Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Accumulo >> mail # dev >> Re: svn commit: r1438563 - /accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java


Copy link to this message
-
Re: svn commit: r1438563 - /accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
Ooops, missed that one. Thanks Eric.
On Fri, Jan 25, 2013 at 10:52 AM, <[EMAIL PROTECTED]> wrote:

> Author: ecn
> Date: Fri Jan 25 15:52:16 2013
> New Revision: 1438563
>
> URL: http://svn.apache.org/viewvc?rev=1438563&view=rev
> Log:
> ACCUMULO-259: move missing file from branch into trunk
>
> Added:
>
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
>   (with props)
>
> Added:
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
> URL:
> http://svn.apache.org/viewvc/accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java?rev=1438563&view=auto
>
> =============================================================================> ---
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
> (added)
> +++
> accumulo/trunk/core/src/main/java/org/apache/accumulo/core/security/SecurityUtil.java
> Fri Jan 25 15:52:16 2013
> @@ -0,0 +1,85 @@
> +/**
> + * Licensed to the Apache Software Foundation (ASF) under one or more
> + * contributor license agreements.  See the NOTICE file distributed with
> + * this work for additional information regarding copyright ownership.
> + * The ASF licenses this file to You under the Apache License, Version 2.0
> + * (the "License"); you may not use this file except in compliance with
> + * the License.  You may obtain a copy of the License at
> + *
> + *     http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.accumulo.core.security;
> +
> +import java.io.IOException;
> +import java.net.InetAddress;
> +
> +import org.apache.accumulo.core.conf.AccumuloConfiguration;
> +import org.apache.accumulo.core.conf.Property;
> +import org.apache.hadoop.security.UserGroupInformation;
> +import org.apache.log4j.Logger;
> +
> +/**
> + *
> + */
> +public class SecurityUtil {
> +  private static final Logger log = Logger.getLogger(SecurityUtil.class);
> +  public static boolean usingKerberos = false;
> +  /**
> +   * This method is for logging a server in kerberos. If this is used in
> client code, it will fail unless run as the accumulo keytab's owner.
> Instead, use
> +   * {@link #login(String, String)}
> +   */
> +  public static void serverLogin() {
> +    @SuppressWarnings("deprecation")
> +    AccumuloConfiguration acuConf > AccumuloConfiguration.getSiteConfiguration();
> +    String keyTab = acuConf.get(Property.GENERAL_KERBEROS_KEYTAB);
> +    System.out.println("Using keytab " + keyTab);
> +    if (keyTab == null || keyTab.length() == 0)
> +      return;
> +
> +    usingKerberos = true;
> +    if (keyTab.contains("$ACCUMULO_HOME") &&
> System.getenv("ACCUMULO_HOME") != null)
> +      keyTab = keyTab.replace("$ACCUMULO_HOME",
> System.getenv("ACCUMULO_HOME"));
> +
> +    String principalConfig > acuConf.get(Property.GENERAL_KERBEROS_PRINCIPAL);
> +    if (principalConfig == null || principalConfig.length() == 0)
> +      return;
> +
> +    if (login(principalConfig, keyTab)) {
> +      try {
> +        // This spawns a thread to periodically renew the logged in
> (accumulo) user
> +        UserGroupInformation.getLoginUser();
> +      } catch (IOException io) {
> +        log.error("Error starting up renewal thread. This shouldn't be
> happenining.", io);
> +      }
> +    }
> +  }
> +
> +  /**
> +   * This will log in the given user in kerberos.
> +   *
> +   * @param principalConfig
> +   *          This is the principals name in the format NAME/HOST@REALM.{@link org.apache.hadoop.security.SecurityUtil#HOSTNAME_PATTERN} will
> automatically be
> +   *          replaced by the systems host name.
> +   * @param keyTabPath
Cheers
~John