accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e..@apache.org
Subject svn commit: r1438563 - /accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
Date Fri, 25 Jan 2013 15:52:16 GMT
Author: ecn
Date: Fri Jan 25 15:52:16 2013
New Revision: 1438563

URL: http://svn.apache.org/viewvc?rev=1438563&view=rev
Log:
ACCUMULO-259: move missing file from branch into trunk

Added:
    accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
  (with props)

Added: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
URL: http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java?rev=1438563&view=auto
==============================================================================
--- accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
(added)
+++ accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
Fri Jan 25 15:52:16 2013
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.core.security;
+
+import java.io.IOException;
+import java.net.InetAddress;
+
+import org.apache.accumulo.core.conf.AccumuloConfiguration;
+import org.apache.accumulo.core.conf.Property;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.log4j.Logger;
+
+/**
+ * 
+ */
+public class SecurityUtil {
+  private static final Logger log = Logger.getLogger(SecurityUtil.class);
+  public static boolean usingKerberos = false;
+  /**
+   * This method is for logging a server in kerberos. If this is used in client code, it
will fail unless run as the accumulo keytab's owner. Instead, use
+   * {@link #login(String, String)}
+   */
+  public static void serverLogin() {
+    @SuppressWarnings("deprecation")
+    AccumuloConfiguration acuConf = AccumuloConfiguration.getSiteConfiguration();
+    String keyTab = acuConf.get(Property.GENERAL_KERBEROS_KEYTAB);
+    System.out.println("Using keytab " + keyTab);
+    if (keyTab == null || keyTab.length() == 0)
+      return;
+    
+    usingKerberos = true;
+    if (keyTab.contains("$ACCUMULO_HOME") && System.getenv("ACCUMULO_HOME") != null)
+      keyTab = keyTab.replace("$ACCUMULO_HOME", System.getenv("ACCUMULO_HOME"));
+    
+    String principalConfig = acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
+    if (principalConfig == null || principalConfig.length() == 0)
+      return;
+    
+    if (login(principalConfig, keyTab)) {
+      try {
+        // This spawns a thread to periodically renew the logged in (accumulo) user
+        UserGroupInformation.getLoginUser();
+      } catch (IOException io) {
+        log.error("Error starting up renewal thread. This shouldn't be happenining.", io);
+      }
+    }
+  }
+  
+  /**
+   * This will log in the given user in kerberos.
+   * 
+   * @param principalConfig
+   *          This is the principals name in the format NAME/HOST@REALM. {@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN}
will automatically be
+   *          replaced by the systems host name.
+   * @param keyTabPath
+   * @return true if login succeeded, otherwise false
+   */
+  public static boolean login(String principalConfig, String keyTabPath) {
+    try {
+      String principalName = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(principalConfig,
InetAddress.getLocalHost().getCanonicalHostName());
+      if (keyTabPath != null && principalName != null && keyTabPath.length()
!= 0 && principalName.length() != 0) {
+        UserGroupInformation.loginUserFromKeytab(principalName, keyTabPath);
+        log.info("Succesfully logged in as user " + principalConfig);
+        return true;
+      }
+    } catch (IOException io) {
+      log.error("Error logging in user " + principalConfig + " using keytab at " + keyTabPath,
io);
+    }
+    return false;
+  }
+}

Propchange: accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message