|
@@ -69,7 +69,7 @@ import org.apache.hadoop.util.Shell;
|
|
|
* user's username and groups. It supports both the Windows, Unix and Kerberos
|
|
* user's username and groups. It supports both the Windows, Unix and Kerberos
|
|
|
* login modules.
|
|
* login modules.
|
|
|
*/
|
|
*/
|
|
|
-@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
|
|
|
|
|
|
+@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"})
|
|
|
@InterfaceStability.Evolving
|
|
@InterfaceStability.Evolving
|
|
|
public class UserGroupInformation {
|
|
public class UserGroupInformation {
|
|
|
private static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
|
|
private static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
|
|
@@ -258,6 +258,8 @@ public class UserGroupInformation {
|
|
|
* group look up service.
|
|
* group look up service.
|
|
|
* @param conf the configuration to use
|
|
* @param conf the configuration to use
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public static void setConfiguration(Configuration conf) {
|
|
public static void setConfiguration(Configuration conf) {
|
|
|
initialize(conf, false);
|
|
initialize(conf, false);
|
|
|
}
|
|
}
|
|
@@ -500,6 +502,8 @@ public class UserGroupInformation {
|
|
|
* @return the current user
|
|
* @return the current user
|
|
|
* @throws IOException if login fails
|
|
* @throws IOException if login fails
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public synchronized
|
|
public synchronized
|
|
|
static UserGroupInformation getCurrentUser() throws IOException {
|
|
static UserGroupInformation getCurrentUser() throws IOException {
|
|
|
AccessControlContext context = AccessController.getContext();
|
|
AccessControlContext context = AccessController.getContext();
|
|
@@ -516,6 +520,8 @@ public class UserGroupInformation {
|
|
|
* @return the logged in user
|
|
* @return the logged in user
|
|
|
* @throws IOException if login fails
|
|
* @throws IOException if login fails
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public synchronized
|
|
public synchronized
|
|
|
static UserGroupInformation getLoginUser() throws IOException {
|
|
static UserGroupInformation getLoginUser() throws IOException {
|
|
|
if (loginUser == null) {
|
|
if (loginUser == null) {
|
|
@@ -652,6 +658,8 @@ public class UserGroupInformation {
|
|
|
* @param path the path to the keytab file
|
|
* @param path the path to the keytab file
|
|
|
* @throws IOException if the keytab file can't be read
|
|
* @throws IOException if the keytab file can't be read
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public synchronized
|
|
public synchronized
|
|
|
static void loginUserFromKeytab(String user,
|
|
static void loginUserFromKeytab(String user,
|
|
|
String path
|
|
String path
|
|
@@ -710,6 +718,8 @@ public class UserGroupInformation {
|
|
|
* the new credentials.
|
|
* the new credentials.
|
|
|
* @throws IOException on a failure
|
|
* @throws IOException on a failure
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public synchronized void reloginFromKeytab()
|
|
public synchronized void reloginFromKeytab()
|
|
|
throws IOException {
|
|
throws IOException {
|
|
|
if (!isSecurityEnabled() ||
|
|
if (!isSecurityEnabled() ||
|
|
@@ -769,6 +779,8 @@ public class UserGroupInformation {
|
|
|
* the new credentials.
|
|
* the new credentials.
|
|
|
* @throws IOException on a failure
|
|
* @throws IOException on a failure
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public synchronized void reloginFromTicketCache()
|
|
public synchronized void reloginFromTicketCache()
|
|
|
throws IOException {
|
|
throws IOException {
|
|
|
if (!isSecurityEnabled() ||
|
|
if (!isSecurityEnabled() ||
|
|
@@ -867,6 +879,8 @@ public class UserGroupInformation {
|
|
|
* Did the login happen via keytab
|
|
* Did the login happen via keytab
|
|
|
* @return true or false
|
|
* @return true or false
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public synchronized static boolean isLoginKeytabBased() throws IOException {
|
|
public synchronized static boolean isLoginKeytabBased() throws IOException {
|
|
|
return getLoginUser().isKeytab;
|
|
return getLoginUser().isKeytab;
|
|
|
}
|
|
}
|
|
@@ -877,6 +891,8 @@ public class UserGroupInformation {
|
|
|
* @param user the full user principal name, must not be empty or null
|
|
* @param user the full user principal name, must not be empty or null
|
|
|
* @return the UserGroupInformation for the remote user.
|
|
* @return the UserGroupInformation for the remote user.
