public static void initProcessSecurity(Configuration conf) throws IOException, BadConfigException { log.info("Secure mode with kerberos realm {}", HoyaUtils.getKerberosRealm()); // this gets UGI to reset its previous world view (i.e simple auth) // security SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, conf); UserGroupInformation.setConfiguration(conf); UserGroupInformation ugi = UserGroupInformation.getCurrentUser(); log.debug("Authenticating as " + ugi.toString()); log.debug("Login user is {}", UserGroupInformation.getLoginUser()); if (!UserGroupInformation.isSecurityEnabled()) { throw new BadConfigException( "Although secure mode is enabled," + "the application has already set up its user as an insecure entity %s", ugi); } HoyaUtils.verifyPrincipalSet(conf, YarnConfiguration.RM_PRINCIPAL); HoyaUtils.verifyPrincipalSet(conf, DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY); }
public static User createUserForTesting(Configuration conf, String name, String[] groups) { try { Class c = Class.forName("org.apache.hadoop.security.UnixUserGroupInformation"); Constructor constructor = c.getConstructor(String.class, String[].class); if (constructor == null) { throw new NullPointerException(); } UserGroupInformation newUser = (UserGroupInformation) constructor.newInstance(name, groups); // set user in configuration -- hack for regular hadoop conf.set("hadoop.job.ugi", newUser.toString()); return new HadoopUser(newUser); } catch (ClassNotFoundException cnfe) { throw new RuntimeException( "UnixUserGroupInformation not found, is this secure Hadoop?", cnfe); } catch (NoSuchMethodException nsme) { throw new RuntimeException( "No valid constructor found for UnixUserGroupInformation!", nsme); } catch (RuntimeException re) { throw re; } catch (Exception e) { throw new UndeclaredThrowableException( e, "Unexpected exception instantiating new UnixUserGroupInformation"); } }
@Override public String toString() { return realUser.toString(); }
public String toString() { return ugi.toString(); }