sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/transport/UserGroupInformationInitializer.java - sentry - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  * <p>
  * http://www.apache.org/licenses/LICENSE-2.0
  * <p>
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.sentry.core.common.transport;

 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;

 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
 import static org.apache.sentry.core.common.utils.SentryConstants.KERBEROS_MODE;

 /**
  * Wrapper to initialize UserGroupInformation
  */

 public class UserGroupInformationInitializer {

   // initialize() method could be called my multiple threads.
   // to attain visibility guarantee on isInitialized, it is declared volatile.
   private static volatile boolean isInitialized = false;

   // initialization block may be executed multiple times. This is fine as setConfiguration is
   // thread-safe
   public static void initialize(Configuration conf) {
     if(!isInitialized) {
       Configuration newConf = new Configuration(conf);
       // When kerberos is enabled,  UserGroupInformation should have been initialized with
       // HADOOP_SECURITY_AUTHENTICATION property. There are instances where this is not done.
       // Example: Solr and Kafka while using sentry generic clients were not updating this
       // property. Instead of depending on the callers to update this configuration and to be
       // sure that UserGroupInformation is properly initialized, sentry client is explicitly
       // doing it,
       newConf.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS_MODE);
       UserGroupInformation.setConfiguration(newConf);
       isInitialized = true;
     }
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	* <p>
	* http://www.apache.org/licenses/LICENSE-2.0
	* <p>
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.sentry.core.common.transport;

	import org.apache.hadoop.conf.Configuration;
	import org.apache.hadoop.security.UserGroupInformation;

	import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
	import static org.apache.sentry.core.common.utils.SentryConstants.KERBEROS_MODE;

	/**
	* Wrapper to initialize UserGroupInformation
	*/

	public class UserGroupInformationInitializer {

	// initialize() method could be called my multiple threads.
	// to attain visibility guarantee on isInitialized, it is declared volatile.
	private static volatile boolean isInitialized = false;

	// initialization block may be executed multiple times. This is fine as setConfiguration is
	// thread-safe
	public static void initialize(Configuration conf) {
	if(!isInitialized) {
	Configuration newConf = new Configuration(conf);
	// When kerberos is enabled, UserGroupInformation should have been initialized with
	// HADOOP_SECURITY_AUTHENTICATION property. There are instances where this is not done.
	// Example: Solr and Kafka while using sentry generic clients were not updating this
	// property. Instead of depending on the callers to update this configuration and to be
	// sure that UserGroupInformation is properly initialized, sentry client is explicitly
	// doing it,
	newConf.set(HADOOP_SECURITY_AUTHENTICATION, KERBEROS_MODE);
	UserGroupInformation.setConfiguration(newConf);
	isInitialized = true;
	}
	}
	}