Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.hbase.security
Class User

java.lang.Object
  extended by org.apache.hadoop.hbase.security.User

@InterfaceAudience.Public
@InterfaceStability.Evolving
public abstract class User
extends Object

Wrapper to abstract out usage of user and group information in HBase.

This class provides a common interface for interacting with user and group information across changing APIs in different versions of Hadoop. It only provides access to the common set of functionality in UserGroupInformation currently needed by HBase, but can be extended as needs change.

Field Summary
static String HBASE_SECURITY_CONF_KEY
           
protected  org.apache.hadoop.security.UserGroupInformation ugi
           
 
Constructor Summary
User()
           
 
Method Summary
static User create(org.apache.hadoop.security.UserGroupInformation ugi)
          Wraps an underlying UserGroupInformation instance.
static User createUserForTesting(org.apache.hadoop.conf.Configuration conf, String name, String[] groups)
          Generates a new User instance specifically for use in test code.
 boolean equals(Object o)
           
static User getCurrent()
          Returns the User instance within current execution context.
 String[] getGroupNames()
          Returns the list of groups of which this user is a member.
 String getName()
          Returns the full user name.
abstract  String getShortName()
          Returns the shortened version of the user name -- the portion that maps to an operating system user name.
 org.apache.hadoop.security.UserGroupInformation getUGI()
           
 int hashCode()
           
static boolean isHBaseSecurityEnabled(org.apache.hadoop.conf.Configuration conf)
          Returns whether or not secure authentication is enabled for HBase.
static boolean isSecurityEnabled()
          Returns whether or not Kerberos authentication is configured for Hadoop.
static void login(org.apache.hadoop.conf.Configuration conf, String fileConfKey, String principalConfKey, String localhost)
          Log in the current process using the given configuration keys for the credential file and login principal.
abstract  void obtainAuthTokenForJob(org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.mapreduce.Job job)
          Requests an authentication token for this user and stores it in the user's credentials.
abstract  void obtainAuthTokenForJob(org.apache.hadoop.mapred.JobConf job)
          Requests an authentication token for this user and stores it in the user's credentials.
abstract
<T> T
runAs(PrivilegedAction<T> action)
          Executes the given action within the context of this user.
abstract
<T> T
runAs(PrivilegedExceptionAction<T> action)
          Executes the given action within the context of this user.
 String toString()
           
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

HBASE_SECURITY_CONF_KEY

public static final String HBASE_SECURITY_CONF_KEY
See Also:
Constant Field Values

ugi

protected org.apache.hadoop.security.UserGroupInformation ugi
Constructor Detail

User

public User()
Method Detail

getUGI

public org.apache.hadoop.security.UserGroupInformation getUGI()

getName

public String getName()
Returns the full user name. For Kerberos principals this will include the host and realm portions of the principal name.

Returns:
User full name.

getGroupNames

public String[] getGroupNames()
Returns the list of groups of which this user is a member. On secure Hadoop this returns the group information for the user as resolved on the server. For 0.20 based Hadoop, the group names are passed from the client.

getShortName

public abstract String getShortName()
Returns the shortened version of the user name -- the portion that maps to an operating system user name.

Returns:
Short name

runAs

public abstract <T> T runAs(PrivilegedAction<T> action)
Executes the given action within the context of this user.

runAs

public abstract <T> T runAs(PrivilegedExceptionAction<T> action)
                 throws IOException,
                        InterruptedException
Executes the given action within the context of this user.

Throws:
IOException
InterruptedException

obtainAuthTokenForJob

public abstract void obtainAuthTokenForJob(org.apache.hadoop.conf.Configuration conf,
                                           org.apache.hadoop.mapreduce.Job job)
                                    throws IOException,
                                           InterruptedException
Requests an authentication token for this user and stores it in the user's credentials.

Throws:
IOException
InterruptedException

obtainAuthTokenForJob

public abstract void obtainAuthTokenForJob(org.apache.hadoop.mapred.JobConf job)
                                    throws IOException,
                                           InterruptedException
Requests an authentication token for this user and stores it in the user's credentials.

Throws:
IOException
InterruptedException

equals

public boolean equals(Object o)
Overrides:
equals in class Object

hashCode

public int hashCode()
Overrides:
hashCode in class Object

toString

public String toString()
Overrides:
toString in class Object

getCurrent

public static User getCurrent()
                       throws IOException
Returns the User instance within current execution context.

Throws:
IOException

create

public static User create(org.apache.hadoop.security.UserGroupInformation ugi)
Wraps an underlying UserGroupInformation instance.

Parameters:
ugi - The base Hadoop user
Returns:
User

createUserForTesting

public static User createUserForTesting(org.apache.hadoop.conf.Configuration conf,
                                        String name,
                                        String[] groups)
Generates a new User instance specifically for use in test code.

Parameters:
name - the full username
groups - the group names to which the test user will belong
Returns:
a new User instance

login

public static void login(org.apache.hadoop.conf.Configuration conf,
                         String fileConfKey,
                         String principalConfKey,
                         String localhost)
                  throws IOException
Log in the current process using the given configuration keys for the credential file and login principal.

This is only applicable when running on secure Hadoop -- see org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular Hadoop (without security features), this will safely be ignored.

Parameters:
conf - The configuration data to use
fileConfKey - Property key used to configure path to the credential file
principalConfKey - Property key used to configure login principal
localhost - Current hostname to use in any credentials
Throws:
IOException - underlying exception from SecurityUtil.login() call

isSecurityEnabled

public static boolean isSecurityEnabled()
Returns whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, this always returns false. For secure Hadoop, it will return the value from UserGroupInformation.isSecurityEnabled().

isHBaseSecurityEnabled

public static boolean isHBaseSecurityEnabled(org.apache.hadoop.conf.Configuration conf)
Returns whether or not secure authentication is enabled for HBase. Note that HBase security requires HDFS security to provide any guarantees, so this requires that both hbase.security.authentication and hadoop.security.authentication are set to kerberos.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2013 The Apache Software Foundation. All Rights Reserved.