Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo >> mail # dev >> Re: svn commit: r1438563 - /accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java


Copy link to this message
-
Re: svn commit: r1438563 - /accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
Ooops, missed that one. Thanks Eric.
On Fri, Jan 25, 2013 at 10:52 AM, <[EMAIL PROTECTED]> wrote:

> Author: ecn
> Date: Fri Jan 25 15:52:16 2013
> New Revision: 1438563
>
> URL: http://svn.apache.org/viewvc?rev=1438563&view=rev
> Log:
> ACCUMULO-259: move missing file from branch into trunk
>
> Added:
>
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
>   (with props)
>
> Added:
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
> URL:
> http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java?rev=1438563&view=auto
>
> =============================================================================> ---
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
> (added)
> +++
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
> Fri Jan 25 15:52:16 2013
> @@ -0,0 +1,85 @@
> +/**
> + * Licensed to the Apache Software Foundation (ASF) under one or more
> + * contributor license agreements.  See the NOTICE file distributed with
> + * this work for additional information regarding copyright ownership.
> + * The ASF licenses this file to You under the Apache License, Version 2.0
> + * (the "License"); you may not use this file except in compliance with
> + * the License.  You may obtain a copy of the License at
> + *
> + *     http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.accumulo.core.security;
> +
> +import java.io.IOException;
> +import java.net.InetAddress;
> +
> +import org.apache.accumulo.core.conf.AccumuloConfiguration;
> +import org.apache.accumulo.core.conf.Property;
> +import org.apache.hadoop.security.UserGroupInformation;
> +import org.apache.log4j.Logger;
> +
> +/**
> + *
> + */
> +public class SecurityUtil {
> +  private static final Logger log = Logger.getLogger(SecurityUtil.class);
> +  public static boolean usingKerberos = false;
> +  /**
> +   * This method is for logging a server in kerberos. If this is used in
> client code, it will fail unless run as the accumulo keytab's owner.
> Instead, use
> +   * {@link #login(String, String)}
> +   */
> +  public static void serverLogin() {
> +    @SuppressWarnings("deprecation")
> +    AccumuloConfiguration acuConf > AccumuloConfiguration.getSiteConfiguration();
> +    String keyTab = acuConf.get(Property.GENERAL_KERBEROS_KEYTAB);
> +    System.out.println("Using keytab " + keyTab);
> +    if (keyTab == null || keyTab.length() == 0)
> +      return;
> +
> +    usingKerberos = true;
> +    if (keyTab.contains("$ACCUMULO_HOME") &&
> System.getenv("ACCUMULO_HOME") != null)
> +      keyTab = keyTab.replace("$ACCUMULO_HOME",
> System.getenv("ACCUMULO_HOME"));
> +
> +    String principalConfig > acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
> +    if (principalConfig == null || principalConfig.length() == 0)
> +      return;
> +
> +    if (login(principalConfig, keyTab)) {
> +      try {
> +        // This spawns a thread to periodically renew the logged in
> (accumulo) user
> +        UserGroupInformation.getLoginUser();
> +      } catch (IOException io) {
> +        log.error("Error starting up renewal thread. This shouldn't be
> happenining.", io);
> +      }
> +    }
> +  }
> +
> +  /**
> +   * This will log in the given user in kerberos.
> +   *
> +   * @param principalConfig
> +   *          This is the principals name in the format NAME/HOST@REALM.{@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will
> automatically be
> +   *          replaced by the systems host name.
> +   * @param keyTabPath
Cheers
~John
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB