/** * Wrapper around {@link #validateKerberosPrincipal(KerberosPrincipalId)} to validate a principal in string format */ public static void validateKerberosPrincipal(String principal) { validateKerberosPrincipal(new KerberosPrincipalId(principal)); }
/** * Validates the given {@link NamespacedEntityId} to be supported by the {@link OwnerStore} * i.e. the entity can be associated with an owner. * Validated the given {@link KerberosPrincipalId} to be valid i.e. it can be used to create a * {@link org.apache.hadoop.security.authentication.util.KerberosName}. * See {@link SecurityUtil#validateKerberosPrincipal(KerberosPrincipalId)} * * @param entityId {@link NamespacedEntityId} to be validated * @param principalId {@link KerberosPrincipalId} to be validated */ protected final void validate(NamespacedEntityId entityId, KerberosPrincipalId principalId) { validate(entityId); SecurityUtil.validateKerberosPrincipal(principalId); }
/** * Receives an input containing application specification and location * and verifies both. * * @param input An instance of {@link ApplicationDeployable} */ @Override public void process(ApplicationDeployable input) throws Exception { Preconditions.checkNotNull(input); ApplicationSpecification specification = input.getSpecification(); ApplicationId appId = input.getApplicationId(); // verify that the owner principal is valid if one was given if (input.getOwnerPrincipal() != null) { SecurityUtil.validateKerberosPrincipal(input.getOwnerPrincipal()); } Collection<ApplicationId> allAppVersionsAppIds = store.getAllAppVersionsAppIds(appId); // if allAppVersionsAppIds.isEmpty() is false that means some version of this app already exists so we should // verify that the owner is same if (!allAppVersionsAppIds.isEmpty()) { verifyOwner(appId, input.getOwnerPrincipal()); } verifySpec(appId, specification); // We are verifying owner of dataset at this stage itself even though the creation will fail in later // stage if the owner is different because we don't want to end up in scenario where we created few dataset // and the failed because some dataset already exists and have different owner verifyData(appId, specification, input.getOwnerPrincipal()); verifyPrograms(appId, specification); // Emit the input to next stage. emit(input); }
/** * Receives an input containing application specification and location * and verifies both. * * @param input An instance of {@link ApplicationDeployable} */ @Override public void process(ApplicationDeployable input) throws Exception { Preconditions.checkNotNull(input); ApplicationSpecification specification = input.getSpecification(); ApplicationId appId = input.getApplicationId(); // verify that the owner principal is valid if one was given if (input.getOwnerPrincipal() != null) { SecurityUtil.validateKerberosPrincipal(input.getOwnerPrincipal()); } Collection<ApplicationId> allAppVersionsAppIds = store.getAllAppVersionsAppIds(appId); // if allAppVersionsAppIds.isEmpty() is false that means some version of this app already exists so we should // verify that the owner is same if (!allAppVersionsAppIds.isEmpty()) { verifyOwner(appId, input.getOwnerPrincipal()); } verifySpec(appId, specification); // We are verifying owner of dataset/stream at this stage itself even though the creation will fail in later // stage if the owner is different because we don't want to end up in scenario where we created few dataset/streams // and the failed because some dataset/stream already exists and have different owner verifyData(appId, specification, input.getOwnerPrincipal()); verifyPrograms(appId, specification); // Emit the input to next stage. emit(input); }
SecurityUtil.validateKerberosPrincipal(properties.getOwnerPrincipal());