org.apache.hadoop.hbase.security

Class UserProvider

java.lang.Object

org.apache.hadoop.hbase.BaseConfigurable

org.apache.hadoop.hbase.security.UserProvider

Direct Known Subclasses:

HadoopSecurityEnabledUserProviderForTesting

@InterfaceAudience.Private
public class UserProvider
extends BaseConfigurable

Provide an instance of a user. Allows custom User creation.

Constructor Summary

Constructors

Constructor and Description
UserProvider()

Method Summary

Modifier and Type	Method and Description
User	create(UserGroupInformation ugi) Wraps an underlying UserGroupInformation instance.
User	getCurrent()
java.lang.String	getCurrentUserName()
static UserProvider	instantiate(Configuration conf) Instantiate the UserProvider specified in the configuration and set the passed configuration via BaseConfigurable.setConf(Configuration)
boolean	isHadoopSecurityEnabled()
boolean	isHBaseSecurityEnabled()
void	login(java.lang.String fileConfKey, java.lang.String principalConfKey, java.lang.String localhost) Log in the current process using the given configuration keys for the credential file and login principal.
static void	setUserProviderForTesting(Configuration conf, java.lang.Class<? extends UserProvider> provider) Set the UserProvider in the given configuration that should be instantiated

Methods inherited from class org.apache.hadoop.hbase.BaseConfigurable

getConf, setConf

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UserProvider

public UserProvider()

Method Detail

instantiate

public static UserProvider instantiate(Configuration conf)

Instantiate the UserProvider specified in the configuration and set the passed configuration via BaseConfigurable.setConf(Configuration)

Parameters:

conf - to read and set on the created UserProvider

Returns:

a UserProvider ready for use.

setUserProviderForTesting

public static void setUserProviderForTesting(Configuration conf,
                                             java.lang.Class<? extends UserProvider> provider)

Set the UserProvider in the given configuration that should be instantiated

Parameters:

conf - to update

provider - class of the provider to set

getCurrentUserName

public java.lang.String getCurrentUserName()
                                    throws java.io.IOException

Returns:

the userName for the current logged-in user.

Throws:

java.io.IOException - if the underlying user cannot be obtained

isHBaseSecurityEnabled

public boolean isHBaseSecurityEnabled()

Returns:

true if security is enabled, false otherwise

isHadoopSecurityEnabled

public boolean isHadoopSecurityEnabled()

Returns:

whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop, this always returns false. For secure Hadoop, it will return the value from UserGroupInformation.isSecurityEnabled().

getCurrent

public User getCurrent()
                throws java.io.IOException

Returns:

the current user within the current execution context

Throws:

java.io.IOException - if the user cannot be loaded

create

public User create(UserGroupInformation ugi)

Wraps an underlying UserGroupInformation instance.

Parameters:

ugi - The base Hadoop user

Returns:

User

login

public void login(java.lang.String fileConfKey,
                  java.lang.String principalConfKey,
                  java.lang.String localhost)
           throws java.io.IOException

Log in the current process using the given configuration keys for the credential file and login principal.

This is only applicable when running on secure Hadoop -- see org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular Hadoop (without security features), this will safely be ignored.

Parameters:

fileConfKey - Property key used to configure path to the credential file

principalConfKey - Property key used to configure login principal

localhost - Current hostname to use in any credentials

Throws:

java.io.IOException - underlying exception from SecurityUtil.login() call