當前位置: 首頁>>代碼示例>>Java>>正文


Java UserGroupInformation.getShortUserName方法代碼示例

本文整理匯總了Java中org.apache.hadoop.security.UserGroupInformation.getShortUserName方法的典型用法代碼示例。如果您正苦於以下問題:Java UserGroupInformation.getShortUserName方法的具體用法?Java UserGroupInformation.getShortUserName怎麽用?Java UserGroupInformation.getShortUserName使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在org.apache.hadoop.security.UserGroupInformation的用法示例。


在下文中一共展示了UserGroupInformation.getShortUserName方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: doGet

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
    throws ServletException, IOException {
  UserGroupInformation ugi = HttpUserGroupInformation.get();
  if (ugi != null) {
    String ret = "remoteuser=" + req.getRemoteUser() + ":ugi=" +
        ugi.getShortUserName();
    if (ugi.getAuthenticationMethod() ==
        UserGroupInformation.AuthenticationMethod.PROXY) {
      ret = "realugi=" + ugi.getRealUser().getShortUserName() + ":" + ret;
    }
    resp.setStatus(HttpServletResponse.SC_OK);
    resp.getWriter().write(ret);
  } else {
    resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:18,代碼來源:TestWebDelegationToken.java

示例2: startContainer

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private StartContainersResponse startContainer(Context context,
    final ContainerManagerImpl cm, ContainerId cid,
    ContainerLaunchContext clc, LogAggregationContext logAggregationContext)
        throws Exception {
  UserGroupInformation user = UserGroupInformation.createRemoteUser(
      cid.getApplicationAttemptId().toString());
  StartContainerRequest scReq = StartContainerRequest.newInstance(
      clc, TestContainerManager.createContainerToken(cid, 0,
          context.getNodeId(), user.getShortUserName(),
          context.getContainerTokenSecretManager(), logAggregationContext));
  final List<StartContainerRequest> scReqList =
      new ArrayList<StartContainerRequest>();
  scReqList.add(scReq);
  NMTokenIdentifier nmToken = new NMTokenIdentifier(
      cid.getApplicationAttemptId(), context.getNodeId(),
      user.getShortUserName(),
      context.getNMTokenSecretManager().getCurrentKey().getKeyId());
  user.addTokenIdentifier(nmToken);
  return user.doAs(new PrivilegedExceptionAction<StartContainersResponse>() {
    @Override
    public StartContainersResponse run() throws Exception {
      return cm.startContainers(
          StartContainersRequest.newInstance(scReqList));
    }
  });
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:27,代碼來源:TestContainerManagerRecovery.java

示例3: checkAccess

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Throw an exception if an action is not permitted by a user on a file.
 *
 * @param ugi
 *          the user
 * @param file
 *          the file
 * @param action
 *          the action
 */
public static void checkAccess(UserGroupInformation ugi, FileStatus file,
    FsAction action) throws AccessDeniedException {
  if (ugi.getShortUserName().equals(file.getOwner())) {
    if (file.getPermission().getUserAction().implies(action)) {
      return;
    }
  } else if (contains(ugi.getGroupNames(), file.getGroup())) {
    if (file.getPermission().getGroupAction().implies(action)) {
      return;
    }
  } else if (file.getPermission().getOtherAction().implies(action)) {
    return;
  }
  throw new AccessDeniedException("Permission denied:" + " action=" + action
      + " path=" + file.getPath() + " user=" + ugi.getShortUserName());
}
 
開發者ID:fengchen8086,項目名稱:ditb,代碼行數:27,代碼來源:FSUtils.java

示例4: checkReservationACLs

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private String checkReservationACLs(String queueName, String auditConstant)
    throws YarnException {
  UserGroupInformation callerUGI;
  try {
    callerUGI = UserGroupInformation.getCurrentUser();
  } catch (IOException ie) {
    RMAuditLogger.logFailure("UNKNOWN", auditConstant, queueName,
        "ClientRMService", "Error getting UGI");
    throw RPCUtil.getRemoteException(ie);
  }
  // Check if user has access on the managed queue
  if (!queueACLsManager.checkAccess(callerUGI, QueueACL.SUBMIT_APPLICATIONS,
      queueName)) {
    RMAuditLogger.logFailure(
        callerUGI.getShortUserName(),
        auditConstant,
        "User doesn't have permissions to "
            + QueueACL.SUBMIT_APPLICATIONS.toString(), "ClientRMService",
        AuditConstants.UNAUTHORIZED_USER);
    throw RPCUtil.getRemoteException(new AccessControlException("User "
        + callerUGI.getShortUserName() + " cannot perform operation "
        + QueueACL.SUBMIT_APPLICATIONS.name() + " on queue" + queueName));
  }
  return callerUGI.getShortUserName();
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:26,代碼來源:ClientRMService.java

