|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.hadoop.security.UserGroupInformation
public class UserGroupInformation
User and group information for Hadoop. This class wraps around a JAAS Subject and provides methods to determine the user's username and groups. It supports both the Windows, Unix and Kerberos login modules.
Nested Class Summary | |
---|---|
static class |
UserGroupInformation.AuthenticationMethod
existing types of authentications' methods |
static class |
UserGroupInformation.HadoopLoginModule
A login module that looks at the Kerberos, Unix, or Windows principal and adds the corresponding UserName. |
Field Summary | |
---|---|
static String |
HADOOP_TOKEN_FILE_LOCATION
Environment variable pointing to the token cache file |
Method Summary | ||
---|---|---|
boolean |
addToken(Token<? extends TokenIdentifier> token)
Add a token to this UGI |
|
boolean |
addTokenIdentifier(TokenIdentifier tokenId)
Add a TokenIdentifier to this UGI. |
|
static UserGroupInformation |
createProxyUser(String user,
UserGroupInformation realUser)
Create a proxy user using username of the effective user and the ugi of the real user. |
|
static UserGroupInformation |
createProxyUserForTesting(String user,
UserGroupInformation realUser,
String[] userGroups)
Create a proxy user UGI for testing HDFS and MapReduce |
|
static UserGroupInformation |
createRemoteUser(String user)
Create a user from a login name. |
|
static UserGroupInformation |
createUserForTesting(String user,
String[] userGroups)
Create a UGI for testing HDFS and MapReduce |
|
|
doAs(PrivilegedAction<T> action)
Run the given action as the user. |
|
|
doAs(PrivilegedExceptionAction<T> action)
Run the given action as the user, potentially throwing an exception. |
|
boolean |
equals(Object o)
Compare the subjects to see if they are equal to each other. |
|
UserGroupInformation.AuthenticationMethod |
getAuthenticationMethod()
Get the authentication method from the subject |
|
static UserGroupInformation |
getCurrentUser()
Return the current user, including any doAs in the current stack. |
|
String[] |
getGroupNames()
Get the group names for this user. |
|
static UserGroupInformation |
getLoginUser()
Get the currently logged in user. |
|
UserGroupInformation |
getRealUser()
get RealUser (vs. |
|
String |
getShortUserName()
Get the user's login name. |
|
protected Subject |
getSubject()
Get the underlying subject from this ugi. |
|
Set<TokenIdentifier> |
getTokenIdentifiers()
Get the set of TokenIdentifiers belonging to this UGI |
|
Collection<Token<? extends TokenIdentifier>> |
getTokens()
Obtain the collection of tokens associated with this user. |
|
String |
getUserName()
Get the user's full principal name. |
|
int |
hashCode()
Return the hash of the subject. |
|
boolean |
hasKerberosCredentials()
checks if logged in using kerberos |
|
boolean |
isFromKeytab()
Is this user logged in from a keytab file? |
|
static boolean |
isLoginKeytabBased()
Did the login happen via keytab |
|
static boolean |
isSecurityEnabled()
Determine if UserGroupInformation is using Kerberos to determine user identities or is relying on simple authentication |
|
static void |
loginUserFromKeytab(String user,
String path)
Log a user in from a keytab file. |
|
static UserGroupInformation |
loginUserFromKeytabAndReturnUGI(String user,
String path)
Log a user in from a keytab file. |
|
static void |
main(String[] args)
A test method to print out the current user's UGI. |
|
void |
reloginFromKeytab()
Re-Login a user in from a keytab file. |
|
void |
reloginFromTicketCache()
Re-Login a user in from the ticket cache. |
|
void |
setAuthenticationMethod(UserGroupInformation.AuthenticationMethod authMethod)
Sets the authentication method in the subject |
|
static void |
setConfiguration(Configuration conf)
Set the static configuration for UGI. |
|
String |
toString()
Return the username. |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final String HADOOP_TOKEN_FILE_LOCATION
Method Detail |
---|
public static void setConfiguration(Configuration conf)
conf
- the configuration to usepublic static boolean isSecurityEnabled()
public boolean hasKerberosCredentials()
public static UserGroupInformation getCurrentUser() throws IOException
IOException
- if login failspublic static UserGroupInformation getLoginUser() throws IOException
IOException
- if login failspublic boolean isFromKeytab()
public static void loginUserFromKeytab(String user, String path) throws IOException
user
- the principal name to load from the keytabpath
- the path to the keytab file
IOException
- if the keytab file can't be readpublic void reloginFromTicketCache() throws IOException
IOException
- on a failurepublic static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user, String path) throws IOException
user
- the principal name to load from the keytabpath
- the path to the keytab file
IOException
- if the keytab file can't be readpublic void reloginFromKeytab() throws IOException
loginUserFromKeytab(String, String)
had
happened already.
The Subject field of this UserGroupInformation object is updated to have
the new credentials.
IOException
- on a failurepublic static boolean isLoginKeytabBased() throws IOException
IOException
public static UserGroupInformation createRemoteUser(String user)
user
- the full user principal name, must not be empty or null
public static UserGroupInformation createProxyUser(String user, UserGroupInformation realUser)
user
- realUser
-
public UserGroupInformation getRealUser()
public static UserGroupInformation createUserForTesting(String user, String[] userGroups)
user
- the full user principal nameuserGroups
- the names of the groups that the user belongs to
public static UserGroupInformation createProxyUserForTesting(String user, UserGroupInformation realUser, String[] userGroups)
user
- the full user principal name for effective userrealUser
- UGI of the real useruserGroups
- the names of the groups that the user belongs to
public String getShortUserName()
public String getUserName()
public boolean addTokenIdentifier(TokenIdentifier tokenId)
tokenId
- tokenIdentifier to be added
public Set<TokenIdentifier> getTokenIdentifiers()
public boolean addToken(Token<? extends TokenIdentifier> token)
token
- Token to be added
public Collection<Token<? extends TokenIdentifier>> getTokens()
public String[] getGroupNames()
public String toString()
toString
in class Object
public void setAuthenticationMethod(UserGroupInformation.AuthenticationMethod authMethod)
authMethod
- public UserGroupInformation.AuthenticationMethod getAuthenticationMethod()
public boolean equals(Object o)
equals
in class Object
public int hashCode()
hashCode
in class Object
protected Subject getSubject()
public <T> T doAs(PrivilegedAction<T> action)
T
- the return type of the run methodaction
- the method to execute
public <T> T doAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
T
- the return type of the run methodaction
- the method to execute
IOException
- if the action throws an IOException
Error
- if the action throws an Error
RuntimeException
- if the action throws a RuntimeException
InterruptedException
- if the action throws an InterruptedException
UndeclaredThrowableException
- if the action throws something elsepublic static void main(String[] args) throws Exception
args
- if there are two arguments, read the user from the keytab
and print it out.
Exception
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |