HADOOP-8152. Expand public APIs for security library classes. Contributed by Aaron T. Myers
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1329541 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ebe0e9a99b
commit
858887e289
|
@ -267,6 +267,8 @@ Release 2.0.0 - UNRELEASED
|
||||||
|
|
||||||
HADOOP-8117. Upgrade test build to Surefire 2.12 (todd)
|
HADOOP-8117. Upgrade test build to Surefire 2.12 (todd)
|
||||||
|
|
||||||
|
HADOOP-8152. Expand public APIs for security library classes. (atm via eli)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
|
|
@ -220,6 +220,8 @@ public class SecurityUtil {
|
||||||
* @return converted Kerberos principal name
|
* @return converted Kerberos principal name
|
||||||
* @throws IOException if the client address cannot be determined
|
* @throws IOException if the client address cannot be determined
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static String getServerPrincipal(String principalConfig,
|
public static String getServerPrincipal(String principalConfig,
|
||||||
String hostname) throws IOException {
|
String hostname) throws IOException {
|
||||||
String[] components = getComponents(principalConfig);
|
String[] components = getComponents(principalConfig);
|
||||||
|
@ -245,6 +247,8 @@ public class SecurityUtil {
|
||||||
* @return converted Kerberos principal name
|
* @return converted Kerberos principal name
|
||||||
* @throws IOException if the client address cannot be determined
|
* @throws IOException if the client address cannot be determined
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static String getServerPrincipal(String principalConfig,
|
public static String getServerPrincipal(String principalConfig,
|
||||||
InetAddress addr) throws IOException {
|
InetAddress addr) throws IOException {
|
||||||
String[] components = getComponents(principalConfig);
|
String[] components = getComponents(principalConfig);
|
||||||
|
@ -292,6 +296,8 @@ public class SecurityUtil {
|
||||||
* the key to look for user's Kerberos principal name in conf
|
* the key to look for user's Kerberos principal name in conf
|
||||||
* @throws IOException if login fails
|
* @throws IOException if login fails
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static void login(final Configuration conf,
|
public static void login(final Configuration conf,
|
||||||
final String keytabFileKey, final String userNameKey) throws IOException {
|
final String keytabFileKey, final String userNameKey) throws IOException {
|
||||||
login(conf, keytabFileKey, userNameKey, getLocalHostName());
|
login(conf, keytabFileKey, userNameKey, getLocalHostName());
|
||||||
|
@ -312,6 +318,8 @@ public class SecurityUtil {
|
||||||
* hostname to use for substitution
|
* hostname to use for substitution
|
||||||
* @throws IOException if the config doesn't specify a keytab
|
* @throws IOException if the config doesn't specify a keytab
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static void login(final Configuration conf,
|
public static void login(final Configuration conf,
|
||||||
final String keytabFileKey, final String userNameKey, String hostname)
|
final String keytabFileKey, final String userNameKey, String hostname)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
|
|
@ -69,7 +69,7 @@ import org.apache.hadoop.util.Shell;
|
||||||
* user's username and groups. It supports both the Windows, Unix and Kerberos
|
* user's username and groups. It supports both the Windows, Unix and Kerberos
|
||||||
* login modules.
|
* login modules.
|
||||||
*/
|
*/
|
||||||
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"})
|
||||||
@InterfaceStability.Evolving
|
@InterfaceStability.Evolving
|
||||||
public class UserGroupInformation {
|
public class UserGroupInformation {
|
||||||
private static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
|
private static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
|
||||||
|
@ -258,6 +258,8 @@ public class UserGroupInformation {
|
||||||
* group look up service.
|
* group look up service.
