@InterfaceAudience.Public @InterfaceStability.Stable public abstract class User extends Object
This class provides a common interface for interacting with user and group
information across changing APIs in different versions of Hadoop. It only
provides access to the common set of functionality in
org.apache.hadoop.security.UserGroupInformation
currently needed by
HBase, but can be extended as needs change.
Modifier and Type | Field and Description |
---|---|
static String |
HBASE_SECURITY_AUTHORIZATION_CONF_KEY |
static String |
HBASE_SECURITY_CONF_KEY |
protected UserGroupInformation |
ugi |
Constructor and Description |
---|
User() |
Modifier and Type | Method and Description |
---|---|
void |
addToken(<any> token)
Adds the given Token to the user's credentials.
|
static User |
create(UserGroupInformation ugi)
Wraps an underlying
UserGroupInformation instance. |
static User |
createUserForTesting(Configuration conf,
String name,
String[] groups)
Generates a new
User instance specifically for use in test code. |
boolean |
equals(Object o) |
static User |
getCurrent()
Returns the
User instance within current execution context. |
String[] |
getGroupNames()
Returns the list of groups of which this user is a member.
|
String |
getName()
Returns the full user name.
|
abstract String |
getShortName()
Returns the shortened version of the user name -- the portion that maps
to an operating system user name.
|
<any> |
getToken(String kind,
String service)
Returns the Token of the specified kind associated with this user,
or null if the Token is not present.
|
Collection<<any>> |
getTokens()
Returns all the tokens stored in the user's credentials.
|
UserGroupInformation |
getUGI() |
int |
hashCode() |
static boolean |
isHBaseSecurityEnabled(Configuration conf)
Returns whether or not secure authentication is enabled for HBase.
|
static boolean |
isSecurityEnabled()
Returns whether or not Kerberos authentication is configured for Hadoop.
|
static void |
login(Configuration conf,
String fileConfKey,
String principalConfKey,
String localhost)
Log in the current process using the given configuration keys for the
credential file and login principal.
|
abstract void |
obtainAuthTokenForJob(Configuration conf,
Job job)
Deprecated.
Use
TokenUtil.obtainAuthTokenForJob(Connection,User,Job)
instead. |
abstract void |
obtainAuthTokenForJob(JobConf job)
Deprecated.
Use
TokenUtil.obtainAuthTokenForJob(Connection,JobConf,User)
instead. |
abstract <T> T |
runAs(PrivilegedAction<T> action)
Executes the given action within the context of this user.
|
abstract <T> T |
runAs(PrivilegedExceptionAction<T> action)
Executes the given action within the context of this user.
|
static <T> T |
runAsLoginUser(PrivilegedExceptionAction<T> action)
Executes the given action as the login user
|
String |
toString() |
public static final String HBASE_SECURITY_CONF_KEY
public static final String HBASE_SECURITY_AUTHORIZATION_CONF_KEY
protected UserGroupInformation ugi
public UserGroupInformation getUGI()
public String getName()
public String[] getGroupNames()
public abstract String getShortName()
public abstract <T> T runAs(PrivilegedAction<T> action)
public abstract <T> T runAs(PrivilegedExceptionAction<T> action) throws IOException, InterruptedException
IOException
InterruptedException
@Deprecated public abstract void obtainAuthTokenForJob(Configuration conf, Job job) throws IOException, InterruptedException
TokenUtil.obtainAuthTokenForJob(Connection,User,Job)
instead.IOException
InterruptedException
@Deprecated public abstract void obtainAuthTokenForJob(JobConf job) throws IOException, InterruptedException
TokenUtil.obtainAuthTokenForJob(Connection,JobConf,User)
instead.IOException
InterruptedException
public <any> getToken(String kind, String service) throws IOException
kind
- the kind of tokenservice
- service on which the token is supposed to be usedIOException
public Collection<<any>> getTokens()
public void addToken(<any> token)
token
- the token to addpublic static User getCurrent() throws IOException
User
instance within current execution context.IOException
public static <T> T runAsLoginUser(PrivilegedExceptionAction<T> action) throws IOException
action
- IOException
InterruptedException
public static User create(UserGroupInformation ugi)
UserGroupInformation
instance.ugi
- The base Hadoop userpublic static User createUserForTesting(Configuration conf, String name, String[] groups)
User
instance specifically for use in test code.name
- the full usernamegroups
- the group names to which the test user will belongUser
instancepublic static void login(Configuration conf, String fileConfKey, String principalConfKey, String localhost) throws IOException
This is only applicable when running on secure Hadoop -- see org.apache.hadoop.security.SecurityUtil#login(Configuration,String,String,String). On regular Hadoop (without security features), this will safely be ignored.
conf
- The configuration data to usefileConfKey
- Property key used to configure path to the credential fileprincipalConfKey
- Property key used to configure login principallocalhost
- Current hostname to use in any credentialsIOException
- underlying exception from SecurityUtil.login() callpublic static boolean isSecurityEnabled()
false
.
For secure Hadoop, it will return the value from
UserGroupInformation.isSecurityEnabled()
.public static boolean isHBaseSecurityEnabled(Configuration conf)