private void checkSystemOrSuperUser(User activeUser) throws IOException { // No need to check if we're not going to throw if (!authorizationEnabled) { return; } if (!Superusers.isSuperUser(activeUser)) { throw new AccessDeniedException("User '" + (activeUser != null ? activeUser.getShortName() : "null") + "' is not system or super user."); } }
/** * @return <tt>true</tt> if security is enabled, <tt>false</tt> otherwise */ public boolean isHBaseSecurityEnabled() { return User.isHBaseSecurityEnabled(this.getConf()); }
/** * Returns the {@code User} instance within current execution context. */ public static User getCurrent() throws IOException { User user = new SecureHadoopUser(); if (user.getUGI() == null) { return null; } return user; }
/** * @return the userName for the current logged-in user. * @throws IOException if the underlying user cannot be obtained */ public String getCurrentUserName() throws IOException { User user = getCurrent(); return user == null ? null : user.getName(); }
public JVMClusterUtil.RegionServerThread addRegionServer( final Configuration config, final int index, User user) throws IOException, InterruptedException { return user.runAs( new PrivilegedExceptionAction<JVMClusterUtil.RegionServerThread>() { @Override public JVMClusterUtil.RegionServerThread run() throws Exception { return addRegionServer(config, index); } }); }
public MiniHBaseClusterRegionServer(Configuration conf) throws IOException, InterruptedException { super(conf); this.user = User.getCurrent(); }
/** * Set up configuration for a secure HDFS+HBase cluster. * @param conf configuration object. * @param servicePrincipal service principal used by NN, HM and RS. * @param spnegoPrincipal SPNEGO principal used by NN web UI. */ public static void setSecuredConfiguration(Configuration conf, String servicePrincipal, String spnegoPrincipal) { setPrincipalForTesting(servicePrincipal); setSecuredConfiguration(conf); setSecuredHadoopConfiguration(conf, spnegoPrincipal); }
private HBaseSaslRpcClient createSaslRpcClientSimple(String principal, String password) throws IOException { return new HBaseSaslRpcClient(AuthMethod.SIMPLE, createTokenMock(), principal, false); }
@Override public void preStopMaster(ObserverContext<MasterCoprocessorEnvironment> c) throws IOException { if (!hasAccess) { throw new AccessDeniedException("Insufficient permissions to stop master"); } }
/** * Wraps an underlying {@code UserGroupInformation} instance. * @param ugi The base Hadoop user * @return User */ public User create(UserGroupInformation ugi) { if (ugi == null) { return null; } return new User.SecureHadoopUser(ugi, groupCache); }
/** * In secure environment, if a user specified his keytab and principal, * a hbase client will try to login with them. Otherwise, hbase client will try to obtain * ticket(through kinit) from system. */ public boolean shouldLoginFromKeytab() { return User.shouldLoginFromKeytab(this.getConf()); }
/** * Returns whether or not Kerberos authentication is configured for Hadoop. * For non-secure Hadoop, this always returns <code>false</code>. * For secure Hadoop, it will return the value from * {@code UserGroupInformation.isSecurityEnabled()}. */ public static boolean isSecurityEnabled() { return SecureHadoopUser.isSecurityEnabled(); }
/** * Login with the given keytab and principal. * @param keytabLocation path of keytab * @param pricipalName login principal * @throws IOException underlying exception from UserGroupInformation.loginUserFromKeytab */ public static void login(String keytabLocation, String pricipalName) throws IOException { SecureHadoopUser.login(keytabLocation, pricipalName); }
private void disposeSasl() { if (saslRpcClient != null) { saslRpcClient.dispose(); saslRpcClient = null; } }
public void initCryptoCipher(RPCProtos.CryptoCipherMeta cryptoCipherMeta, Configuration conf) throws IOException { // create SaslAES for client cryptoAES = EncryptionUtil.createCryptoAES(cryptoCipherMeta, conf); cryptoAesEnable = true; }
public JVMClusterUtil.MasterThread addMaster( final Configuration c, final int index, User user) throws IOException, InterruptedException { return user.runAs( new PrivilegedExceptionAction<JVMClusterUtil.MasterThread>() { @Override public JVMClusterUtil.MasterThread run() throws Exception { return addMaster(c, index); } }); }
private HBaseSaslRpcClient createSaslRpcClientForKerberos(String principal) throws IOException { return new HBaseSaslRpcClient(AuthMethod.KERBEROS, createTokenMock(), principal, false); }
@Override public void preStopRegionServer(ObserverContext<RegionServerCoprocessorEnvironment> ctx) throws IOException { if (!hasAccess) { throw new AccessDeniedException("Insufficient permissions to stop region server."); } }
/** * Wraps an underlying {@code UserGroupInformation} instance. * @param ugi The base Hadoop user * @return User */ public static User create(UserGroupInformation ugi) { if (ugi == null) { return null; } return new SecureHadoopUser(ugi); }
@Override public void abort(final String reason, final Throwable cause) { this.user.runAs(new PrivilegedAction<Object>() { @Override public Object run() { abortRegionServer(reason, cause); return null; } }); }