { if (User.isHBaseSecurityEnabled(conf)) { realUserUgi = HBaseKerberosUtils.loginAndReturnUGI(conf, userNames[mod]); } else {
/** * This method clones the passed <code>c</code> configuration setting a new * user into the clone. Use it getting new instances of FileSystem. Only * works for DistributedFileSystem w/o Kerberos. * @param c Initial configuration * @param differentiatingSuffix Suffix to differentiate this user from others. * @return A new configuration instance with a different user set into it. * @throws IOException */ public static User getDifferentUser(final Configuration c, final String differentiatingSuffix) throws IOException { FileSystem currentfs = FileSystem.get(c); if (!(currentfs instanceof DistributedFileSystem) || User.isHBaseSecurityEnabled(c)) { return User.getCurrent(); } // Else distributed filesystem. Make a new instance per daemon. Below // code is taken from the AppendTestUtil over in hdfs. String username = User.getCurrent().getName() + differentiatingSuffix; User user = User.createUserForTesting(c, username, new String[]{"supergroup"}); return user; }
UserGroupInformation realUserUgi; if(!users.containsKey(userNames[mod])) { if(User.isHBaseSecurityEnabled(conf)) { realUserUgi = HBaseKerberosUtils.loginAndReturnUGI(conf, userNames[mod]); } else {
@Override protected void processOptions(CommandLine cmd) { super.processOptions(cmd); if (cmd.hasOption(OPT_SUPERUSER)) { superUser = cmd.getOptionValue(OPT_SUPERUSER); } if (cmd.hasOption(OPT_USERS)) { userNames = cmd.getOptionValue(OPT_USERS); } if (User.isHBaseSecurityEnabled(getConf())) { boolean authFileNotFound = false; if (cmd.hasOption(OPT_AUTHN)) { authnFileName = cmd.getOptionValue(OPT_AUTHN); if (StringUtils.isEmpty(authnFileName)) { authFileNotFound = true; } } else { authFileNotFound = true; } if (authFileNotFound) { super.printUsage(); System.exit(EXIT_FAILURE); } } }
if (User.isHBaseSecurityEnabled(master.getConfiguration())) { builder.setOwner(user.getShortName());
if (dataGen instanceof LoadTestDataGeneratorWithACL) { LOG.info("Using LoadTestDataGeneratorWithACL"); if (User.isHBaseSecurityEnabled(conf)) { LOG.info("Security is enabled"); authnFileName = clazzAndArgs[1]; User user = null; for (String userStr : users) { if (User.isHBaseSecurityEnabled(conf)) { user = User.create(HBaseKerberosUtils.loginAndReturnUGI(conf, userStr)); } else {
if (User.isHBaseSecurityEnabled(hconf)) { try { System.out.println("--------------Getting kerberos credential for user " + UserGroupInformation.getCurrentUser().getUserName());
if (User.isHBaseSecurityEnabled(conf)) {
if (User.isHBaseSecurityEnabled(conf)) {
/** * @return <tt>true</tt> if security is enabled, <tt>false</tt> otherwise */ public boolean isHBaseSecurityEnabled() { return User.isHBaseSecurityEnabled(this.getConf()); }
LoadIncrementalHFiles(Configuration conf, Boolean useSecure) throws Exception { super(conf); this.cfg = conf; this.hbAdmin = new HBaseAdmin(conf); //added simple for testing this.useSecure = useSecure != null ? useSecure : User.isHBaseSecurityEnabled(conf); }
public static void initCredentials(JobConf job) throws IOException { if (User.isHBaseSecurityEnabled(job)) { try { User.getCurrent().obtainAuthTokenForJob(job); } catch (InterruptedException ie) { ie.printStackTrace(); Thread.interrupted(); } } }