Return-Path: X-Original-To: apmail-accumulo-commits-archive@www.apache.org Delivered-To: apmail-accumulo-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C7C8610B57 for ; Mon, 22 Dec 2014 19:17:46 +0000 (UTC) Received: (qmail 43856 invoked by uid 500); 22 Dec 2014 19:17:46 -0000 Delivered-To: apmail-accumulo-commits-archive@accumulo.apache.org Received: (qmail 43755 invoked by uid 500); 22 Dec 2014 19:17:46 -0000 Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list commits@accumulo.apache.org Received: (qmail 43622 invoked by uid 99); 22 Dec 2014 19:17:46 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Dec 2014 19:17:46 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 5653EA3339C; Mon, 22 Dec 2014 19:17:46 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: elserj@apache.org To: commits@accumulo.apache.org Date: Mon, 22 Dec 2014 19:17:50 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [6/9] accumulo git commit: ACCUMULO-3446 Git didn't automatically rename it. ACCUMULO-3446 Git didn't automatically rename it. server/src changed to server/base/src from 1.5 to 1.6. Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/c5427e13 Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/c5427e13 Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/c5427e13 Branch: refs/heads/master Commit: c5427e13a6357b68296b3e7cbad8e5aafe8a08d5 Parents: c328046 Author: Josh Elser Authored: Mon Dec 22 13:46:26 2014 -0500 Committer: Josh Elser Committed: Mon Dec 22 13:46:26 2014 -0500 ---------------------------------------------------------------------- .../accumulo/server/security/SecurityUtil.java | 83 ++++++++++++++++++++ .../accumulo/server/security/SecurityUtil.java | 83 -------------------- 2 files changed, 83 insertions(+), 83 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/c5427e13/server/base/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java new file mode 100644 index 0000000..684efc3 --- /dev/null +++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java @@ -0,0 +1,83 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.accumulo.core.security; + +import java.io.IOException; +import java.net.InetAddress; + +import org.apache.accumulo.core.conf.AccumuloConfiguration; +import org.apache.accumulo.core.conf.Property; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.log4j.Logger; + +/** + * + */ +public class SecurityUtil { + private static final Logger log = Logger.getLogger(SecurityUtil.class); + public static boolean usingKerberos = false; + + /** + * This method is for logging a server in kerberos. If this is used in client code, it will fail unless run as the accumulo keytab's owner. Instead, use + * {@link #login(String, String)} + */ + public static void serverLogin(AccumuloConfiguration acuConf) { + String keyTab = acuConf.getPath(Property.GENERAL_KERBEROS_KEYTAB); + if (keyTab == null || keyTab.length() == 0) + return; + + usingKerberos = true; + + String principalConfig = acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL); + if (principalConfig == null || principalConfig.length() == 0) + return; + + if (login(principalConfig, keyTab)) { + try { + // This spawns a thread to periodically renew the logged in (accumulo) user + UserGroupInformation.getLoginUser(); + return; + } catch (IOException io) { + log.error("Error starting up renewal thread. This shouldn't be happenining.", io); + } + } + + throw new RuntimeException("Failed to perform Kerberos login for " + principalConfig + " using " + keyTab); + } + + /** + * This will log in the given user in kerberos. + * + * @param principalConfig + * This is the principals name in the format NAME/HOST@REALM. {@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will automatically be + * replaced by the systems host name. + * @return true if login succeeded, otherwise false + */ + public static boolean login(String principalConfig, String keyTabPath) { + try { + String principalName = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(principalConfig, InetAddress.getLocalHost().getCanonicalHostName()); + if (keyTabPath != null && principalName != null && keyTabPath.length() != 0 && principalName.length() != 0) { + UserGroupInformation.loginUserFromKeytab(principalName, keyTabPath); + log.info("Succesfully logged in as user " + principalConfig); + return true; + } + } catch (IOException io) { + log.error("Error logging in user " + principalConfig + " using keytab at " + keyTabPath, io); + } + return false; + } +} http://git-wip-us.apache.org/repos/asf/accumulo/blob/c5427e13/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java b/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java deleted file mode 100644 index 684efc3..0000000 --- a/server/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.accumulo.core.security; - -import java.io.IOException; -import java.net.InetAddress; - -import org.apache.accumulo.core.conf.AccumuloConfiguration; -import org.apache.accumulo.core.conf.Property; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.log4j.Logger; - -/** - * - */ -public class SecurityUtil { - private static final Logger log = Logger.getLogger(SecurityUtil.class); - public static boolean usingKerberos = false; - - /** - * This method is for logging a server in kerberos. If this is used in client code, it will fail unless run as the accumulo keytab's owner. Instead, use - * {@link #login(String, String)} - */ - public static void serverLogin(AccumuloConfiguration acuConf) { - String keyTab = acuConf.getPath(Property.GENERAL_KERBEROS_KEYTAB); - if (keyTab == null || keyTab.length() == 0) - return; - - usingKerberos = true; - - String principalConfig = acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL); - if (principalConfig == null || principalConfig.length() == 0) - return; - - if (login(principalConfig, keyTab)) { - try { - // This spawns a thread to periodically renew the logged in (accumulo) user - UserGroupInformation.getLoginUser(); - return; - } catch (IOException io) { - log.error("Error starting up renewal thread. This shouldn't be happenining.", io); - } - } - - throw new RuntimeException("Failed to perform Kerberos login for " + principalConfig + " using " + keyTab); - } - - /** - * This will log in the given user in kerberos. - * - * @param principalConfig - * This is the principals name in the format NAME/HOST@REALM. {@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will automatically be - * replaced by the systems host name. - * @return true if login succeeded, otherwise false - */ - public static boolean login(String principalConfig, String keyTabPath) { - try { - String principalName = org.apache.hadoop.security.SecurityUtil.getServerPrincipal(principalConfig, InetAddress.getLocalHost().getCanonicalHostName()); - if (keyTabPath != null && principalName != null && keyTabPath.length() != 0 && principalName.length() != 0) { - UserGroupInformation.loginUserFromKeytab(principalName, keyTabPath); - log.info("Succesfully logged in as user " + principalConfig); - return true; - } - } catch (IOException io) { - log.error("Error logging in user " + principalConfig + " using keytab at " + keyTabPath, io); - } - return false; - } -}