예제 #1
0
  private User getActiveUser() {
    User user = RequestContext.getRequestUser();
    if (!RequestContext.isInRequestContext()) {
      return null;
    }

    // this is for testing
    if (userProvider.isHadoopSecurityEnabled()
        && "simple".equalsIgnoreCase(conf.get(User.HBASE_SECURITY_CONF_KEY))) {
      return User.createUserForTesting(conf, user.getShortName(), new String[] {});
    }

    return user;
  }
예제 #2
0
 @Override
 public void whoAmI(
     RpcController controller,
     AuthenticationProtos.WhoAmIRequest request,
     RpcCallback<AuthenticationProtos.WhoAmIResponse> done) {
   User requestUser = RequestContext.getRequestUser();
   AuthenticationProtos.WhoAmIResponse.Builder response =
       AuthenticationProtos.WhoAmIResponse.newBuilder();
   if (requestUser != null) {
     response.setUsername(requestUser.getShortName());
     AuthenticationMethod method = requestUser.getUGI().getAuthenticationMethod();
     if (method != null) {
       response.setAuthMethod(method.name());
     }
   }
   done.run(response.build());
 }
예제 #3
0
  @Override
  public void getAuthenticationToken(
      RpcController controller,
      AuthenticationProtos.GetAuthenticationTokenRequest request,
      RpcCallback<AuthenticationProtos.GetAuthenticationTokenResponse> done) {
    AuthenticationProtos.GetAuthenticationTokenResponse.Builder response =
        AuthenticationProtos.GetAuthenticationTokenResponse.newBuilder();

    try {
      if (secretManager == null) {
        throw new IOException("No secret manager configured for token authentication");
      }

      User currentUser = RequestContext.getRequestUser();
      UserGroupInformation ugi = null;
      if (currentUser != null) {
        ugi = currentUser.getUGI();
      }
      if (currentUser == null) {
        throw new AccessDeniedException("No authenticated user for request!");
      } else if (!isAllowedDelegationTokenOp(ugi)) {
        LOG.warn(
            "Token generation denied for user="******", authMethod="
                + ugi.getAuthenticationMethod());
        throw new AccessDeniedException(
            "Token generation only allowed for Kerberos authenticated clients");
      }

      Token<AuthenticationTokenIdentifier> token =
          secretManager.generateToken(currentUser.getName());
      response.setToken(ProtobufUtil.toToken(token)).build();
    } catch (IOException ioe) {
      ResponseConverter.setControllerException(controller, ioe);
    }
    done.run(response.build());
  }