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public static UserGroupInformation createRemoteUser(String user) {
|
|
public static UserGroupInformation createRemoteUser(String user) {
|
|
|
if (user == null || "".equals(user)) {
|
|
if (user == null || "".equals(user)) {
|
|
|
throw new IllegalArgumentException("Null user");
|
|
throw new IllegalArgumentException("Null user");
|
|
@@ -891,6 +907,7 @@ public class UserGroupInformation {
|
|
|
/**
|
|
/**
|
|
|
* existing types of authentications' methods
|
|
* existing types of authentications' methods
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
@InterfaceStability.Evolving
|
|
@InterfaceStability.Evolving
|
|
|
public static enum AuthenticationMethod {
|
|
public static enum AuthenticationMethod {
|
|
|
SIMPLE,
|
|
SIMPLE,
|
|
@@ -908,6 +925,8 @@ public class UserGroupInformation {
|
|
|
* @param realUser
|
|
* @param realUser
|
|
|
* @return proxyUser ugi
|
|
* @return proxyUser ugi
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public static UserGroupInformation createProxyUser(String user,
|
|
public static UserGroupInformation createProxyUser(String user,
|
|
|
UserGroupInformation realUser) {
|
|
UserGroupInformation realUser) {
|
|
|
if (user == null || "".equals(user)) {
|
|
if (user == null || "".equals(user)) {
|
|
@@ -929,6 +948,8 @@ public class UserGroupInformation {
|
|
|
* get RealUser (vs. EffectiveUser)
|
|
* get RealUser (vs. EffectiveUser)
|
|
|
* @return realUser running over proxy user
|
|
* @return realUser running over proxy user
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public UserGroupInformation getRealUser() {
|
|
public UserGroupInformation getRealUser() {
|
|
|
for (RealUser p: subject.getPrincipals(RealUser.class)) {
|
|
for (RealUser p: subject.getPrincipals(RealUser.class)) {
|
|
|
return p.getRealUser();
|
|
return p.getRealUser();
|
|
@@ -974,7 +995,8 @@ public class UserGroupInformation {
|
|
|
* @param userGroups the names of the groups that the user belongs to
|
|
* @param userGroups the names of the groups that the user belongs to
|
|
|
* @return a fake user for running unit tests
|
|
* @return a fake user for running unit tests
|
|
|
*/
|
|
*/
|
|
|
- @InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
|
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public static UserGroupInformation createUserForTesting(String user,
|
|
public static UserGroupInformation createUserForTesting(String user,
|
|
|
String[] userGroups) {
|
|
String[] userGroups) {
|
|
|
ensureInitialized();
|
|
ensureInitialized();
|
|
@@ -1000,7 +1022,6 @@ public class UserGroupInformation {
|
|
|
* the names of the groups that the user belongs to
|
|
* the names of the groups that the user belongs to
|
|
|
* @return a fake user for running unit tests
|
|
* @return a fake user for running unit tests
|
|
|
*/
|
|
*/
|
|
|
- @InterfaceAudience.LimitedPrivate( { "HDFS", "MapReduce" })
|
|
|
|
|
public static UserGroupInformation createProxyUserForTesting(String user,
|
|
public static UserGroupInformation createProxyUserForTesting(String user,
|
|
|
UserGroupInformation realUser, String[] userGroups) {
|
|
UserGroupInformation realUser, String[] userGroups) {
|
|
|
ensureInitialized();
|
|
ensureInitialized();
|
|
@@ -1029,6 +1050,8 @@ public class UserGroupInformation {
|
|
|
* Get the user's full principal name.
|
|
* Get the user's full principal name.
|
|
|
* @return the user's full principal name.
|
|
* @return the user's full principal name.
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public String getUserName() {
|
|
public String getUserName() {
|
|
|
return user.getName();
|
|
return user.getName();
|
|
|
}
|
|
}
|
|
@@ -1182,6 +1205,8 @@ public class UserGroupInformation {
|
|
|
* @param action the method to execute
|
|
* @param action the method to execute
|
|
|
* @return the value from the run method
|
|
* @return the value from the run method
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public <T> T doAs(PrivilegedAction<T> action) {
|
|
public <T> T doAs(PrivilegedAction<T> action) {
|
|
|
logPrivilegedAction(subject, action);
|
|
logPrivilegedAction(subject, action);
|
|
|
return Subject.doAs(subject, action);
|
|
return Subject.doAs(subject, action);
|
|
@@ -1198,6 +1223,8 @@ public class UserGroupInformation {
|
|
|
* @throws InterruptedException if the action throws an InterruptedException
|
|
* @throws InterruptedException if the action throws an InterruptedException
|
|
|
* @throws UndeclaredThrowableException if the action throws something else
|
|
* @throws UndeclaredThrowableException if the action throws something else
|
|
|
*/
|
|
*/
|
|
|
|
|
+ @InterfaceAudience.Public
|
|
|
|
|
+ @InterfaceStability.Evolving
|
|
|
public <T> T doAs(PrivilegedExceptionAction<T> action
|
|
public <T> T doAs(PrivilegedExceptionAction<T> action
|
|
|
) throws IOException, InterruptedException {
|
|
) throws IOException, InterruptedException {
|
|
|
try {
|
|
try {
|
Eli Collins