HBASE-7910 Dont use reflection for security (Mike Drob)
This commit is contained in:
parent
de73ec83c0
commit
e3ac25d4f9
|
@ -31,6 +31,7 @@ import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hbase.util.Methods;
|
import org.apache.hadoop.hbase.util.Methods;
|
||||||
import org.apache.hadoop.mapred.JobConf;
|
import org.apache.hadoop.mapred.JobConf;
|
||||||
import org.apache.hadoop.mapreduce.Job;
|
import org.apache.hadoop.mapreduce.Job;
|
||||||
|
import org.apache.hadoop.security.SecurityUtil;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.token.Token;
|
import org.apache.hadoop.security.token.Token;
|
||||||
|
|
||||||
|
@ -237,16 +238,7 @@ public abstract class User {
|
||||||
private String shortName;
|
private String shortName;
|
||||||
|
|
||||||
private SecureHadoopUser() throws IOException {
|
private SecureHadoopUser() throws IOException {
|
||||||
try {
|
ugi = UserGroupInformation.getCurrentUser();
|
||||||
ugi = (UserGroupInformation) callStatic("getCurrentUser");
|
|
||||||
} catch (IOException ioe) {
|
|
||||||
throw ioe;
|
|
||||||
} catch (RuntimeException re) {
|
|
||||||
throw re;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new UndeclaredThrowableException(e,
|
|
||||||
"Unexpected exception getting current secure user");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private SecureHadoopUser(UserGroupInformation ugi) {
|
private SecureHadoopUser(UserGroupInformation ugi) {
|
||||||
|
@ -267,41 +259,20 @@ public abstract class User {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public <T> T runAs(PrivilegedAction<T> action) {
|
public <T> T runAs(PrivilegedAction<T> action) {
|
||||||
try {
|
return ugi.doAs(action);
|
||||||
return (T) call(ugi, "doAs", new Class[]{PrivilegedAction.class},
|
|
||||||
new Object[]{action});
|
|
||||||
} catch (RuntimeException re) {
|
|
||||||
throw re;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new UndeclaredThrowableException(e,
|
|
||||||
"Unexpected exception in runAs()");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public <T> T runAs(PrivilegedExceptionAction<T> action)
|
public <T> T runAs(PrivilegedExceptionAction<T> action)
|
||||||
throws IOException, InterruptedException {
|
throws IOException, InterruptedException {
|
||||||
try {
|
return ugi.doAs(action);
|
||||||
return (T) call(ugi, "doAs",
|
|
||||||
new Class[]{PrivilegedExceptionAction.class},
|
|
||||||
new Object[]{action});
|
|
||||||
} catch (IOException ioe) {
|
|
||||||
throw ioe;
|
|
||||||
} catch (InterruptedException ie) {
|
|
||||||
throw ie;
|
|
||||||
} catch (RuntimeException re) {
|
|
||||||
throw re;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new UndeclaredThrowableException(e,
|
|
||||||
"Unexpected exception in runAs(PrivilegedExceptionAction)");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void obtainAuthTokenForJob(Configuration conf, Job job)
|
public void obtainAuthTokenForJob(Configuration conf, Job job)
|
||||||
throws IOException, InterruptedException {
|
throws IOException, InterruptedException {
|
||||||
try {
|
try {
|
||||||
Class c = Class.forName(
|
Class<?> c = Class.forName(
|
||||||
"org.apache.hadoop.hbase.security.token.TokenUtil");
|
"org.apache.hadoop.hbase.security.token.TokenUtil");
|
||||||
Methods.call(c, null, "obtainTokenForJob",
|
Methods.call(c, null, "obtainTokenForJob",
|
||||||
new Class[]{Configuration.class, UserGroupInformation.class,
|
new Class[]{Configuration.class, UserGroupInformation.class,
|
||||||
|
@ -326,7 +297,7 @@ public abstract class User {
|
||||||
public void obtainAuthTokenForJob(JobConf job)
|
public void obtainAuthTokenForJob(JobConf job)
|
||||||
throws IOException, InterruptedException {
|
throws IOException, InterruptedException {
|
||||||
try {
|
try {
|
||||||
Class c = Class.forName(
|
Class<?> c = Class.forName(
|
||||||
"org.apache.hadoop.hbase.security.token.TokenUtil");
|
"org.apache.hadoop.hbase.security.token.TokenUtil");
|
||||||
Methods.call(c, null, "obtainTokenForJob",
|
Methods.call(c, null, "obtainTokenForJob",
