- /**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package org.apache.hadoop.security;
- import java.io.IOException;
- import java.security.AccessController;
- import java.security.Principal;
- import java.util.Set;
- import javax.security.auth.Subject;
- import javax.security.auth.login.LoginException;
- import org.apache.commons.logging.Log;
- import org.apache.commons.logging.LogFactory;
- import org.apache.hadoop.conf.Configuration;
- import org.apache.hadoop.io.Writable;
- /** A {@link Writable} abstract class for storing user and groups information.
- */
- public abstract class UserGroupInformation implements Writable, Principal {
- public static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
- private static UserGroupInformation LOGIN_UGI = null;
- private static final ThreadLocal<Subject> currentUser =
- new ThreadLocal<Subject>();
- /** @return the {@link UserGroupInformation} for the current thread */
- public static UserGroupInformation getCurrentUGI() {
- Subject user = getCurrentUser();
- if (user == null) {
- user = currentUser.get();
- if (user == null) {
- return null;
- }
- }
- Set<UserGroupInformation> ugiPrincipals =
- user.getPrincipals(UserGroupInformation.class);
- UserGroupInformation ugi = null;
- if (ugiPrincipals != null && ugiPrincipals.size() == 1) {
- ugi = ugiPrincipals.iterator().next();
- if (ugi == null) {
- throw new RuntimeException("Cannot find _current user_ UGI in the Subject!");
- }
- } else {
- throw new RuntimeException("Cannot resolve current user from subject, " +
- "which had " + ugiPrincipals.size() +
- " UGI principals!");
- }
- return ugi;
- }
- /**
- * Set the {@link UserGroupInformation} for the current thread
- * @deprecated Use {@link #setCurrentUser(UserGroupInformation)}
- */
- @Deprecated
- public static void setCurrentUGI(UserGroupInformation ugi) {
- setCurrentUser(ugi);
- }
- /**
- * Return the current user <code>Subject</code>.
- * @return the current user <code>Subject</code>
- */
- static Subject getCurrentUser() {
- return Subject.getSubject(AccessController.getContext());
- }
- /**
- * Set the {@link UserGroupInformation} for the current thread
- * WARNING - This method should be used only in test cases and other exceptional
- * cases!
- * @param ugi {@link UserGroupInformation} for the current thread
- */
- public static void setCurrentUser(UserGroupInformation ugi) {
- Subject user = SecurityUtil.getSubject(ugi);
- currentUser.set(user);
- }
- /** Get username
- *
- * @return the user's name
- */
- public abstract String getUserName();
- /** Get the name of the groups that the user belong to
- *
- * @return an array of group names
- */
- public abstract String[] getGroupNames();
- /** Login and return a UserGroupInformation object. */
- public static UserGroupInformation login(Configuration conf
- ) throws LoginException {
- if (LOGIN_UGI == null) {
- LOGIN_UGI = UnixUserGroupInformation.login(conf);
- }
- return LOGIN_UGI;
- }
- /** Read a {@link UserGroupInformation} from conf */
- public static UserGroupInformation readFrom(Configuration conf
- ) throws IOException {
- try {
- return UnixUserGroupInformation.readFromConf(conf,
- UnixUserGroupInformation.UGI_PROPERTY_NAME);
- } catch (LoginException e) {
- throw (IOException)new IOException().initCause(e);
- }
- }
- }