当前位置: 首页>>代码示例>>Java>>正文


Java SecurityUtil.getServerPrincipal方法代码示例

本文整理汇总了Java中org.apache.hadoop.security.SecurityUtil.getServerPrincipal方法的典型用法代码示例。如果您正苦于以下问题:Java SecurityUtil.getServerPrincipal方法的具体用法?Java SecurityUtil.getServerPrincipal怎么用?Java SecurityUtil.getServerPrincipal使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.apache.hadoop.security.SecurityUtil的用法示例。


在下文中一共展示了SecurityUtil.getServerPrincipal方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getTimelineDelegationTokenRenewer

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
private static String getTimelineDelegationTokenRenewer(Configuration conf)
    throws IOException, YarnException  {
  // Parse the RM daemon user if it exists in the config
  String rmPrincipal = conf.get(YarnConfiguration.RM_PRINCIPAL);
  String renewer = null;
  if (rmPrincipal != null && rmPrincipal.length() > 0) {
    String rmHost = conf.getSocketAddr(
        YarnConfiguration.RM_ADDRESS,
        YarnConfiguration.DEFAULT_RM_ADDRESS,
        YarnConfiguration.DEFAULT_RM_PORT).getHostName();
    renewer = SecurityUtil.getServerPrincipal(rmPrincipal, rmHost);
  }
  return renewer;
}
 
开发者ID:naver,项目名称:hadoop,代码行数:15,代码来源:YarnClientImpl.java

示例2: loginAndReturnUGI

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
public static UserGroupInformation loginAndReturnUGI(Configuration conf, String username)
    throws IOException {
  String hostname = InetAddress.getLocalHost().getHostName();
  String keyTabFileConfKey = "hbase." + username + ".keytab.file";
  String keyTabFileLocation = conf.get(keyTabFileConfKey);
  String principalConfKey = "hbase." + username + ".kerberos.principal";
  String principal = SecurityUtil.getServerPrincipal(conf.get(principalConfKey), hostname);
  if (keyTabFileLocation == null || principal == null) {
    LOG.warn("Principal or key tab file null for : " + principalConfKey + ", "
        + keyTabFileConfKey);
  }
  UserGroupInformation ugi =
      UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFileLocation);
  return ugi;
}
 
开发者ID:fengchen8086,项目名称:ditb,代码行数:16,代码来源:LoadTestTool.java

示例3: login

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Log in the current process using the given configuration keys for the
 * credential file and login principal.
 *
 * <p><strong>This is only applicable when running on secure hbase</strong>
 * On regular HBase (without security features), this will safely be ignored.
 * </p>
 *
 * @param conf The configuration data to use
 * @param keytabFileKey Property key used to configure the path to the credential file
 * @param userNameKey Property key used to configure the login principal
 * @param hostname Current hostname to use in any credentials
 * @param loginContextProperty property name to expose the entry name
 * @param loginContextName jaas entry name
 * @throws IOException underlying exception from SecurityUtil.login() call
 */
private static void login(Configuration conf, String keytabFileKey,
    String userNameKey, String hostname,
    String loginContextProperty, String loginContextName)
    throws IOException {
  if (!isSecureZooKeeper(conf))
    return;

  // User has specified a jaas.conf, keep this one as the good one.
  // HBASE_OPTS="-Djava.security.auth.login.config=jaas.conf"
  if (System.getProperty("java.security.auth.login.config") != null)
    return;

  // No keytab specified, no auth
  String keytabFilename = conf.get(keytabFileKey);
  if (keytabFilename == null) {
    LOG.warn("no keytab specified for: " + keytabFileKey);
    return;
  }

  String principalConfig = conf.get(userNameKey, System.getProperty("user.name"));
  String principalName = SecurityUtil.getServerPrincipal(principalConfig, hostname);

  // Initialize the "jaas.conf" for keyTab/principal,
  // If keyTab is not specified use the Ticket Cache.
  // and set the zookeeper login context name.
  JaasConfiguration jaasConf = new JaasConfiguration(loginContextName,
      principalName, keytabFilename);
  javax.security.auth.login.Configuration.setConfiguration(jaasConf);
  System.setProperty(loginContextProperty, loginContextName);
}
 