|
||||||
new Class[]{JobConf.class, UserGroupInformation.class},
|
new Class[]{JobConf.class, UserGroupInformation.class},
|
||||||
|
@ -349,18 +320,7 @@ public abstract class User {
|
||||||
/** @see User#createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[]) */
|
/** @see User#createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[]) */
|
||||||
public static User createUserForTesting(Configuration conf,
|
public static User createUserForTesting(Configuration conf,
|
||||||
String name, String[] groups) {
|
String name, String[] groups) {
|
||||||
try {
|
return new SecureHadoopUser(UserGroupInformation.createUserForTesting(name, groups));
|
||||||
return new SecureHadoopUser(
|
|
||||||
(UserGroupInformation)callStatic("createUserForTesting",
|
|
||||||
new Class[]{String.class, String[].class},
|
|
||||||
new Object[]{name, groups})
|
|
||||||
);
|
|
||||||
} catch (RuntimeException re) {
|
|
||||||
throw re;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new UndeclaredThrowableException(e,
|
|
||||||
"Error creating secure test user");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -378,26 +338,7 @@ public abstract class User {
|
||||||
public static void login(Configuration conf, String fileConfKey,
|
public static void login(Configuration conf, String fileConfKey,
|
||||||
String principalConfKey, String localhost) throws IOException {
|
String principalConfKey, String localhost) throws IOException {
|
||||||
if (isSecurityEnabled()) {
|
if (isSecurityEnabled()) {
|
||||||
// check for SecurityUtil class
|
SecurityUtil.login(conf, fileConfKey, principalConfKey, localhost);
|
||||||
try {
|
|
||||||
Class c = Class.forName("org.apache.hadoop.security.SecurityUtil");
|
|
||||||
Class[] types = new Class[]{
|
|
||||||
Configuration.class, String.class, String.class, String.class };
|
|
||||||
Object[] args = new Object[]{
|
|
||||||
conf, fileConfKey, principalConfKey, localhost };
|
|
||||||
Methods.call(c, null, "login", types, args);
|
|
||||||
} catch (ClassNotFoundException cnfe) {
|
|
||||||
throw new RuntimeException("Unable to login using " +
|
|
||||||
"org.apache.hadoop.security.SecurityUtil.login(). SecurityUtil class " +
|
|
||||||
"was not found! Is this a version of secure Hadoop?", cnfe);
|
|
||||||
} catch (IOException ioe) {
|
|
||||||
throw ioe;
|
|
||||||
} catch (RuntimeException re) {
|
|
||||||
throw re;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new UndeclaredThrowableException(e,
|
|
||||||
"Unhandled exception in User.login()");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -405,30 +346,7 @@ public abstract class User {
|
||||||
* Returns the result of {@code UserGroupInformation.isSecurityEnabled()}.
|
* Returns the result of {@code UserGroupInformation.isSecurityEnabled()}.
|
||||||
*/
|
*/
|
||||||
public static boolean isSecurityEnabled() {
|
public static boolean isSecurityEnabled() {
|
||||||
try {
|
return UserGroupInformation.isSecurityEnabled();
|
||||||
return (Boolean)callStatic("isSecurityEnabled");
|
|
||||||
} catch (RuntimeException re) {
|
|
||||||
throw re;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new UndeclaredThrowableException(e,
|
|
||||||
"Unexpected exception calling UserGroupInformation.isSecurityEnabled()");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Reflection helper methods */
|
|
||||||
private static Object callStatic(String methodName) throws Exception {
|
|
||||||
return call(null, methodName, null, null);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static Object callStatic(String methodName, Class[] types,
|
|
||||||
Object[] args) throws Exception {
|
|
||||||
return call(null, methodName, types, args);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static Object call(UserGroupInformation instance, String methodName,
|
|
||||||
Class[] types, Object[] args) throws Exception {
|
|
||||||
return Methods.call(UserGroupInformation.class, instance, methodName, types,
|
|
||||||
args);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue