public void read(ObjectInputStream in) throws IOException { this.credentials = new Credentials(); credentials.readFields(in); } }
protected void write(ObjectOutputStream out) throws IOException { this.credentials.write(out); }
public JstormMasterContext(String user, ContainerId containerId, ApplicationAttemptId applicationAttemptId, long appSubmitTime, String nodeHostString, Configuration yarnConfig) { this.user = user; this.containerId = containerId; this.attemptId = applicationAttemptId; this.credentials = new Credentials(); this.submitTime = appSubmitTime; this.address = nodeHostString; this.config = yarnConfig; }
protected boolean shouldAuthenticateOverKrb() throws IOException { UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); UserGroupInformation currentUser = UserGroupInformation.getCurrentUser(); UserGroupInformation realUser = currentUser.getRealUser(); return authMethod == AuthMethod.KERBEROS && loginUser != null && // Make sure user logged in using Kerberos either keytab or TGT loginUser.hasKerberosCredentials() && // relogin only in case it is the login user (e.g. JT) // or superuser (like oozie). (loginUser.equals(currentUser) || loginUser.equals(realUser)); }
/** * Perform the given action as the daemon's current user. If an * InterruptedException is thrown, it is converted to an IOException. * * @param action the action to perform * @return the result of the action * @throws IOException in the event of error */ public static <T> T doAsCurrentUser(PrivilegedExceptionAction<T> action) throws IOException { return doAsUser(UserGroupInformation.getCurrentUser(), action); }
@Override public <T> T runAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException { return ugi.doAs(action); }
/** * Returns the full user name. For Kerberos principals this will include * the host and realm portions of the principal name. * * @return User full name. */ public String getName() { return ugi.getUserName(); }
/** * Perform the given action as the daemon's login user. If an * InterruptedException is thrown, it is converted to an IOException. * * @param action the action to perform * @return the result of the action * @throws IOException in the event of error */ public static <T> T doAsLoginUser(PrivilegedExceptionAction<T> action) throws IOException { return doAsUser(UserGroupInformation.getLoginUser(), action); }
@Override public UserGroupInformation getUserGroupInformation() { try { return UserGroupInformation.getLoginUser(); } catch (IOException e) { throw new UncheckedIOException(e); } } }
private UserGroupInformation createProxyUser(String user) { return UserGroupInformation.createProxyUser(user, hadoopAuthentication.getUserGroupInformation()); } }
/** * Returns the list of groups of which this user is a member. On secure * Hadoop this returns the group information for the user as resolved on the * server. For 0.20 based Hadoop, the group names are passed from the client. */ public String[] getGroupNames() { return ugi.getGroupNames(); }
/** * Add the given Credentials to this user. * @param credentials of tokens and secrets */ public void addCredentials(Credentials credentials) { synchronized (subject) { getCredentialsInternal().addAll(credentials); } }
/** * Refresh the netgroup cache */ @Override public void cacheGroupsRefresh() throws IOException { List<String> groups = NetgroupCache.getNetgroupNames(); NetgroupCache.clear(); cacheGroupsAdd(groups); }
/** * Refresh the netgroup cache */ @Override public void cacheGroupsRefresh() throws IOException { List<String> groups = NetgroupCache.getNetgroupNames(); NetgroupCache.clear(); cacheGroupsAdd(groups); }
private SaslServer createSaslServer(AuthMethod authMethod) throws IOException, InterruptedException { final Map<String,?> saslProps = saslPropsResolver.getServerProperties(addr); return new SaslRpcServer(authMethod).create(this, saslProps, secretManager); }
private String getKeytab() { HadoopLoginContext login = getLogin(); return (login != null) ? login.getConfiguration().getParameters().get(LoginParam.KEYTAB) : null; }
private void relogin(HadoopLoginContext login) throws IOException { // ensure the relogin is atomic to avoid leaving credentials in an // inconsistent state. prevents other ugi instances, SASL, and SPNEGO // from accessing or altering credentials during the relogin. synchronized(login.getSubjectLock()) { // another racing thread may have beat us to the relogin. if (login == getLogin()) { unprotectedRelogin(login); } } }
@Override public UserGroupInformation getUserGroupInformation() { Subject subject = kerberosAuthentication.getSubject(); return createUserGroupInformationForSubject(subject); } }
public void read(ObjectInputStream in) throws IOException { this.credentials = new Credentials(); credentials.readFields(in); }
protected void write(ObjectOutputStream out) throws IOException { this.credentials.write(out); }