|
||||||
* @param conf the configuration to use
|
* @param conf the configuration to use
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static void setConfiguration(Configuration conf) {
|
public static void setConfiguration(Configuration conf) {
|
||||||
initialize(conf, false);
|
initialize(conf, false);
|
||||||
}
|
}
|
||||||
|
@ -500,6 +502,8 @@ public class UserGroupInformation {
|
||||||
* @return the current user
|
* @return the current user
|
||||||
* @throws IOException if login fails
|
* @throws IOException if login fails
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public synchronized
|
public synchronized
|
||||||
static UserGroupInformation getCurrentUser() throws IOException {
|
static UserGroupInformation getCurrentUser() throws IOException {
|
||||||
AccessControlContext context = AccessController.getContext();
|
AccessControlContext context = AccessController.getContext();
|
||||||
|
@ -516,6 +520,8 @@ public class UserGroupInformation {
|
||||||
* @return the logged in user
|
* @return the logged in user
|
||||||
* @throws IOException if login fails
|
* @throws IOException if login fails
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public synchronized
|
public synchronized
|
||||||
static UserGroupInformation getLoginUser() throws IOException {
|
static UserGroupInformation getLoginUser() throws IOException {
|
||||||
if (loginUser == null) {
|
if (loginUser == null) {
|
||||||
|
@ -652,6 +658,8 @@ public class UserGroupInformation {
|
||||||
* @param path the path to the keytab file
|
* @param path the path to the keytab file
|
||||||
* @throws IOException if the keytab file can't be read
|
* @throws IOException if the keytab file can't be read
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public synchronized
|
public synchronized
|
||||||
static void loginUserFromKeytab(String user,
|
static void loginUserFromKeytab(String user,
|
||||||
String path
|
String path
|
||||||
|
@ -710,6 +718,8 @@ public class UserGroupInformation {
|
||||||
* the new credentials.
|
* the new credentials.
|
||||||
* @throws IOException on a failure
|
* @throws IOException on a failure
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public synchronized void reloginFromKeytab()
|
public synchronized void reloginFromKeytab()
|
||||||
throws IOException {
|
throws IOException {
|
||||||
if (!isSecurityEnabled() ||
|
if (!isSecurityEnabled() ||
|
||||||
|
@ -769,6 +779,8 @@ public class UserGroupInformation {
|
||||||
* the new credentials.
|
* the new credentials.
|
||||||
* @throws IOException on a failure
|
* @throws IOException on a failure
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public synchronized void reloginFromTicketCache()
|
public synchronized void reloginFromTicketCache()
|
||||||
throws IOException {
|
throws IOException {
|
||||||
if (!isSecurityEnabled() ||
|
if (!isSecurityEnabled() ||
|
||||||
|
@ -867,6 +879,8 @@ public class UserGroupInformation {
|
||||||
* Did the login happen via keytab
|
* Did the login happen via keytab
|
||||||
* @return true or false
|
* @return true or false
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public synchronized static boolean isLoginKeytabBased() throws IOException {
|
public synchronized static boolean isLoginKeytabBased() throws IOException {
|
||||||
return getLoginUser().isKeytab;
|
return getLoginUser().isKeytab;
|
||||||
}
|
}
|
||||||
|
@ -877,6 +891,8 @@ public class UserGroupInformation {
|
||||||
* @param user the full user principal name, must not be empty or null
|
* @param user the full user principal name, must not be empty or null
|
||||||
* @return the UserGroupInformation for the remote user.
|
* @return the UserGroupInformation for the remote user.