示例5: checkAccessPermissions

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * This method provides the default implementation of
 * {@link #access(Path, FsAction)}.
 *
 * @param stat FileStatus to check
 * @param mode type of access to check
 * @throws IOException for any error
 */
@InterfaceAudience.Private
static void checkAccessPermissions(FileStatus stat, FsAction mode)
    throws IOException {
  FsPermission perm = stat.getPermission();
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  String user = ugi.getShortUserName();
  List<String> groups = Arrays.asList(ugi.getGroupNames());
  if (user.equals(stat.getOwner())) {
    if (perm.getUserAction().implies(mode)) {
      return;
    }
  } else if (groups.contains(stat.getGroup())) {
    if (perm.getGroupAction().implies(mode)) {
      return;
    }
  } else {
    if (perm.getOtherAction().implies(mode)) {
      return;
    }
  }
  throw new AccessControlException(String.format(
    "Permission denied: user=%s, path=\"%s\":%s:%s:%s%s", user, stat.getPath(),
    stat.getOwner(), stat.getGroup(), stat.isDirectory() ? "d" : "-", perm));
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:33,代碼來源:FileSystem.java

示例6: checkAccess

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * If authorization is enabled, checks whether the user (in the callerUGI)
 * is authorized to perform the operation specified by 'jobOperation' on
 * the job by checking if the user is jobOwner or part of job ACL for the
 * specific job operation.
 * <ul>
 * <li>The owner of the job can do any operation on the job</li>
 * <li>For all other users/groups job-acls are checked</li>
 * </ul>
 * @param callerUGI
 * @param jobOperation
 * @param jobOwner
 * @param jobACL
 */
public boolean checkAccess(UserGroupInformation callerUGI,
    JobACL jobOperation, String jobOwner, AccessControlList jobACL) {

  if (LOG.isDebugEnabled()) {
    LOG.debug("checkAccess job acls, jobOwner: " + jobOwner + " jobacl: "
        + jobOperation.toString() + " user: " + callerUGI.getShortUserName());
  }
  String user = callerUGI.getShortUserName();
  if (!areACLsEnabled()) {
    return true;
  }

  // Allow Job-owner for any operation on the job
  if (isMRAdmin(callerUGI)
      || user.equals(jobOwner)
      || jobACL.isUserAllowed(callerUGI)) {
    return true;
  }

  return false;
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:36,代碼來源:JobACLsManager.java

示例7: testLsr

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
@Test (timeout = 30000)
public void testLsr() throws Exception {
  final Configuration conf = new HdfsConfiguration();
  MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).numDataNodes(2).build();
  DistributedFileSystem dfs = cluster.getFileSystem();

  try {
    final String root = createTree(dfs, "lsr");
    dfs.mkdirs(new Path(root, "zzz"));
    
    runLsr(new FsShell(conf), root, 0);
    
    final Path sub = new Path(root, "sub");
    dfs.setPermission(sub, new FsPermission((short)0));

    final UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
    final String tmpusername = ugi.getShortUserName() + "1";
    UserGroupInformation tmpUGI = UserGroupInformation.createUserForTesting(
        tmpusername, new String[] {tmpusername});
    String results = tmpUGI.doAs(new PrivilegedExceptionAction<String>() {
      @Override
      public String run() throws Exception {
        return runLsr(new FsShell(conf), root, 1);
      }
    });
    assertTrue(results.contains("zzz"));
  } finally {
    cluster.shutdown();
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:31,代碼來源:TestDFSShell.java

示例8: authorize

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Authorize a user (superuser) to impersonate another user (user1) if the 
 * superuser belongs to the group "sudo_user1" .
 */

public void authorize(UserGroupInformation user, 
    String remoteAddress) throws AuthorizationException{
  UserGroupInformation superUser = user.getRealUser();

  String sudoGroupName = "sudo_" + user.getShortUserName();
  if (!Arrays.asList(superUser.getGroupNames()).contains(sudoGroupName)){
    throw new AuthorizationException("User: " + superUser.getUserName()
        + " is not allowed to impersonate " + user.getUserName());
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:16,代碼來源:TestProxyUsers.java

示例9: verifyAdminAccess

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Utility method to verify if the current user has access based on the
 * passed {@link AccessControlList}
 * @param authorizer the {@link AccessControlList} to check against
 * @param method the method name to be logged
 * @param module like AdminService or NodeLabelManager
 * @param LOG the logger to use
 * @return {@link UserGroupInformation} of the current user
 * @throws IOException
 */
public static UserGroupInformation verifyAdminAccess(
    YarnAuthorizationProvider authorizer, String method, String module,
    final Log LOG)
    throws IOException {
  UserGroupInformation user;
  try {
    user = UserGroupInformation.getCurrentUser();
  } catch (IOException ioe) {
    LOG.warn("Couldn't get current user", ioe);
    RMAuditLogger.logFailure("UNKNOWN", method, "",
        "AdminService", "Couldn't get current user");
    throw ioe;
  }

  if (!authorizer.isAdmin(user)) {
    LOG.warn("User " + user.getShortUserName() + " doesn't have permission" +
        " to call '" + method + "'");

