當前位置: 首頁>>代碼示例>>Java>>正文


Java UserGroupInformation.getRealUser方法代碼示例

本文整理匯總了Java中org.apache.hadoop.security.UserGroupInformation.getRealUser方法的典型用法代碼示例。如果您正苦於以下問題:Java UserGroupInformation.getRealUser方法的具體用法?Java UserGroupInformation.getRealUser怎麽用?Java UserGroupInformation.getRealUser使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在org.apache.hadoop.security.UserGroupInformation的用法示例。


在下文中一共展示了UserGroupInformation.getRealUser方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: initialize

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Called after a new FileSystem instance is constructed.
 *
 * @param name a uri whose authority section names the host, port, etc. for this FileSystem
 * @param conf the configuration
 */
@Override
public void initialize(URI name, Configuration conf) throws IOException {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();

  //the real use is the one that has the Kerberos credentials needed for
  //SPNEGO to work
  realUser = ugi.getRealUser();
  if (realUser == null) {
    realUser = UserGroupInformation.getLoginUser();
  }
  super.initialize(name, conf);
  try {
    uri = new URI(name.getScheme() + "://" + name.getAuthority());
  } catch (URISyntaxException ex) {
    throw new IOException(ex);
  }

  Class<? extends DelegationTokenAuthenticator> klass =
      getConf().getClass("httpfs.authenticator.class",
          KerberosDelegationTokenAuthenticator.class,
          DelegationTokenAuthenticator.class);
  DelegationTokenAuthenticator authenticator =
      ReflectionUtils.newInstance(klass, getConf());
  authURL = new DelegationTokenAuthenticatedURL(authenticator);
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:32,代碼來源:HttpFSFileSystem.java

示例2: getAuthParameters

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
Param<?,?>[] getAuthParameters(final HttpOpParam.Op op) throws IOException {
  List<Param<?,?>> authParams = Lists.newArrayList();    
  // Skip adding delegation token for token operations because these
  // operations require authentication.
  Token<?> token = null;
  if (!op.getRequireAuth()) {
    token = getDelegationToken();
  }
  if (token != null) {
    authParams.add(new DelegationParam(token.encodeToUrlString()));
  } else {
    UserGroupInformation userUgi = ugi;
    UserGroupInformation realUgi = userUgi.getRealUser();
    if (realUgi != null) { // proxy user
      authParams.add(new DoAsParam(userUgi.getShortUserName()));
      userUgi = realUgi;
    }
    authParams.add(new UserParam(userUgi.getShortUserName()));
  }
  return authParams.toArray(new Param<?,?>[0]);
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:22,代碼來源:WebHdfsFileSystem.java

示例3: authorize

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
@Override
public void authorize(UserGroupInformation user, 
    String remoteAddress) throws AuthorizationException {
  
  UserGroupInformation realUser = user.getRealUser();
  if (realUser == null) {
    return;
  }
  
  AccessControlList acl = proxyUserAcl.get(configPrefix +
      realUser.getShortUserName());
  if (acl == null || !acl.isUserAllowed(user)) {
    throw new AuthorizationException("User: " + realUser.getUserName()
        + " is not allowed to impersonate " + user.getUserName());
  }

  MachineList MachineList = proxyHosts.get(
      getProxySuperuserIpConfKey(realUser.getShortUserName()));

  if(MachineList == null || !MachineList.includes(remoteAddress)) {
    throw new AuthorizationException("Unauthorized connection for super-user: "
        + realUser.getUserName() + " from IP " + remoteAddress);
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:25,代碼來源:DefaultImpersonationProvider.java

示例4: getUserInfo

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private synchronized UserInformation getUserInfo(UserGroupInformation ugi) {
  if (ugi == null || authMethod == AuthMethod.DIGEST) {
    // Don't send user for token auth
    return null;
  }
  UserInformation.Builder userInfoPB = UserInformation.newBuilder();
  if (authMethod == AuthMethod.KERBEROS) {
    // Send effective user for Kerberos auth
    userInfoPB.setEffectiveUser(ugi.getUserName());
  } else if (authMethod == AuthMethod.SIMPLE) {
    //Send both effective user and real user for simple auth
    userInfoPB.setEffectiveUser(ugi.getUserName());
    if (ugi.getRealUser() != null) {
      userInfoPB.setRealUser(ugi.getRealUser().getUserName());
    }
  }
  return userInfoPB.build();
}
 
