org.apache.hadoop.hbase.security

类 UserProvider

java.lang.Object

org.apache.hadoop.hbase.BaseConfigurable

org.apache.hadoop.hbase.security.UserProvider

所有已实现的接口:

org.apache.hadoop.conf.Configurable

@InterfaceAudience.Private
public class UserProvider
extends BaseConfigurable

Provide an instance of a user. Allows custom User creation.

构造器概要

构造器

构造器和说明
UserProvider()

方法概要

限定符和类型	方法和说明
User	create(org.apache.hadoop.security.UserGroupInformation ugi) Wraps an underlying UserGroupInformation instance.
User	getCurrent()
String	getCurrentUserName()
static org.apache.hadoop.security.Groups	getGroups()
static UserProvider	instantiate(org.apache.hadoop.conf.Configuration conf) Instantiate the UserProvider specified in the configuration and set the passed configuration via setConf(Configuration)
boolean	isHadoopSecurityEnabled()
boolean	isHBaseSecurityEnabled()
void	login(String fileConfKey, String principalConfKey) Login with given keytab and principal.
void	login(String fileConfKey, String principalConfKey, String localhost) Log in the current process using the given configuration keys for the credential file and login principal.
void	setConf(org.apache.hadoop.conf.Configuration conf)
static void	setGroups(org.apache.hadoop.security.Groups groups)
static void	setUserProviderForTesting(org.apache.hadoop.conf.Configuration conf, Class<? extends UserProvider> provider) Set the UserProvider in the given configuration that should be instantiated
boolean	shouldLoginFromKeytab() In secure environment, if a user specified his keytab and principal, a hbase client will try to login with them.

从类继承的方法 org.apache.hadoop.hbase.BaseConfigurable

getConf

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

UserProvider

public UserProvider()

方法详细资料

getGroups

public static org.apache.hadoop.security.Groups getGroups()

setGroups

public static void setGroups(org.apache.hadoop.security.Groups groups)

setConf

public void setConf(org.apache.hadoop.conf.Configuration conf)

指定者:

setConf 在接口中 org.apache.hadoop.conf.Configurable

覆盖:

setConf 在类中 BaseConfigurable

instantiate

public static UserProvider instantiate(org.apache.hadoop.conf.Configuration conf)

Instantiate the UserProvider specified in the configuration and set the passed configuration via setConf(Configuration)

参数:

conf - to read and set on the created UserProvider

返回:

a UserProvider ready for use.

setUserProviderForTesting

public static void setUserProviderForTesting(org.apache.hadoop.conf.Configuration conf,
                                             Class<? extends UserProvider> provider)

Set the UserProvider in the given configuration that should be instantiated

参数:

conf - to update

provider - class of the provider to set

getCurrentUserName

public String getCurrentUserName()
                          throws IOException

返回:

the userName for the current logged-in user.

抛出:

IOException - if the underlying user cannot be obtained

isHBaseSecurityEnabled

public boolean isHBaseSecurityEnabled()

返回:

true if security is enabled, false otherwise

isHadoopSecurityEnabled

public boolean isHadoopSecurityEnabled()

返回:

whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, this always returns false. For secure Hadoop, it will return the value from UserGroupInformation.isSecurityEnabled().

shouldLoginFromKeytab

public boolean shouldLoginFromKeytab()

In secure environment, if a user specified his keytab and principal, a hbase client will try to login with them. Otherwise, hbase client will try to obtain ticket(through kinit) from system.

getCurrent

public User getCurrent()
                throws IOException

返回:

the current user within the current execution context

抛出:

IOException - if the user cannot be loaded

create

public User create(org.apache.hadoop.security.UserGroupInformation ugi)

Wraps an underlying UserGroupInformation instance.

参数:

ugi - The base Hadoop user

返回:

User

login

public void login(String fileConfKey,
                  String principalConfKey,
                  String localhost)
           throws IOException

Log in the current process using the given configuration keys for the credential file and login principal. It is for SPN(Service Principal Name) login. SPN should be this format, servicename/fully.qualified.domain.name@REALM.

This is only applicable when running on secure Hadoop -- see org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular Hadoop (without security features), this will safely be ignored.

参数:

fileConfKey - Property key used to configure path to the credential file

principalConfKey - Property key used to configure login principal

localhost - Current hostname to use in any credentials

抛出:

IOException - underlying exception from SecurityUtil.login() call

login

public void login(String fileConfKey,
                  String principalConfKey)
           throws IOException

Login with given keytab and principal. This can be used for both SPN(Service Principal Name) and UPN(User Principal Name) which format should be clientname@REALM.

参数:

fileConfKey - config name for client keytab

principalConfKey - config name for client principal

抛出:

IOException - underlying exception from UserGroupInformation.loginUserFromKeytab