    RMAuditLogger.logFailure(user.getShortUserName(), method, "", module,
      RMAuditLogger.AuditConstants.UNAUTHORIZED_USER);

    throw new AccessControlException("User " + user.getShortUserName() +
            " doesn't have permission" +
            " to call '" + method + "'");
  }
  if (LOG.isTraceEnabled()) {
    LOG.trace(method + " invoked by user " + user.getShortUserName());
  }
  return user;
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:41,代碼來源:RMServerUtils.java

示例10: generateToken

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/** Generate an block token for current user */
public Token<BlockTokenIdentifier> generateToken(ExtendedBlock block,
    EnumSet<AccessMode> modes) throws IOException {
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  String userID = (ugi == null ? null : ugi.getShortUserName());
  return generateToken(userID, block, modes);
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:8,代碼來源:BlockTokenSecretManager.java

示例11: getUserQuotaState

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
/**
 * Returns the QuotaState associated to the specified user.
 * @param ugi the user
 * @return the quota info associated to specified user
 */
public UserQuotaState getUserQuotaState(final UserGroupInformation ugi) {
  String key = ugi.getShortUserName();
  UserQuotaState quotaInfo = userQuotaCache.get(key);
  if (quotaInfo == null) {
    quotaInfo = new UserQuotaState();
    if (userQuotaCache.putIfAbsent(key, quotaInfo) == null) {
      triggerCacheRefresh();
    }
  }
  return quotaInfo;
}
 
開發者ID:fengchen8086,項目名稱:ditb,代碼行數:17,代碼來源:QuotaCache.java

示例12: checkAcls

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private UserGroupInformation checkAcls(String method) throws IOException {
  UserGroupInformation user;
  try {
    user = UserGroupInformation.getCurrentUser();
  } catch (IOException ioe) {
    LOG.warn("Couldn't get current user", ioe);

    HSAuditLogger.logFailure("UNKNOWN", method, adminAcl.toString(),
        HISTORY_ADMIN_SERVER, "Couldn't get current user");

    throw ioe;
  }

  if (!adminAcl.isUserAllowed(user)) {
    LOG.warn("User " + user.getShortUserName() + " doesn't have permission"
        + " to call '" + method + "'");

    HSAuditLogger.logFailure(user.getShortUserName(), method,
        adminAcl.toString(), HISTORY_ADMIN_SERVER,
        AuditConstants.UNAUTHORIZED_USER);

    throw new AccessControlException("User " + user.getShortUserName()
        + " doesn't have permission" + " to call '" + method + "'");
  }
  LOG.info("HS Admin: " + method + " invoked by user "
      + user.getShortUserName());

  return user;
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:30,代碼來源:HSAdminServer.java

示例13: createSymlink

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
@Override // ClientProtocol
public void createSymlink(String target, String link, FsPermission dirPerms,
    boolean createParent) throws IOException {
  checkNNStartup();
  CacheEntry cacheEntry = RetryCache.waitForCompletion(retryCache);
  if (cacheEntry != null && cacheEntry.isSuccess()) {
    return; // Return previous response
  }

  /* We enforce the MAX_PATH_LENGTH limit even though a symlink target
   * URI may refer to a non-HDFS file system. 
   */
  if (!checkPathLength(link)) {
    throw new IOException("Symlink path exceeds " + MAX_PATH_LENGTH +
                          " character limit");
                          
  }

  final UserGroupInformation ugi = getRemoteUser();

  boolean success = false;
  try {
    PermissionStatus perm = new PermissionStatus(ugi.getShortUserName(),
        null, dirPerms);
    namesystem.createSymlink(target, link, perm, createParent,
        cacheEntry != null);
    success = true;
  } finally {
    RetryCache.setState(cacheEntry, success);
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:32,代碼來源:NameNodeRpcServer.java

示例14: verifyAndGetJob

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
private Job verifyAndGetJob(JobId jobID, JobACL accessType,
    boolean exceptionThrow) throws IOException {
  Job job = appContext.getJob(jobID);
  if (job == null && exceptionThrow) {
    throw new IOException("Unknown Job " + jobID);
  }
  UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
  if (job != null && !job.checkAccess(ugi, accessType)) {
    throw new AccessControlException("User " + ugi.getShortUserName()
        + " cannot perform operation " + accessType.name() + " on "
        + jobID);
  }
  return job;
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:15,代碼來源:MRClientService.java

示例15: serviceStart

import org.apache.hadoop.security.UserGroupInformation; //導入方法依賴的package包/類
@Override
protected void serviceStart() throws Exception {
  if (overrideStart) {
    try {
      UserGroupInformation ugi = UserGroupInformation.getCurrentUser();
      String user = ugi.getShortUserName();
      stagingDirPath = MRApps.getStagingAreaDir(conf, user);
    } catch (Exception e) {
      fail(e.getMessage());
    }
  } else {
    super.serviceStart();
  }
}
 
開發者ID:naver,項目名稱:hadoop,代碼行數:15,代碼來源:TestMRAppMaster.java


注:本文中的org.apache.hadoop.security.UserGroupInformation.getShortUserName方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。