开发者ID:fengchen8086,项目名称:ditb,代码行数:47,代码来源:ZKUtil.java

示例4: getConfiguration

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Returns the configuration to be used by the authentication filter
 * to initialize the authentication handler.
 *
 * This filter retrieves all HBase configurations and passes those started
 * with REST_PREFIX to the authentication handler.  It is useful to support
 * plugging different authentication handlers.
*/
@Override
protected Properties getConfiguration(
    String configPrefix, FilterConfig filterConfig) throws ServletException {
  Properties props = super.getConfiguration(configPrefix, filterConfig);
  //setting the cookie path to root '/' so it is used for all resources.
  props.setProperty(AuthenticationFilter.COOKIE_PATH, "/");

  Configuration conf = HBaseConfiguration.create();
  for (Map.Entry<String, String> entry : conf) {
    String name = entry.getKey();
    if (name.startsWith(REST_PREFIX)) {
      String value = entry.getValue();
      if(name.equals(REST_AUTHENTICATION_PRINCIPAL))  {
        try {
          String machineName = Strings.domainNamePointerToHostName(
            DNS.getDefaultHost(conf.get(REST_DNS_INTERFACE, "default"),
              conf.get(REST_DNS_NAMESERVER, "default")));
          value = SecurityUtil.getServerPrincipal(value, machineName);
        } catch (IOException ie) {
          throw new ServletException("Failed to retrieve server principal", ie);
        }
      }
      LOG.debug("Setting property " + name + "=" + value);
      name = name.substring(REST_PREFIX_LEN);
      props.setProperty(name, value);
    }
  }
  return props;
}
 
开发者ID:fengchen8086,项目名称:ditb,代码行数:38,代码来源:AuthFilter.java

示例5: authorize

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Authorize the user to access the protocol being used.
 * 
 * @param user user accessing the service 
 * @param protocol service being accessed
 * @param conf configuration to use
 * @param addr InetAddress of the client
 * @throws AuthorizationException on authorization failure
 */
public void authorize(UserGroupInformation user, 
                             Class<?> protocol,
                             Configuration conf,
                             InetAddress addr
                             ) throws AuthorizationException {
  AccessControlList[] acls = protocolToAcls.get(protocol);
  MachineList[] hosts = protocolToMachineLists.get(protocol);
  if (acls == null || hosts == null) {
    throw new AuthorizationException("Protocol " + protocol + 
                                     " is not known.");
  }
  
  // get client principal key to verify (if available)
  KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
  String clientPrincipal = null; 
  if (krbInfo != null) {
    String clientKey = krbInfo.clientPrincipal();
    if (clientKey != null && !clientKey.isEmpty()) {
      try {
        clientPrincipal = SecurityUtil.getServerPrincipal(
            conf.get(clientKey), addr);
      } catch (IOException e) {
        throw (AuthorizationException) new AuthorizationException(
            "Can't figure out Kerberos principal name for connection from "
                + addr + " for user=" + user + " protocol=" + protocol)
            .initCause(e);
      }
    }
  }
  if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) || 
     acls.length != 2  || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user)) {
    String cause = clientPrincipal != null ?
        ": this service is only accessible by " + clientPrincipal :
        ": denied by configured ACL";
    AUDITLOG.warn(AUTHZ_FAILED_FOR + user
        + " for protocol=" + protocol + cause);
    throw new AuthorizationException("User " + user +
        " is not authorized for protocol " + protocol + cause);
  }
  if (addr != null) {
    String hostAddress = addr.getHostAddress();
    if (hosts.length != 2 || !hosts[0].includes(hostAddress) ||
        hosts[1].includes(hostAddress)) {
      AUDITLOG.warn(AUTHZ_FAILED_FOR + " for protocol=" + protocol
          + " from host = " +  hostAddress);
      throw new AuthorizationException("Host " + hostAddress +
          " is not authorized for protocol " + protocol) ;
    }
  }
  AUDITLOG.info(AUTHZ_SUCCESSFUL_FOR + user + " for protocol="+protocol);
}
 
开发者ID:nucypher,项目名称:hadoop-oss,代码行数:61,代码来源:ServiceAuthorizationManager.java

示例6: getMasterPrincipal

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
public static String getMasterPrincipal(Configuration conf) 
throws IOException {
  String masterHostname = getMasterAddress(conf).getHostName();
  // get kerberos principal for use as delegation token renewer
  return SecurityUtil.getServerPrincipal(getMasterUserName(conf), masterHostname);
}
 
