/** * Returns true if superUserName can proxy as userNameToProxyAs using the specified superUserKeytabLocation, false * otherwise. */ public static boolean canProxyAs(String userNameToProxyAs, String superUserName, Path superUserKeytabLocation) { try { loginAndProxyAsUser(userNameToProxyAs, superUserName, superUserKeytabLocation); } catch (IOException e) { return false; } return true; }
/** * Creates a {@link FileSystem} that can perform any operations allowed by the specified userNameToProxyAs. This * method first logs in as the specified super user. If Hadoop security is enabled, then logging in entails * authenticating via Kerberos. So logging in requires contacting the Kerberos infrastructure. A proxy user is then * created on behalf of the logged in user, and a {@link FileSystem} object is created using the proxy user's UGI. * * @param userNameToProxyAs The name of the user the super user should proxy as * @param superUserName The name of the super user with secure impersonation priveleges * @param superUserKeytabLocation The location of the keytab file for the super user * @param fsURI The {@link URI} for the {@link FileSystem} that should be created * @param conf The {@link Configuration} for the {@link FileSystem} that should be created * * @return a {@link FileSystem} that can execute commands on behalf of the specified userNameToProxyAs */ static FileSystem createProxiedFileSystemUsingKeytab(String userNameToProxyAs, String superUserName, Path superUserKeytabLocation, URI fsURI, Configuration conf) throws IOException, InterruptedException { return loginAndProxyAsUser(userNameToProxyAs, superUserName, superUserKeytabLocation) .doAs(new ProxiedFileSystem(fsURI, conf)); }