開發者ID:fengchen8086,項目名稱:ditb,代碼行數:19,代碼來源:RpcClientImpl.java

示例5: buildUserInfo

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Build the user information
 *
 * @param ugi        User Group Information
 * @param authMethod Authorization method
 * @return UserInformation protobuf
 */
private RPCProtos.UserInformation buildUserInfo(UserGroupInformation ugi, AuthMethod authMethod) {
  if (ugi == null || authMethod == AuthMethod.DIGEST) {
    // Don't send user for token auth
    return null;
  }
  RPCProtos.UserInformation.Builder userInfoPB = RPCProtos.UserInformation.newBuilder();
  if (authMethod == AuthMethod.KERBEROS) {
    // Send effective user for Kerberos auth
    userInfoPB.setEffectiveUser(ugi.getUserName());
  } else if (authMethod == AuthMethod.SIMPLE) {
    //Send both effective user and real user for simple auth
    userInfoPB.setEffectiveUser(ugi.getUserName());
    if (ugi.getRealUser() != null) {
      userInfoPB.setRealUser(ugi.getRealUser().getUserName());
    }
  }
  return userInfoPB.build();
}
 
開發者ID:fengchen8086,項目名稱:ditb,代碼行數:26,代碼來源:AsyncRpcChannel.java

示例6: authorize

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
@Override
public void authorize(UserGroupInformation user, 
    String remoteAddress) throws AuthorizationException {
  
  if (user == null) {
    throw new IllegalArgumentException("user is null.");
  }

  UserGroupInformation realUser = user.getRealUser();
  if (realUser == null) {
    return;
  }
  
  AccessControlList acl = proxyUserAcl.get(configPrefix +
      realUser.getShortUserName());
  if (acl == null || !acl.isUserAllowed(user)) {
    throw new AuthorizationException("User: " + realUser.getUserName()
        + " is not allowed to impersonate " + user.getUserName());
  }

  MachineList MachineList = proxyHosts.get(
      getProxySuperuserIpConfKey(realUser.getShortUserName()));

  if(MachineList == null || !MachineList.includes(remoteAddress)) {
    throw new AuthorizationException("Unauthorized connection for super-user: "
        + realUser.getUserName() + " from IP " + remoteAddress);
  }
}
 
開發者ID:nucypher,項目名稱:hadoop-oss,代碼行數:29,代碼來源:DefaultImpersonationProvider.java

示例7: makeIpcConnectionContext

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/** 
 * This method creates the connection context  using exactly the same logic
 * as the old connection context as was done for writable where
 * the effective and real users are set based on the auth method.
 *
 */
public static IpcConnectionContextProto makeIpcConnectionContext(
    final String protocol,
    final UserGroupInformation ugi, final AuthMethod authMethod) {
  IpcConnectionContextProto.Builder result = IpcConnectionContextProto.newBuilder();
  if (protocol != null) {
    result.setProtocol(protocol);
  }
  UserInformationProto.Builder ugiProto =  UserInformationProto.newBuilder();
  if (ugi != null) {
    /*
     * In the connection context we send only additional user info that
     * is not derived from the authentication done during connection setup.
     */
    if (authMethod == AuthMethod.KERBEROS) {
      // Real user was established as part of the connection.
      // Send effective user only.
      ugiProto.setEffectiveUser(ugi.getUserName());
    } else if (authMethod == AuthMethod.TOKEN) {
      // With token, the connection itself establishes 
      // both real and effective user. Hence send none in header.
    } else {  // Simple authentication
      // No user info is established as part of the connection.
      // Send both effective user and real user
      ugiProto.setEffectiveUser(ugi.getUserName());
      if (ugi.getRealUser() != null) {
        ugiProto.setRealUser(ugi.getRealUser().getUserName());
      }
    }
  }   
  result.setUserInfo(ugiProto);
  return result.build();
}
 
開發者ID:nucypher,項目名稱:hadoop-oss,代碼行數:39,代碼來源:ProtoUtil.java

示例8: shouldAuthenticateOverKrb

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  if (authMethod == AuthMethod.KERBEROS && loginUser != null &&
  // Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser))) {
    return true;
  }
  return false;
}
 