开发者ID:naver,项目名称:hadoop,代码行数:7,代码来源:Master.java

示例7: authorize

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Authorize the user to access the protocol being used.
 * 
 * @param user user accessing the service 
 * @param protocol service being accessed
 * @param conf configuration to use
 * @param addr InetAddress of the client
 * @throws AuthorizationException on authorization failure
 */
public void authorize(UserGroupInformation user, 
                             Class<?> protocol,
                             Configuration conf,
                             InetAddress addr
                             ) throws AuthorizationException {
  AccessControlList[] acls = protocolToAcls.get(protocol);
  MachineList[] hosts = protocolToMachineLists.get(protocol);
  if (acls == null || hosts == null) {
    throw new AuthorizationException("Protocol " + protocol + 
                                     " is not known.");
  }
  
  // get client principal key to verify (if available)
  KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
  String clientPrincipal = null; 
  if (krbInfo != null) {
    String clientKey = krbInfo.clientPrincipal();
    if (clientKey != null && !clientKey.isEmpty()) {
      try {
        clientPrincipal = SecurityUtil.getServerPrincipal(
            conf.get(clientKey), addr);
      } catch (IOException e) {
        throw (AuthorizationException) new AuthorizationException(
            "Can't figure out Kerberos principal name for connection from "
                + addr + " for user=" + user + " protocol=" + protocol)
            .initCause(e);
      }
    }
  }
  if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) || 
     acls.length != 2  || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user)) {
    AUDITLOG.warn(AUTHZ_FAILED_FOR + user + " for protocol=" + protocol
        + ", expected client Kerberos principal is " + clientPrincipal);
    throw new AuthorizationException("User " + user + 
        " is not authorized for protocol " + protocol + 
        ", expected client Kerberos principal is " + clientPrincipal);
  }
  if (addr != null) {
    String hostAddress = addr.getHostAddress();
    if (hosts.length != 2 || !hosts[0].includes(hostAddress) ||
        hosts[1].includes(hostAddress)) {
      AUDITLOG.warn(AUTHZ_FAILED_FOR + " for protocol=" + protocol
          + " from host = " +  hostAddress);
      throw new AuthorizationException("Host " + hostAddress +
          " is not authorized for protocol " + protocol) ;
    }
  }
  AUDITLOG.info(AUTHZ_SUCCESSFUL_FOR + user + " for protocol="+protocol);
}
 
开发者ID:naver,项目名称:hadoop,代码行数:59,代码来源:ServiceAuthorizationManager.java

示例8: Connection

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
Connection(ConnectionId remoteId, final Codec codec, final CompressionCodec compressor)
throws IOException {
  if (remoteId.getAddress().isUnresolved()) {
    throw new UnknownHostException("unknown host: " + remoteId.getAddress().getHostName());
  }
  this.server = remoteId.getAddress();
  this.codec = codec;
  this.compressor = compressor;

  UserGroupInformation ticket = remoteId.getTicket().getUGI();
  SecurityInfo securityInfo = SecurityInfo.getInfo(remoteId.getServiceName());
  this.useSasl = userProvider.isHBaseSecurityEnabled();
  if (useSasl && securityInfo != null) {
    AuthenticationProtos.TokenIdentifier.Kind tokenKind = securityInfo.getTokenKind();
    if (tokenKind != null) {
      TokenSelector<? extends TokenIdentifier> tokenSelector =
          tokenHandlers.get(tokenKind);
      if (tokenSelector != null) {
        token = tokenSelector.selectToken(new Text(clusterId),
            ticket.getTokens());
      } else if (LOG.isDebugEnabled()) {
        LOG.debug("No token selector found for type "+tokenKind);
      }
    }
    String serverKey = securityInfo.getServerPrincipal();
    if (serverKey == null) {
      throw new IOException(
          "Can't obtain server Kerberos config key from SecurityInfo");
    }
    serverPrincipal = SecurityUtil.getServerPrincipal(
        conf.get(serverKey), server.getAddress().getCanonicalHostName().toLowerCase());
    if (LOG.isDebugEnabled()) {
      LOG.debug("RPC Server Kerberos principal name for service="
          + remoteId.getServiceName() + " is " + serverPrincipal);
    }
  }

  if (!useSasl) {
    authMethod = AuthMethod.SIMPLE;
  } else if (token != null) {
    authMethod = AuthMethod.DIGEST;
  } else {
    authMethod = AuthMethod.KERBEROS;
  }

  if (LOG.isDebugEnabled()) {
    LOG.debug("Use " + authMethod + " authentication for service " + remoteId.serviceName +
      ", sasl=" + useSasl);
  }
  reloginMaxBackoff = conf.getInt("hbase.security.relogin.maxbackoff", 5000);
  this.remoteId = remoteId;

