/** * @return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, * this always returns <code>false</code>. For secure Hadoop, it will return the value * from {@code UserGroupInformation.isSecurityEnabled()}. */ public boolean isHadoopSecurityEnabled() { return User.isSecurityEnabled(); }
@Test public void testSecurityForNonSecureHadoop() { assertFalse("Security should be disable in non-secure Hadoop", User.isSecurityEnabled()); Configuration conf = HBaseConfiguration.create(); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf)); conf = HBaseConfiguration.create(); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); assertFalse("HBase security should not be enabled if " + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly", User.isHBaseSecurityEnabled(conf)); conf = HBaseConfiguration.create(); conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); assertTrue("HBase security should be enabled regardless of underlying " + "HDFS settings", User.isHBaseSecurityEnabled(conf)); } }
/** * @return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, * this always returns <code>false</code>. For secure Hadoop, it will return the value * from {@code UserGroupInformation.isSecurityEnabled()}. */ public boolean isHadoopSecurityEnabled() { return User.isSecurityEnabled(); }
/** * @return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, * this always returns <code>false</code>. For secure Hadoop, it will return the value * from {@code UserGroupInformation.isSecurityEnabled()}. */ public boolean isHadoopSecurityEnabled() { return User.isSecurityEnabled(); }
/** * @return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, * this always returns <code>false</code>. For secure Hadoop, it will return the value * from {@code UserGroupInformation.isSecurityEnabled()}. */ public boolean isHadoopSecurityEnabled() { return User.isSecurityEnabled(); }
private void addJTDelegationToken(JobConf job) throws IOException { // Get jobTracker delegation token if security is enabled // we need to launch the ImportSequenceFile job if (User.isSecurityEnabled()) { JobClient jobClient = new JobClient(new JobConf(job)); try { job.getCredentials().addToken(new Text("my mr token"), jobClient.getDelegationToken(null)); } catch (InterruptedException e) { throw new IOException("Error while getting JT delegation token", e); } } }
/** * Start up or shuts down the Thrift server, depending on the arguments. * @param args */ void doMain(final String[] args) throws Exception { processOptions(args); // login the server principal (if using secure Hadoop) if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) { String machineName = Strings.domainNamePointerToHostName( DNS.getDefaultHost(conf.get("hbase.thrift.dns.interface", "default"), conf.get("hbase.thrift.dns.nameserver", "default"))); User.login(conf, "hbase.thrift.keytab.file", "hbase.thrift.kerberos.principal", machineName); } serverRunner = new ThriftServerRunner(conf); // Put up info server. int port = conf.getInt("hbase.thrift.info.port", 9095); if (port >= 0) { conf.setLong("startcode", System.currentTimeMillis()); String a = conf.get("hbase.thrift.info.bindAddress", "0.0.0.0"); infoServer = new InfoServer("thrift", a, port, false, conf); infoServer.setAttribute("hbase.conf", conf); infoServer.start(); } serverRunner.run(); }
if(User.isSecurityEnabled()) { FileSystem fs = FileSystem.get(cfg); userToken = fs.getDelegationToken("renewer");
/** * Creates a {@link Credentials} that contains delegation tokens of the current user for all services that CDAP uses. */ public Credentials createCredentials() { try { Credentials refreshedCredentials = new Credentials(); if (User.isSecurityEnabled()) { YarnTokenUtils.obtainToken(yarnConf, refreshedCredentials); } if (User.isHBaseSecurityEnabled(yarnConf)) { HBaseTokenUtils.obtainToken(yarnConf, refreshedCredentials); } if (secureExplore) { HiveTokenUtils.obtainTokens(cConf, refreshedCredentials); JobHistoryServerTokenUtils.obtainToken(yarnConf, refreshedCredentials); } if (secureStore instanceof DelegationTokensUpdater) { String renewer = UserGroupInformation.getCurrentUser().getShortUserName(); ((DelegationTokensUpdater) secureStore).addDelegationTokens(renewer, refreshedCredentials); } YarnUtils.addDelegationTokens(yarnConf, locationFactory, refreshedCredentials); return refreshedCredentials; } catch (IOException ioe) { throw Throwables.propagate(ioe); } }
/** * Creates a {@link Credentials} that contains delegation tokens of the current user for all services that CDAP uses. */ public Credentials createCredentials() { try { Credentials refreshedCredentials = new Credentials(); if (User.isSecurityEnabled()) { YarnTokenUtils.obtainToken(yarnConf, refreshedCredentials); } if (User.isHBaseSecurityEnabled(yarnConf)) { HBaseTokenUtils.obtainToken(yarnConf, refreshedCredentials); } if (secureExplore) { HiveTokenUtils.obtainTokens(cConf, refreshedCredentials); JobHistoryServerTokenUtils.obtainToken(yarnConf, refreshedCredentials); } if (secureStore instanceof DelegationTokensUpdater) { String renewer = UserGroupInformation.getCurrentUser().getShortUserName(); ((DelegationTokensUpdater) secureStore).addDelegationTokens(renewer, refreshedCredentials); } YarnUtils.addDelegationTokens(yarnConf, locationFactory, refreshedCredentials); return refreshedCredentials; } catch (IOException ioe) { throw Throwables.propagate(ioe); } }
Configuration conf = HBaseConfiguration.create(); if (User.isSecurityEnabled() && User.isHBaseSecurityEnabled(conf)) { String machineName = Strings.domainNamePointerToHostName( DNS.getDefaultHost(conf.get("hbase.rest.dns.interface", "default"),
@Test public void testSecurityForNonSecureHadoop() { assertFalse("Security should be disable in non-secure Hadoop", User.isSecurityEnabled()); Configuration conf = HBaseConfiguration.create(); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); assertTrue("Security should be enabled", User.isHBaseSecurityEnabled(conf)); conf = HBaseConfiguration.create(); conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); assertFalse("HBase security should not be enabled if " + User.HBASE_SECURITY_CONF_KEY + " is not set accordingly", User.isHBaseSecurityEnabled(conf)); conf = HBaseConfiguration.create(); conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); assertTrue("HBase security should be enabled regardless of underlying " + "HDFS settings", User.isHBaseSecurityEnabled(conf)); } }