View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security;
19  
20  import java.io.IOException;
21  
22  import org.apache.hadoop.hbase.classification.InterfaceAudience;
23  import org.apache.hadoop.conf.Configuration;
24  import org.apache.hadoop.hbase.BaseConfigurable;
25  import org.apache.hadoop.security.UserGroupInformation;
26  import org.apache.hadoop.util.ReflectionUtils;
27  
28  /**
29   * Provide an instance of a user. Allows custom {@link User} creation.
30   */
31  
32  @InterfaceAudience.Private
33  public class UserProvider extends BaseConfigurable {
34  
35    private static final String USER_PROVIDER_CONF_KEY = "hbase.client.userprovider.class";
36  
37    /**
38     * Instantiate the {@link UserProvider} specified in the configuration and set the passed
39     * configuration via {@link UserProvider#setConf(Configuration)}
40     * @param conf to read and set on the created {@link UserProvider}
41     * @return a {@link UserProvider} ready for use.
42     */
43    public static UserProvider instantiate(Configuration conf) {
44      Class<? extends UserProvider> clazz =
45          conf.getClass(USER_PROVIDER_CONF_KEY, UserProvider.class, UserProvider.class);
46      return ReflectionUtils.newInstance(clazz, conf);
47    }
48  
49    /**
50     * Set the {@link UserProvider} in the given configuration that should be instantiated
51     * @param conf to update
52     * @param provider class of the provider to set
53     */
54    public static void setUserProviderForTesting(Configuration conf,
55        Class<? extends UserProvider> provider) {
56      conf.set(USER_PROVIDER_CONF_KEY, provider.getName());
57    }
58  
59    /**
60     * @return the userName for the current logged-in user.
61     * @throws IOException if the underlying user cannot be obtained
62     */
63    public String getCurrentUserName() throws IOException {
64      User user = getCurrent();
65      return user == null ? null : user.getName();
66    }
67  
68    /**
69     * @return <tt>true</tt> if security is enabled, <tt>false</tt> otherwise
70     */
71    public boolean isHBaseSecurityEnabled() {
72      return User.isHBaseSecurityEnabled(this.getConf());
73    }
74  
75    /**
76     * @return whether or not Kerberos authentication is configured for Hadoop. For non-secure Hadoop,
77     *         this always returns <code>false</code>. For secure Hadoop, it will return the value
78     *         from {@code UserGroupInformation.isSecurityEnabled()}.
79     */
80    public boolean isHadoopSecurityEnabled() {
81      return User.isSecurityEnabled();
82    }
83  
84    /**
85     * @return the current user within the current execution context
86     * @throws IOException if the user cannot be loaded
87     */
88    public User getCurrent() throws IOException {
89      return User.getCurrent();
90    }
91  
92    /**
93     * Wraps an underlying {@code UserGroupInformation} instance.
94     * @param ugi The base Hadoop user
95     * @return User
96     */
97    public User create(UserGroupInformation ugi) {
98      return User.create(ugi);
99    }
100 
101   /**
102    * Log in the current process using the given configuration keys for the credential file and login
103    * principal.
104    * <p>
105    * <strong>This is only applicable when running on secure Hadoop</strong> -- see
106    * org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular
107    * Hadoop (without security features), this will safely be ignored.
108    * </p>
109    * @param fileConfKey Property key used to configure path to the credential file
110    * @param principalConfKey Property key used to configure login principal
111    * @param localhost Current hostname to use in any credentials
112    * @throws IOException underlying exception from SecurityUtil.login() call
113    */
114   public void login(String fileConfKey, String principalConfKey, String localhost)
115       throws IOException {
116     User.login(getConf(), fileConfKey, principalConfKey, localhost);
117   }
118 }