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static UserGroupInformation createRemoteUser(String user) {
|
public static UserGroupInformation createRemoteUser(String user) {
|
||||||
if (user == null || "".equals(user)) {
|
if (user == null || "".equals(user)) {
|
||||||
throw new IllegalArgumentException("Null user");
|
throw new IllegalArgumentException("Null user");
|
||||||
|
@ -891,6 +907,7 @@ public class UserGroupInformation {
|
||||||
/**
|
/**
|
||||||
* existing types of authentications' methods
|
* existing types of authentications' methods
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
@InterfaceStability.Evolving
|
@InterfaceStability.Evolving
|
||||||
public static enum AuthenticationMethod {
|
public static enum AuthenticationMethod {
|
||||||
SIMPLE,
|
SIMPLE,
|
||||||
|
@ -908,6 +925,8 @@ public class UserGroupInformation {
|
||||||
* @param realUser
|
* @param realUser
|
||||||
* @return proxyUser ugi
|
* @return proxyUser ugi
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static UserGroupInformation createProxyUser(String user,
|
public static UserGroupInformation createProxyUser(String user,
|
||||||
UserGroupInformation realUser) {
|
UserGroupInformation realUser) {
|
||||||
if (user == null || "".equals(user)) {
|
if (user == null || "".equals(user)) {
|
||||||
|
@ -929,6 +948,8 @@ public class UserGroupInformation {
|
||||||
* get RealUser (vs. EffectiveUser)
|
* get RealUser (vs. EffectiveUser)
|
||||||
* @return realUser running over proxy user
|
* @return realUser running over proxy user
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public UserGroupInformation getRealUser() {
|
public UserGroupInformation getRealUser() {
|
||||||
for (RealUser p: subject.getPrincipals(RealUser.class)) {
|
for (RealUser p: subject.getPrincipals(RealUser.class)) {
|
||||||
return p.getRealUser();
|
return p.getRealUser();
|
||||||
|
@ -974,7 +995,8 @@ public class UserGroupInformation {
|
||||||
* @param userGroups the names of the groups that the user belongs to
|
* @param userGroups the names of the groups that the user belongs to
|
||||||
* @return a fake user for running unit tests
|
* @return a fake user for running unit tests
|
||||||
*/
|
*/
|
||||||
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public static UserGroupInformation createUserForTesting(String user,
|
public static UserGroupInformation createUserForTesting(String user,
|
||||||
String[] userGroups) {
|
String[] userGroups) {
|
||||||
ensureInitialized();
|
ensureInitialized();
|
||||||
|
@ -1000,7 +1022,6 @@ public class UserGroupInformation {
|
||||||
* the names of the groups that the user belongs to
|
* the names of the groups that the user belongs to
|
||||||
* @return a fake user for running unit tests
|
* @return a fake user for running unit tests
|
||||||
*/
|
*/
|
||||||
@InterfaceAudience.LimitedPrivate( { "HDFS", "MapReduce" })
|
|
||||||
public static UserGroupInformation createProxyUserForTesting(String user,
|
public static UserGroupInformation createProxyUserForTesting(String user,
|
||||||
UserGroupInformation realUser, String[] userGroups) {
|
UserGroupInformation realUser, String[] userGroups) {
|
||||||
ensureInitialized();
|
ensureInitialized();
|
||||||
|
@ -1029,6 +1050,8 @@ public class UserGroupInformation {
|
||||||
* Get the user's full principal name.
|
* Get the user's full principal name.
|
||||||
* @return the user's full principal name.
|
* @return the user's full principal name.
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public String getUserName() {
|
public String getUserName() {
|
||||||
return user.getName();
|
return user.getName();
|
||||||
}
|
}
|
||||||
|
@ -1182,6 +1205,8 @@ public class UserGroupInformation {
|
||||||
* @param action the method to execute
|
* @param action the method to execute
|
||||||
* @return the value from the run method
|
* @return the value from the run method
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public <T> T doAs(PrivilegedAction<T> action) {
|
public <T> T doAs(PrivilegedAction<T> action) {
|
||||||
logPrivilegedAction(subject, action);
|
logPrivilegedAction(subject, action);
|
||||||
return Subject.doAs(subject, action);
|
return Subject.doAs(subject, action);
|
||||||
|
@ -1198,6 +1223,8 @@ public class UserGroupInformation {
|
||||||
* @throws InterruptedException if the action throws an InterruptedException
|
* @throws InterruptedException if the action throws an InterruptedException
|
||||||
* @throws UndeclaredThrowableException if the action throws something else
|
* @throws UndeclaredThrowableException if the action throws something else
|
||||||
*/
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
public <T> T doAs(PrivilegedExceptionAction<T> action
|
public <T> T doAs(PrivilegedExceptionAction<T> action
|
||||||
) throws IOException, InterruptedException {
|
) throws IOException, InterruptedException {
|
||||||
try {
|
try {
|
||||||
|
|
Loading…
Reference in New Issue