  ConnectionHeader.Builder builder = ConnectionHeader.newBuilder();
  builder.setServiceName(remoteId.getServiceName());
  UserInformation userInfoPB = getUserInfo(ticket);
  if (userInfoPB != null) {
    builder.setUserInfo(userInfoPB);
  }
  if (this.codec != null) {
    builder.setCellBlockCodecClass(this.codec.getClass().getCanonicalName());
  }
  if (this.compressor != null) {
    builder.setCellBlockCompressorClass(this.compressor.getClass().getCanonicalName());
  }
  builder.setVersionInfo(ProtobufUtil.getVersionInfo());
  this.header = builder.build();

  this.setName("IPC Client (" + socketFactory.hashCode() +") connection to " +
    remoteId.getAddress().toString() +
    ((ticket==null)?" from an unknown user": (" from "
    + ticket.getUserName())));
  this.setDaemon(true);

  if (conf.getBoolean(SPECIFIC_WRITE_THREAD, false)) {
    callSender = new CallSender(getName(), conf);
    callSender.start();
  } else {
    callSender = null;
  }
}
 
开发者ID:fengchen8086,项目名称:ditb,代码行数:81,代码来源:RpcClientImpl.java

示例9: setupAuthorization

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Set up server authorization
 *
 * @throws java.io.IOException if auth setup failed
 */
private void setupAuthorization() throws IOException {
  SecurityInfo securityInfo = SecurityInfo.getInfo(serviceName);
  this.useSasl = client.userProvider.isHBaseSecurityEnabled();

  this.token = null;
  if (useSasl && securityInfo != null) {
    AuthenticationProtos.TokenIdentifier.Kind tokenKind = securityInfo.getTokenKind();
    if (tokenKind != null) {
      TokenSelector<? extends TokenIdentifier> tokenSelector = tokenHandlers.get(tokenKind);
      if (tokenSelector != null) {
        token = tokenSelector
            .selectToken(new Text(client.clusterId), ticket.getUGI().getTokens());
      } else if (LOG.isDebugEnabled()) {
        LOG.debug("No token selector found for type " + tokenKind);
      }
    }
    String serverKey = securityInfo.getServerPrincipal();
    if (serverKey == null) {
      throw new IOException("Can't obtain server Kerberos config key from SecurityInfo");
    }
    this.serverPrincipal = SecurityUtil.getServerPrincipal(client.conf.get(serverKey),
        address.getAddress().getCanonicalHostName().toLowerCase());
    if (LOG.isDebugEnabled()) {
      LOG.debug("RPC Server Kerberos principal name for service=" + serviceName + " is "
          + serverPrincipal);
    }
  }

  if (!useSasl) {
    authMethod = AuthMethod.SIMPLE;
  } else if (token != null) {
    authMethod = AuthMethod.DIGEST;
  } else {
    authMethod = AuthMethod.KERBEROS;
  }

  if (LOG.isDebugEnabled()) {
    LOG.debug("Use " + authMethod + " authentication for service " + serviceName +
        ", sasl=" + useSasl);
  }
  reloginMaxBackoff = client.conf.getInt("hbase.security.relogin.maxbackoff", 5000);
}
 
开发者ID:fengchen8086,项目名称:ditb,代码行数:48,代码来源:AsyncRpcChannel.java

示例10: splitKerberosName

import org.apache.hadoop.security.SecurityUtil; //导入方法依赖的package包/类
/**
 * Resolves the principal using Hadoop common's SecurityUtil and splits
 * the kerberos principal into three parts user name, host and kerberos realm
 *
 * @param principal
 * @return String[] of username, hostname and kerberos realm
 * @throws IOException
 */
public static String[] splitKerberosName(String principal) throws IOException {
  String resolvedPrinc = SecurityUtil.getServerPrincipal(principal, "");
  return SaslRpcServer.splitKerberosName(resolvedPrinc);
}
 
开发者ID:moueimei,项目名称:flume-release-1.7.0,代码行数:13,代码来源:FlumeAuthenticationUtil.java


注:本文中的org.apache.hadoop.security.SecurityUtil.getServerPrincipal方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。