/*** * Ticket renewer thread * wait till 80% time interval left on the ticket and then renew it */ @Override public void run() { try { KerberosTicket tgt = getTGT(); if (tgt == null) { LOGGER.warn("No ticket found in the cache"); return; } long nextRefresh = getRefreshTime(tgt); if (System.currentTimeMillis() >= nextRefresh) { loginWithNewContext(); LOGGER.debug("Renewed ticket"); } } catch (LoginException e) { LOGGER.warn("Failed to renew ticket", e); } }
public void shutDown() throws LoginException { if (renewerThread != null) { shutDownRenewer = true; } else { logoutSubject(); } } }
@Override public void close() throws Exception { if (kerberosContext != null) { kerberosContext.shutDown(); kerberosContext = null; } } }
LOGGER.info("Sentry Ticket renewer thread started"); while (!shutDownRenewer) { KerberosTicket tgt = getTGT(); if (tgt == null) { LOGGER.warn("No ticket found in the cache"); return; long nextRefresh = getRefreshTime(tgt); while (System.currentTimeMillis() < nextRefresh) { Thread.sleep(1000); loginWithNewContext(); LOGGER.debug("Renewed ticket"); LOGGER.warn("Failed to renew ticket", e); } finally { logoutSubject(); LOGGER.info("Sentry Ticket renewer thread finished");
@Override public String call() throws Exception { SentryKerberosContext kerberosContext = null; try { status = Status.STARTED; if (kerberos) { kerberosContext = new SentryKerberosContext(principal, keytab, true); Subject.doAs(kerberosContext.getSubject(), new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { runServer(); return null; } }); } else { runServer(); } } catch (Exception t) { LOGGER.error("Error starting server", t); throw new Exception("Error starting server", t); } finally { if (kerberosContext != null) { kerberosContext.shutDown(); } status = Status.NOT_STARTED; } return null; }
public SentryKerberosContext(String principal, String keyTab, boolean autoRenewTicket) throws LoginException { subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(principal)), new HashSet<Object>(), new HashSet<Object>()); kerberosConfig = KerberosConfiguration.createClientConfig(principal, new File(keyTab)); loginWithNewContext(); if (autoRenewTicket) { startRenewerThread(); } }
/** * Connect to HMS in unsecure mode or in Kerberos mode according to config. * * @return HMS connection * @throws IOException if could not establish connection * @throws InterruptedException if connection was interrupted * @throws MetaException if other errors happened */ public HMSClient connect() throws IOException, InterruptedException, MetaException { UserGroupInformation clientUGI; if (insecure) { clientUGI = UserGroupInformation.getCurrentUser(); } else { clientUGI = UserGroupInformation.getUGIFromSubject(kerberosContext.getSubject()); } return new HMSClient(clientUGI.doAs(new PrivilegedExceptionAction<HiveMetaStoreClient>() { @Override public HiveMetaStoreClient run() throws MetaException { return new HiveMetaStoreClient(hiveConf); } })); }
"Keytab %s does not exist or is not readable", keytab); kerberosContext = new SentryKerberosContext(principal, keytab, false); UserGroupInformation.setConfiguration(conf); LOGGER.info("Using secure connection to HMS");
@Override public String call() throws Exception { SentryKerberosContext kerberosContext = null; try { status = Status.STARTED; if (kerberos) { kerberosContext = new SentryKerberosContext(principal, keytab, true); Subject.doAs(kerberosContext.getSubject(), new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { runServer(); return null; } }); } else { runServer(); } } catch (Exception t) { LOGGER.error("Error starting server", t); throw new Exception("Error starting server", t); } finally { if (kerberosContext != null) { kerberosContext.shutDown(); } status = Status.NOT_STARTED; } return null; }
public SentryKerberosContext(String principal, String keyTab, boolean server) throws LoginException { subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal(principal)), new HashSet<Object>(), new HashSet<Object>()); if(server) { kerberosConfig = KerberosConfiguration.createServerConfig(principal, new File(keyTab)); } else { kerberosConfig = KerberosConfiguration.createClientConfig(principal, new File(keyTab)); } loginWithNewContext(); if (!server) { startRenewerThread(); } }
public void shutDown() throws LoginException { if (renewerService != null) { renewerService.shutdownNow(); LOGGER.info("Sentry Ticket renewer thread finished"); } logoutSubject(); } }
public void loginWithNewContext() throws LoginException { logoutSubject(); loginContext = new LoginContext("", subject, null, kerberosConfig); loginContext.login(); subject = loginContext.getSubject(); }
private void loginWithNewContext() throws LoginException { LOGGER.info("Logging in with new Context"); logoutSubject(); loginContext = new LoginContext("", subject, null, kerberosConfig); loginContext.login(); subject = loginContext.getSubject(); }