|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.hadoop.security.UserGroupInformation
public class UserGroupInformation
User and group information for Hadoop. This class wraps around a JAAS Subject and provides methods to determine the user's username and groups. It supports both the Windows, Unix and Kerberos login modules.
Nested Class Summary | |
---|---|
static class |
UserGroupInformation.AuthenticationMethod
existing types of authentications' methods |
static class |
UserGroupInformation.HadoopLoginModule
A login module that looks at the Kerberos, Unix, or Windows principal and adds the corresponding UserName. |
Field Summary | |
---|---|
static String |
HADOOP_TOKEN_FILE_LOCATION
Environment variable pointing to the token cache file |
Method Summary | ||
---|---|---|
boolean |
addToken(Token<? extends TokenIdentifier> token)
Add a token to this UGI |
|
boolean |
addTokenIdentifier(TokenIdentifier tokenId)
Add a TokenIdentifier to this UGI. |
|
void |
checkTGTAndReloginFromKeytab()
Re-login a user from keytab if TGT is expired or is close to expiry. |
|
static UserGroupInformation |
createProxyUser(String user,
UserGroupInformation realUser)
Create a proxy user using username of the effective user and the ugi of the real user. |
|
static UserGroupInformation |
createProxyUserForTesting(String user,
UserGroupInformation realUser,
String[] userGroups)
Create a proxy user UGI for testing HDFS and MapReduce |
|
static UserGroupInformation |
createRemoteUser(String user)
Create a user from a login name. |
|
static UserGroupInformation |
createUserForTesting(String user,
String[] userGroups)
Create a UGI for testing HDFS and MapReduce |
|
|
doAs(PrivilegedAction<T> action)
Run the given action as the user. |
|
|
doAs(PrivilegedExceptionAction<T> action)
Run the given action as the user, potentially throwing an exception. |
|
boolean |
equals(Object o)
Compare the subjects to see if they are equal to each other. |
|
UserGroupInformation.AuthenticationMethod |
getAuthenticationMethod()
Get the authentication method from the subject |
|
static UserGroupInformation |
getCurrentUser()
Return the current user, including any doAs in the current stack. |
|
String[] |
getGroupNames()
Get the group names for this user. |
|
static UserGroupInformation |
getLoginUser()
Get the currently logged in user. |
|
UserGroupInformation |
getRealUser()
get RealUser (vs. |
|
String |
getShortUserName()
Get the user's login name. |
|
protected Subject |
getSubject()
Get the underlying subject from this ugi. |
|
Set<TokenIdentifier> |
getTokenIdentifiers()
Get the set of TokenIdentifiers belonging to this UGI |
|
Collection<Token<? extends TokenIdentifier>> |
getTokens()
Obtain the collection of tokens associated with this user. |
|
String |
getUserName()
Get the user's full principal name. |
|
int |
hashCode()
Return the hash of the subject. |
|
boolean |
hasKerberosCredentials()
checks if logged in using kerberos |
|
boolean |
isFromKeytab()
Is this user logged in from a keytab file? |
|
static boolean |
isLoginKeytabBased()
Did the login happen via keytab |
|
static boolean |
isSecurityEnabled()
Determine if UserGroupInformation is using Kerberos to determine user identities or is relying on simple authentication |
|
static void |
loginUserFromKeytab(String user,
String path)
Log a user in from a keytab file. |
|
static UserGroupInformation |
loginUserFromKeytabAndReturnUGI(String user,
String path)
Log a user in from a keytab file. |
|
static void |
main(String[] args)
A test method to print out the current user's UGI. |
|
void |
reloginFromKeytab()
Re-Login a user in from a keytab file. |
|
void |
reloginFromTicketCache()
Re-Login a user in from the ticket cache. |
|
void |
setAuthenticationMethod(UserGroupInformation.AuthenticationMethod authMethod)
Sets the authentication method in the subject |
|
static void |
setConfiguration(Configuration conf)
Set the static configuration for UGI. |
|
String |
toString()
Return the username. |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final String HADOOP_TOKEN_FILE_LOCATION
Method Detail |
---|
public static void setConfiguration(Configuration conf)
conf
- the configuration to usepublic static boolean isSecurityEnabled()
public boolean hasKerberosCredentials()
public static UserGroupInformation getCurrentUser() throws IOException
IOException
- if login failspublic static UserGroupInformation getLoginUser() throws IOException
IOException
- if login failspublic boolean isFromKeytab()
public static void loginUserFromKeytab(String user, String path) throws IOException
user
- the principal name to load from the keytabpath
- the path to the keytab file
IOException
- if the keytab file can't be readpublic void reloginFromTicketCache() throws IOException
IOException
- on a failurepublic static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user, String path) throws IOException
user
- the principal name to load from the keytabpath
- the path to the keytab file
IOException
- if the keytab file can't be readpublic void checkTGTAndReloginFromKeytab() throws IOException
IOException
public void reloginFromKeytab() throws IOException
loginUserFromKeytab(String, String)
had
happened already.
The Subject field of this UserGroupInformation object is updated to have
the new credentials.
IOException
- on a failurepublic static boolean isLoginKeytabBased() throws IOException
IOException
public static UserGroupInformation createRemoteUser(String user)
user
- the full user principal name, must not be empty or null
public static UserGroupInformation createProxyUser(String user, UserGroupInformation realUser)
user
- realUser
-
public UserGroupInformation getRealUser()
public static UserGroupInformation createUserForTesting(String user, String[] userGroups)
user
- the full user principal nameuserGroups
- the names of the groups that the user belongs to
public static UserGroupInformation createProxyUserForTesting(String user, UserGroupInformation realUser, String[] userGroups)
user
- the full user principal name for effective userrealUser
- UGI of the real useruserGroups
- the names of the groups that the user belongs to
public String getShortUserName()
public String getUserName()
public boolean addTokenIdentifier(TokenIdentifier tokenId)
tokenId
- tokenIdentifier to be added
public Set<TokenIdentifier> getTokenIdentifiers()
public boolean addToken(Token<? extends TokenIdentifier> token)
token
- Token to be added
public Collection<Token<? extends TokenIdentifier>> getTokens()
public String[] getGroupNames()
public String toString()
toString
in class Object
public void setAuthenticationMethod(UserGroupInformation.AuthenticationMethod authMethod)
authMethod
- public UserGroupInformation.AuthenticationMethod getAuthenticationMethod()
public boolean equals(Object o)
equals
in class Object
public int hashCode()
hashCode
in class Object
protected Subject getSubject()
public <T> T doAs(PrivilegedAction<T> action)
T
- the return type of the run methodaction
- the method to execute
public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
T
- the return type of the run methodaction
- the method to execute
IOException
- if the action throws an IOException
Error
- if the action throws an Error
RuntimeException
- if the action throws a RuntimeException
InterruptedException
- if the action throws an InterruptedException
UndeclaredThrowableException
- if the action throws something elsepublic static void main(String[] args) throws Exception
args
- if there are two arguments, read the user from the keytab
and print it out.
Exception
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |