/**
* Checks whether Tachyon is running in secure mode, such as SIMPLE, KERBEROS, CUSTOM.
*
* @param authType the authentication type in configuration
*/
private static void checkSecurityEnabled(AuthType authType) {
// TODO: add Kerberos condition check.
if (authType != AuthType.SIMPLE && authType != AuthType.CUSTOM) {
throw new UnsupportedOperationException(
"User is not supported in " + authType.getAuthName() + " mode");
}
}
/**
* Logs in based on the LoginModules.
*
* @param conf Tachyon configuration
* @return the login user
* @throws IOException if login fails
*/
private static User login(TachyonConf conf) throws IOException {
AuthType authType = conf.getEnum(Constants.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
checkSecurityEnabled(authType);
try {
Subject subject = new Subject();
LoginContext loginContext =
new LoginContext(authType.getAuthName(), subject, null, new TachyonJaasConfiguration());
loginContext.login();
Set<User> userSet = subject.getPrincipals(User.class);
if (userSet.isEmpty()) {
throw new LoginException("No Tachyon User is found.");
}
if (userSet.size() > 1) {
throw new LoginException("More than one Tachyon User is found");
}
return userSet.iterator().next();
} catch (LoginException e) {
throw new IOException("Fail to login", e);
}
}
