HADOOP-8152. Expand public APIs for security library classes. Contributed by Aaron T. Myers
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1329541 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ebe0e9a99b
commit
858887e289
@ -267,6 +267,8 @@ Release 2.0.0 - UNRELEASED
|
||||
|
||||
HADOOP-8117. Upgrade test build to Surefire 2.12 (todd)
|
||||
|
||||
HADOOP-8152. Expand public APIs for security library classes. (atm via eli)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
BUG FIXES
|
||||
|
@ -220,6 +220,8 @@ public static void fetchServiceTicket(URL remoteHost) throws IOException {
|
||||
* @return converted Kerberos principal name
|
||||
* @throws IOException if the client address cannot be determined
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static String getServerPrincipal(String principalConfig,
|
||||
String hostname) throws IOException {
|
||||
String[] components = getComponents(principalConfig);
|
||||
@ -245,6 +247,8 @@ public static String getServerPrincipal(String principalConfig,
|
||||
* @return converted Kerberos principal name
|
||||
* @throws IOException if the client address cannot be determined
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static String getServerPrincipal(String principalConfig,
|
||||
InetAddress addr) throws IOException {
|
||||
String[] components = getComponents(principalConfig);
|
||||
@ -292,6 +296,8 @@ static String getLocalHostName() throws UnknownHostException {
|
||||
* the key to look for user's Kerberos principal name in conf
|
||||
* @throws IOException if login fails
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static void login(final Configuration conf,
|
||||
final String keytabFileKey, final String userNameKey) throws IOException {
|
||||
login(conf, keytabFileKey, userNameKey, getLocalHostName());
|
||||
@ -312,6 +318,8 @@ public static void login(final Configuration conf,
|
||||
* hostname to use for substitution
|
||||
* @throws IOException if the config doesn't specify a keytab
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static void login(final Configuration conf,
|
||||
final String keytabFileKey, final String userNameKey, String hostname)
|
||||
throws IOException {
|
||||
|
@ -69,7 +69,7 @@
|
||||
* user's username and groups. It supports both the Windows, Unix and Kerberos
|
||||
* login modules.
|
||||
*/
|
||||
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
||||
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce", "HBase", "Hive", "Oozie"})
|
||||
@InterfaceStability.Evolving
|
||||
public class UserGroupInformation {
|
||||
private static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
|
||||
@ -258,6 +258,8 @@ private static synchronized void initUGI(Configuration conf) {
|
||||
* group look up service.
|
||||
* @param conf the configuration to use
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static void setConfiguration(Configuration conf) {
|
||||
initialize(conf, false);
|
||||
}
|
||||
@ -500,6 +502,8 @@ public boolean hasKerberosCredentials() {
|
||||
* @return the current user
|
||||
* @throws IOException if login fails
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public synchronized
|
||||
static UserGroupInformation getCurrentUser() throws IOException {
|
||||
AccessControlContext context = AccessController.getContext();
|
||||
@ -516,6 +520,8 @@ static UserGroupInformation getCurrentUser() throws IOException {
|
||||
* @return the logged in user
|
||||
* @throws IOException if login fails
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public synchronized
|
||||
static UserGroupInformation getLoginUser() throws IOException {
|
||||
if (loginUser == null) {
|
||||
@ -652,6 +658,8 @@ public void run() {
|
||||
* @param path the path to the keytab file
|
||||
* @throws IOException if the keytab file can't be read
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public synchronized
|
||||
static void loginUserFromKeytab(String user,
|
||||
String path
|
||||
@ -710,6 +718,8 @@ public synchronized void checkTGTAndReloginFromKeytab() throws IOException {
|
||||
* the new credentials.
|
||||
* @throws IOException on a failure
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public synchronized void reloginFromKeytab()
|
||||
throws IOException {
|
||||
if (!isSecurityEnabled() ||
|
||||
@ -769,6 +779,8 @@ public synchronized void reloginFromKeytab()
|
||||
* the new credentials.
