| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.hadoop.security; |
| |
| import java.io.IOException; |
| import java.security.AccessController; |
| import java.security.Principal; |
| import java.util.Set; |
| |
| import javax.security.auth.Subject; |
| import javax.security.auth.login.LoginException; |
| |
| import org.apache.commons.logging.Log; |
| import org.apache.commons.logging.LogFactory; |
| import org.apache.hadoop.conf.Configuration; |
| import org.apache.hadoop.io.Writable; |
| |
| /** A {@link Writable} abstract class for storing user and groups information. |
| */ |
| public abstract class UserGroupInformation implements Writable, Principal { |
| public static final Log LOG = LogFactory.getLog(UserGroupInformation.class); |
| private static UserGroupInformation LOGIN_UGI = null; |
| |
| private static final ThreadLocal<Subject> currentUser = |
| new ThreadLocal<Subject>(); |
| |
| /** @return the {@link UserGroupInformation} for the current thread */ |
| public static UserGroupInformation getCurrentUGI() { |
| Subject user = getCurrentUser(); |
| |
| if (user == null) { |
| user = currentUser.get(); |
| if (user == null) { |
| return null; |
| } |
| } |
| |
| Set<UserGroupInformation> ugiPrincipals = |
| user.getPrincipals(UserGroupInformation.class); |
| |
| UserGroupInformation ugi = null; |
| if (ugiPrincipals != null && ugiPrincipals.size() == 1) { |
| ugi = ugiPrincipals.iterator().next(); |
| if (ugi == null) { |
| throw new RuntimeException("Cannot find _current user_ UGI in the Subject!"); |
| } |
| } else { |
| throw new RuntimeException("Cannot resolve current user from subject, " + |
| "which had " + ugiPrincipals.size() + |
| " UGI principals!"); |
| } |
| return ugi; |
| } |
| |
| /** |
| * Set the {@link UserGroupInformation} for the current thread |
| * @deprecated Use {@link #setCurrentUser(UserGroupInformation)} |
| */ |
| @Deprecated |
| public static void setCurrentUGI(UserGroupInformation ugi) { |
| setCurrentUser(ugi); |
| } |
| |
| /** |
| * Return the current user <code>Subject</code>. |
| * @return the current user <code>Subject</code> |
| */ |
| static Subject getCurrentUser() { |
| return Subject.getSubject(AccessController.getContext()); |
| } |
| |
| /** |
| * Set the {@link UserGroupInformation} for the current thread |
| * WARNING - This method should be used only in test cases and other exceptional |
| * cases! |
| * @param ugi {@link UserGroupInformation} for the current thread |
| */ |
| public static void setCurrentUser(UserGroupInformation ugi) { |
| Subject user = SecurityUtil.getSubject(ugi); |
| currentUser.set(user); |
| } |
| |
| /** Get username |
| * |
| * @return the user's name |
| */ |
| public abstract String getUserName(); |
| |
| /** Get the name of the groups that the user belong to |
| * |
| * @return an array of group names |
| */ |
| public abstract String[] getGroupNames(); |
| |
| /** Login and return a UserGroupInformation object. */ |
| public static UserGroupInformation login(Configuration conf |
| ) throws LoginException { |
| if (LOGIN_UGI == null) { |
| LOGIN_UGI = UnixUserGroupInformation.login(conf); |
| } |
| return LOGIN_UGI; |
| } |
| |
| /** Read a {@link UserGroupInformation} from conf */ |
| public static UserGroupInformation readFrom(Configuration conf |
| ) throws IOException { |
| try { |
| return UnixUserGroupInformation.readFromConf(conf, |
| UnixUserGroupInformation.UGI_PROPERTY_NAME); |
| } catch (LoginException e) { |
| throw (IOException)new IOException().initCause(e); |
| } |
| } |
| } |