1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18 package org.apache.hadoop.hbase.security;
19
20 import java.io.IOException;
21
22 import org.apache.hadoop.hbase.classification.InterfaceAudience;
23 import org.apache.hadoop.conf.Configuration;
24 import org.apache.hadoop.hbase.BaseConfigurable;
25 import org.apache.hadoop.security.UserGroupInformation;
26 import org.apache.hadoop.util.ReflectionUtils;
27
28 /**
29 * Provide an instance of a user. Allows custom {@link User} creation.
30 */
31
32 @InterfaceAudience.Private
33 public class UserProvider extends BaseConfigurable {
34
35 private static final String USER_PROVIDER_CONF_KEY = "hbase.client.userprovider.class";
36
37 /**
38 * Instantiate the {@link UserProvider} specified in the configuration and set the passed
39 * configuration via {@link UserProvider#setConf(Configuration)}
40 * @param conf to read and set on the created {@link UserProvider}
41 * @return a {@link UserProvider} ready for use.
42 */
43 public static UserProvider instantiate(Configuration conf) {
44 Class<? extends UserProvider> clazz =
45 conf.getClass(USER_PROVIDER_CONF_KEY, UserProvider.class, UserProvider.class);
46 return ReflectionUtils.newInstance(clazz, conf);
47 }
48
49 /**
50 * Set the {@link UserProvider} in the given configuration that should be instantiated
51 * @param conf to update
52 * @param provider class of the provider to set
53 */
54 public static void setUserProviderForTesting(Configuration conf,
55 Class<? extends UserProvider> provider) {
56 conf.set(USER_PROVIDER_CONF_KEY, provider.getName());
57 }
58
59 /**
60 * @return the userName for the current logged-in user.
61 * @throws IOException if the underlying user cannot be obtained
62 */
63 public String getCurrentUserName() throws IOException {
64 User user = getCurrent();
65 return user == null ? null : user.getName();
66 }
67
68 /**
69 * @return <tt>true</tt> if security is enabled, <tt>false</tt> otherwise
70 */
71 public boolean isHBaseSecurityEnabled() {
72 return User.isHBaseSecurityEnabled(this.getConf());
73 }
74
75 /**
76 * @return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop,
77 * this always returns <code>false</code>. For secure Hadoop, it will return the value
78 * from {@code UserGroupInformation.isSecurityEnabled()}.
79 */
80 public boolean isHadoopSecurityEnabled() {
81 return User.isSecurityEnabled();
82 }
83
84 /**
85 * @return the current user within the current execution context
86 * @throws IOException if the user cannot be loaded
87 */
88 public User getCurrent() throws IOException {
89 return User.getCurrent();
90 }
91
92 /**
93 * Wraps an underlying {@code UserGroupInformation} instance.
94 * @param ugi The base Hadoop user
95 * @return User
96 */
97 public User create(UserGroupInformation ugi) {
98 return User.create(ugi);
99 }
100
101 /**
102 * Log in the current process using the given configuration keys for the credential file and login
103 * principal.
104 * <p>
105 * <strong>This is only applicable when running on secure Hadoop</strong> -- see
106 * org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular
107 * Hadoop (without security features), this will safely be ignored.
108 * </p>
109 * @param fileConfKey Property key used to configure path to the credential file
110 * @param principalConfKey Property key used to configure login principal
111 * @param localhost Current hostname to use in any credentials
112 * @throws IOException underlying exception from SecurityUtil.login() call
113 */
114 public void login(String fileConfKey, String principalConfKey, String localhost)
115 throws IOException {
116 User.login(getConf(), fileConfKey, principalConfKey, localhost);
117 }
118 }