|
||||
* @throws IOException on a failure
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public synchronized void reloginFromTicketCache()
|
||||
throws IOException {
|
||||
if (!isSecurityEnabled() ||
|
||||
@ -867,6 +879,8 @@ private boolean hasSufficientTimeElapsed(long now) {
|
||||
* Did the login happen via keytab
|
||||
* @return true or false
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public synchronized static boolean isLoginKeytabBased() throws IOException {
|
||||
return getLoginUser().isKeytab;
|
||||
}
|
||||
@ -877,6 +891,8 @@ public synchronized static boolean isLoginKeytabBased() throws IOException {
|
||||
* @param user the full user principal name, must not be empty or null
|
||||
* @return the UserGroupInformation for the remote user.
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static UserGroupInformation createRemoteUser(String user) {
|
||||
if (user == null || "".equals(user)) {
|
||||
throw new IllegalArgumentException("Null user");
|
||||
@ -891,6 +907,7 @@ public static UserGroupInformation createRemoteUser(String user) {
|
||||
/**
|
||||
* existing types of authentications' methods
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static enum AuthenticationMethod {
|
||||
SIMPLE,
|
||||
@ -908,6 +925,8 @@ public static enum AuthenticationMethod {
|
||||
* @param realUser
|
||||
* @return proxyUser ugi
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static UserGroupInformation createProxyUser(String user,
|
||||
UserGroupInformation realUser) {
|
||||
if (user == null || "".equals(user)) {
|
||||
@ -929,6 +948,8 @@ public static UserGroupInformation createProxyUser(String user,
|
||||
* get RealUser (vs. EffectiveUser)
|
||||
* @return realUser running over proxy user
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public UserGroupInformation getRealUser() {
|
||||
for (RealUser p: subject.getPrincipals(RealUser.class)) {
|
||||
return p.getRealUser();
|
||||
@ -974,7 +995,8 @@ private void setUserGroups(String user, String[] groups) {
|
||||
* @param userGroups the names of the groups that the user belongs to
|
||||
* @return a fake user for running unit tests
|
||||
*/
|
||||
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public static UserGroupInformation createUserForTesting(String user,
|
||||
String[] userGroups) {
|
||||
ensureInitialized();
|
||||
@ -1000,7 +1022,6 @@ public static UserGroupInformation createUserForTesting(String user,
|
||||
* the names of the groups that the user belongs to
|
||||
* @return a fake user for running unit tests
|
||||
*/
|
||||
@InterfaceAudience.LimitedPrivate( { "HDFS", "MapReduce" })
|
||||
public static UserGroupInformation createProxyUserForTesting(String user,
|
||||
UserGroupInformation realUser, String[] userGroups) {
|
||||
ensureInitialized();
|
||||
@ -1029,6 +1050,8 @@ public String getShortUserName() {
|
||||
* Get the user's full principal name.
|
||||
* @return the user's full principal name.
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public String getUserName() {
|
||||
return user.getName();
|
||||
}
|
||||
@ -1182,6 +1205,8 @@ protected Subject getSubject() {
|
||||
* @param action the method to execute
|
||||
* @return the value from the run method
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public <T> T doAs(PrivilegedAction<T> action) {
|
||||
logPrivilegedAction(subject, action);
|
||||
return Subject.doAs(subject, action);
|
||||
@ -1198,6 +1223,8 @@ public <T> T doAs(PrivilegedAction<T> action) {
|
||||
* @throws InterruptedException if the action throws an InterruptedException
|
||||
* @throws UndeclaredThrowableException if the action throws something else
|
||||
*/
|
||||
@InterfaceAudience.Public
|
||||
@InterfaceStability.Evolving
|
||||
public <T> T doAs(PrivilegedExceptionAction<T> action
|
||||
) throws IOException, InterruptedException {
|
||||
try {
|
||||
|
Loading…
Reference in New Issue
Block a user