HBASE-7910 Dont use reflection for security (Mike Drob)

This commit is contained in:
Andrew Purtell 2014-07-21 10:04:57 -07:00
parent de73ec83c0
commit e3ac25d4f9
1 changed files with 9 additions and 91 deletions

View File

@ -31,6 +31,7 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.util.Methods; import org.apache.hadoop.hbase.util.Methods;
import org.apache.hadoop.mapred.JobConf; import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapreduce.Job; import org.apache.hadoop.mapreduce.Job;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
@ -237,16 +238,7 @@ public abstract class User {
private String shortName; private String shortName;
private SecureHadoopUser() throws IOException { private SecureHadoopUser() throws IOException {
try { ugi = UserGroupInformation.getCurrentUser();
ugi = (UserGroupInformation) callStatic("getCurrentUser");
} catch (IOException ioe) {
throw ioe;
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
throw new UndeclaredThrowableException(e,
"Unexpected exception getting current secure user");
}
} }
private SecureHadoopUser(UserGroupInformation ugi) { private SecureHadoopUser(UserGroupInformation ugi) {
@ -267,41 +259,20 @@ public abstract class User {
@Override @Override
public <T> T runAs(PrivilegedAction<T> action) { public <T> T runAs(PrivilegedAction<T> action) {
try { return ugi.doAs(action);
return (T) call(ugi, "doAs", new Class[]{PrivilegedAction.class},
new Object[]{action});
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
throw new UndeclaredThrowableException(e,
"Unexpected exception in runAs()");
}
} }
@Override @Override
public <T> T runAs(PrivilegedExceptionAction<T> action) public <T> T runAs(PrivilegedExceptionAction<T> action)
throws IOException, InterruptedException { throws IOException, InterruptedException {
try { return ugi.doAs(action);
return (T) call(ugi, "doAs",
new Class[]{PrivilegedExceptionAction.class},
new Object[]{action});
} catch (IOException ioe) {
throw ioe;
} catch (InterruptedException ie) {
throw ie;
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
throw new UndeclaredThrowableException(e,
"Unexpected exception in runAs(PrivilegedExceptionAction)");
}
} }
@Override @Override
public void obtainAuthTokenForJob(Configuration conf, Job job) public void obtainAuthTokenForJob(Configuration conf, Job job)
throws IOException, InterruptedException { throws IOException, InterruptedException {
try { try {
Class c = Class.forName( Class<?> c = Class.forName(
"org.apache.hadoop.hbase.security.token.TokenUtil"); "org.apache.hadoop.hbase.security.token.TokenUtil");
Methods.call(c, null, "obtainTokenForJob", Methods.call(c, null, "obtainTokenForJob",
new Class[]{Configuration.class, UserGroupInformation.class, new Class[]{Configuration.class, UserGroupInformation.class,
@ -326,7 +297,7 @@ public abstract class User {
public void obtainAuthTokenForJob(JobConf job) public void obtainAuthTokenForJob(JobConf job)
throws IOException, InterruptedException { throws IOException, InterruptedException {
try { try {
Class c = Class.forName( Class<?> c = Class.forName(
"org.apache.hadoop.hbase.security.token.TokenUtil"); "org.apache.hadoop.hbase.security.token.TokenUtil");
Methods.call(c, null, "obtainTokenForJob", Methods.call(c, null, "obtainTokenForJob",
new Class[]{JobConf.class, UserGroupInformation.class}, new Class[]{JobConf.class, UserGroupInformation.class},
@ -349,18 +320,7 @@ public abstract class User {
/** @see User#createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[]) */ /** @see User#createUserForTesting(org.apache.hadoop.conf.Configuration, String, String[]) */
public static User createUserForTesting(Configuration conf, public static User createUserForTesting(Configuration conf,
String name, String[] groups) { String name, String[] groups) {
try { return new SecureHadoopUser(UserGroupInformation.createUserForTesting(name, groups));
return new SecureHadoopUser(
(UserGroupInformation)callStatic("createUserForTesting",
new Class[]{String.class, String[].class},
new Object[]{name, groups})
);
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
throw new UndeclaredThrowableException(e,
"Error creating secure test user");
}
} }
/** /**
@ -378,26 +338,7 @@ public abstract class User {
public static void login(Configuration conf, String fileConfKey, public static void login(Configuration conf, String fileConfKey,
String principalConfKey, String localhost) throws IOException { String principalConfKey, String localhost) throws IOException {
if (isSecurityEnabled()) { if (isSecurityEnabled()) {
// check for SecurityUtil class SecurityUtil.login(conf, fileConfKey, principalConfKey, localhost);
try {
Class c = Class.forName("org.apache.hadoop.security.SecurityUtil");
Class[] types = new Class[]{
Configuration.class, String.class, String.class, String.class };
Object[] args = new Object[]{
conf, fileConfKey, principalConfKey, localhost };
Methods.call(c, null, "login", types, args);
} catch (ClassNotFoundException cnfe) {
throw new RuntimeException("Unable to login using " +
"org.apache.hadoop.security.SecurityUtil.login(). SecurityUtil class " +
"was not found! Is this a version of secure Hadoop?", cnfe);
} catch (IOException ioe) {
throw ioe;
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
throw new UndeclaredThrowableException(e,
"Unhandled exception in User.login()");
}
} }
} }
@ -405,30 +346,7 @@ public abstract class User {
* Returns the result of {@code UserGroupInformation.isSecurityEnabled()}. * Returns the result of {@code UserGroupInformation.isSecurityEnabled()}.
*/ */
public static boolean isSecurityEnabled() { public static boolean isSecurityEnabled() {
try { return UserGroupInformation.isSecurityEnabled();
return (Boolean)callStatic("isSecurityEnabled");
} catch (RuntimeException re) {
throw re;
} catch (Exception e) {
throw new UndeclaredThrowableException(e,
"Unexpected exception calling UserGroupInformation.isSecurityEnabled()");
}
} }
} }
/* Reflection helper methods */
private static Object callStatic(String methodName) throws Exception {
return call(null, methodName, null, null);
}
private static Object callStatic(String methodName, Class[] types,
Object[] args) throws Exception {
return call(null, methodName, types, args);
}
private static Object call(UserGroupInformation instance, String methodName,
Class[] types, Object[] args) throws Exception {
return Methods.call(UserGroupInformation.class, instance, methodName, types,
args);
}
} }