開發者ID:nucypher,項目名稱:hadoop-oss,代碼行數:15,代碼來源:Client.java

示例9: authorize

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Authorize a user (superuser) to impersonate another user (user1) if the 
 * superuser belongs to the group "sudo_user1" .
 */

public void authorize(UserGroupInformation user, 
    String remoteAddress) throws AuthorizationException{
  UserGroupInformation superUser = user.getRealUser();

  String sudoGroupName = "sudo_" + user.getShortUserName();
  if (!Arrays.asList(superUser.getGroupNames()).contains(sudoGroupName)){
    throw new AuthorizationException("User: " + superUser.getUserName()
        + " is not allowed to impersonate " + user.getUserName());
  }
}
 
開發者ID:nucypher,項目名稱:hadoop-oss,代碼行數:16,代碼來源:TestProxyUsers.java

示例10: logCurrentHadoopUser

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Log details about the current Hadoop user at INFO.
 * Robust against IOEs when trying to get the current user
 */
public void logCurrentHadoopUser() {
  try {
    UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
    LOG.info("Current user = {}",currentUser);
    UserGroupInformation realUser = currentUser.getRealUser();
    LOG.info("Real User = {}" , realUser);
  } catch (IOException e) {
    LOG.warn("Failed to get current user {}, {}", e);
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:15,代碼來源:RegistrySecurity.java

示例11: checkUgiFromAuth

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private void checkUgiFromAuth(UserGroupInformation ugi) {
  if (ugi.getRealUser() != null) {
    Assert.assertEquals(AuthenticationMethod.PROXY,
                        ugi.getAuthenticationMethod());
    Assert.assertEquals(AuthenticationMethod.KERBEROS_SSL,
                        ugi.getRealUser().getAuthenticationMethod());
  } else {
    Assert.assertEquals(AuthenticationMethod.KERBEROS_SSL,
                        ugi.getAuthenticationMethod()); 
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:12,代碼來源:TestJspHelper.java

示例12: checkUgiFromToken

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private void checkUgiFromToken(UserGroupInformation ugi) {
  if (ugi.getRealUser() != null) {
    Assert.assertEquals(AuthenticationMethod.PROXY,
                        ugi.getAuthenticationMethod());
    Assert.assertEquals(AuthenticationMethod.TOKEN,
                        ugi.getRealUser().getAuthenticationMethod());
  } else {
    Assert.assertEquals(AuthenticationMethod.TOKEN,
                        ugi.getAuthenticationMethod());
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:12,代碼來源:TestJspHelper.java

示例13: toProtoUserInfo

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
public static UserInformation toProtoUserInfo(UserGroupInformation ugi) {
  UserInformation.Builder userInfoPB = UserInformation.newBuilder();
  userInfoPB.setEffectiveUser(ugi.getUserName());
  if (ugi.getRealUser() != null) {
    userInfoPB.setRealUser(ugi.getRealUser().getUserName());
  }
  return userInfoPB.build();
}
 
開發者ID:fengchen8086,項目名稱:ditb,代碼行數:9,代碼來源:MasterProcedureUtil.java

示例14: shouldAuthenticateOverKrb

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser =
    UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  return authMethod == AuthMethod.KERBEROS &&
      loginUser != null &&
      //Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser));
}
 
開發者ID:fengchen8086,項目名稱:ditb,代碼行數:14,代碼來源:RpcClientImpl.java

示例15: shouldAuthenticateOverKrb

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Check if user should authenticate over Kerberos
 *
 * @return true if should be authenticated over Kerberos
 * @throws java.io.IOException on failure of check
 */
private synchronized boolean shouldAuthenticateOverKrb() throws IOException {
  UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
  UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
  UserGroupInformation realUser = currentUser.getRealUser();
  return authMethod == AuthMethod.KERBEROS &&
      loginUser != null &&
      //Make sure user logged in using Kerberos either keytab or TGT
      loginUser.hasKerberosCredentials() &&
      // relogin only in case it is the login user (e.g. JT)
      // or superuser (like oozie).
      (loginUser.equals(currentUser) || loginUser.equals(realUser));
}
 
開發者ID:fengchen8086,項目名稱:ditb,代碼行數:19,代碼來源:AsyncRpcChannel.java


注:本文中的org.apache.hadoop.security.UserGroupInformation.getRealUser方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。