|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.hadoop.security.SecurityUtil
public class SecurityUtil
Nested Class Summary | |
---|---|
protected static class |
SecurityUtil.QualifiedHostResolver
This an alternate resolver with important properties that the standard java resolver lacks: 1) The hostname is fully qualified. |
Field Summary | |
---|---|
static String |
HOSTNAME_PATTERN
|
static org.apache.commons.logging.Log |
LOG
|
Constructor Summary | |
---|---|
SecurityUtil()
|
Method Summary | |
---|---|
static String |
buildDTServiceName(URI uri,
int defPort)
create the service name for a Delegation token |
static Text |
buildTokenService(InetSocketAddress addr)
Construct the service key for a token |
static void |
fetchServiceTicket(URL remoteHost)
Explicitly pull the service ticket for the specified host. |
static AccessControlList |
getAdminAcls(Configuration conf,
String configKey)
Get the ACL object representing the cluster administrators The user who starts the daemon is automatically added as an admin |
static InetAddress |
getByName(String hostname)
Resolves a host subject to the security requirements determined by hadoop.security.token.service.use_ip. |
static String |
getHostFromPrincipal(String principalName)
Get the host name from the principal name of format |
static String |
getLocalHostName()
Get the fqdn for the current host. |
static String |
getServerPrincipal(String principalConfig,
InetAddress addr)
Convert Kerberos principal name pattern to valid Kerberos principal names. |
static String |
getServerPrincipal(String principalConfig,
String hostname)
Convert Kerberos principal name pattern to valid Kerberos principal names. |
static InetSocketAddress |
getTokenServiceAddr(Token<?> token)
Decode the given token's service field into an InetAddress |
protected static boolean |
isOriginalTGT(String name)
|
static void |
login(Configuration conf,
String keytabFileKey,
String userNameKey)
If a keytab has been provided, login as that user. |
static void |
login(Configuration conf,
String keytabFileKey,
String userNameKey,
String hostname)
If a keytab has been provided, login as that user. |
static URLConnection |
openSecureHttpConnection(URL url)
Open a (if need be) secure connection to a URL in a secure environment that is using SPNEGO or KSSL to authenticate its URLs. |
static void |
setTokenService(Token<?> token,
InetSocketAddress addr)
Set the given token's service to the format expected by the RPC client |
static boolean |
useKsslAuth()
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final org.apache.commons.logging.Log LOG
public static final String HOSTNAME_PATTERN
Constructor Detail |
---|
public SecurityUtil()
Method Detail |
---|
protected static boolean isOriginalTGT(String name)
public static void fetchServiceTicket(URL remoteHost) throws IOException
remoteHost
- Target URL the krb-https client will access
IOException
- if a service ticket is not availablepublic static String getServerPrincipal(String principalConfig, String hostname) throws IOException
principalConfig
- the Kerberos principal name conf value to converthostname
- the fully-qualified domain name used for substitution
IOException
- if the service ticket cannot be retrievedpublic static String getServerPrincipal(String principalConfig, InetAddress addr) throws IOException
getServerPrincipal(String, String)
,
except 1) the reverse DNS lookup from addr to hostname is done only when
necessary, 2) param addr can't be null (no default behavior of using local
hostname when addr is null).
principalConfig
- Kerberos principal name pattern to convertaddr
- InetAddress of the host used for substitution
IOException
- if the client address cannot be determinedpublic static String getLocalHostName() throws UnknownHostException
UnknownHostException
- if no IP address for the local host could be found.public static void login(Configuration conf, String keytabFileKey, String userNameKey) throws IOException
conf
- conf to usekeytabFileKey
- the key to look for keytab file in confuserNameKey
- the key to look for user's Kerberos principal name in conf
IOException
- if the client address cannot be determinedpublic static void login(Configuration conf, String keytabFileKey, String userNameKey, String hostname) throws IOException
conf
- conf to usekeytabFileKey
- the key to look for keytab file in confuserNameKey
- the key to look for user's Kerberos principal name in confhostname
- hostname to use for substitution
IOException
- if login failspublic static InetSocketAddress getTokenServiceAddr(Token<?> token)
token
- from which to obtain the service
public static void setTokenService(Token<?> token, InetSocketAddress addr)
token
- a delegation tokenaddr
- the socket for the rpc connectionpublic static Text buildTokenService(InetSocketAddress addr)
addr
- InetSocketAddress of remote connection with a token
public static String buildDTServiceName(URI uri, int defPort)
uri
- of the servicedefPort
- is used if the uri lacks a port
buildTokenService(InetSocketAddress)
public static AccessControlList getAdminAcls(Configuration conf, String configKey)
conf
- configKey
- the key that holds the ACL string in its value
public static String getHostFromPrincipal(String principalName)
principalName
- principal name of format as described above
public static boolean useKsslAuth()
public static URLConnection openSecureHttpConnection(URL url) throws IOException
url
- to authenticate via SPNEGO.
IOException
- If unable to authenticate via SPNEGOpublic static InetAddress getByName(String hostname) throws UnknownHostException
hostname
- host or ip to resolve
UnknownHostException
- if the host doesn't exist
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |