hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-10342) Extend UserGroupInformation to return a UGI given a preauthenticated kerberos Subject
Date Thu, 13 Feb 2014 01:14:19 GMT
Larry McCay created HADOOP-10342:
------------------------------------

             Summary: Extend UserGroupInformation to return a UGI given a preauthenticated
kerberos Subject
                 Key: HADOOP-10342
                 URL: https://issues.apache.org/jira/browse/HADOOP-10342
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Larry McCay
            Assignee: Larry McCay


We need the ability to use a Subject that was created inside an embedding application through
a kerberos authentication. For example, an application that uses JAAS to authenticate to a
KDC should be able to provide the resulting Subject and get a UGI instance to call doAs on.

Example: 
{code}
        UserGroupInformation.setConfiguration(conf);

		LoginContext context = new LoginContext("com.sun.security.jgss.login", new UserNamePasswordCallbackHandler(userName,
password));
		context.login();
		
		Subject subject = context.getSubject();

	    final UserGroupInformation ugi2 = UserGroupInformation.getUGIFromSubject(subject);

        ugi2.doAs(new PrivilegedExceptionAction<Object>() {
            @Override
            public Object run() throws Exception {
                final FileSystem fs = FileSystem.get(conf);
                int i=0;

                for (FileStatus status : fs.listStatus(new Path("/user"))) {
                    System.out.println(status.getPath());
                    System.out.println(status);
                    if (i++ > 10) {
                        System.out.println("only first 10 showed...");
                        break;
                    }
                }
                return null;
            }
        });
{code}




--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message