本文整理了Java中org.apache.hadoop.security.authentication.util.KerberosName.getShortName()
方法的一些代码示例,展示了KerberosName.getShortName()
的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。KerberosName.getShortName()
方法的具体详情如下:
包路径:org.apache.hadoop.security.authentication.util.KerberosName
类名称:KerberosName
方法名:getShortName
[英]Get the translation of the principal name into an operating system user name.
[中]获取主体名称到操作系统用户名的翻译。
代码示例来源:origin: apache/hive
@Override
public String getShortName() throws IOException {
return kerberosName.getShortName();
}
}
代码示例来源:origin: org.apache.hadoop/hadoop-common
/**
* Verify whether auth_to_local rules transform a principal name
* <p>
* Having a local user name "bar@foo.com" may be harmless, so it is noted at
* info. However if what was intended is a transformation to "bar"
* it can be difficult to debug, hence this check.
*/
protected void validateShortName() {
failif(principal == null, CAT_KERBEROS, "No principal defined");
try {
KerberosName kn = new KerberosName(principal);
String result = kn.getShortName();
if (nonSimplePattern.matcher(result).find()) {
warn(CAT_KERBEROS, principal + " short name: " + result +
" still contains @ or /");
}
} catch (IOException e) {
throw new KerberosDiagsFailure(CAT_KERBEROS, e,
"Failed to get short name for " + principal, e);
} catch (IllegalArgumentException e) {
error(CAT_KERBEROS, "KerberosName(" + principal + ") failed: %s\n%s",
e, StringUtils.stringifyException(e));
}
}
代码示例来源:origin: apache/incubator-druid
String clientPrincipal = gssContext.getSrcName().toString();
KerberosName kerberosName = new KerberosName(clientPrincipal);
String userName = kerberosName.getShortName();
token = new AuthenticationToken(userName, clientPrincipal, getType());
response.setStatus(HttpServletResponse.SC_OK);
代码示例来源:origin: org.apache.hadoop/hadoop-hdfs
/**
* Expected user name should be a short name.
*/
public static void checkUsername(final String expected, final String name
) throws IOException {
if (expected == null && name != null) {
throw new IOException("Usernames not matched: expecting null but name="
+ name);
}
if (name == null) { //name is optional, null is okay
return;
}
KerberosName u = new KerberosName(name);
String shortName = u.getShortName();
if (!shortName.equals(expected)) {
throw new IOException("Usernames not matched: name=" + shortName
+ " != expected=" + expected);
}
}
代码示例来源:origin: org.apache.hive.shims/hive-shims-0.23
@Override
public String getShortName() throws IOException {
return kerberosName.getShortName();
}
}
代码示例来源:origin: com.facebook.presto.hive/hive-apache
@Override
public String getShortName() throws IOException {
return kerberosName.getShortName();
}
}
代码示例来源:origin: com.github.hyukjinkwon.shims/hive-shims-0.23
@Override
public String getShortName() throws IOException {
return kerberosName.getShortName();
}
}
代码示例来源:origin: org.spark-project.hive.shims/hive-shims-0.23
@Override
public String getShortName() throws IOException {
return kerberosName.getShortName();
}
}
代码示例来源:origin: ch.cern.hadoop/hadoop-hdfs
/**
* Expected user name should be a short name.
*/
public static void checkUsername(final String expected, final String name
) throws IOException {
if (expected == null && name != null) {
throw new IOException("Usernames not matched: expecting null but name="
+ name);
}
if (name == null) { //name is optional, null is okay
return;
}
KerberosName u = new KerberosName(name);
String shortName = u.getShortName();
if (!shortName.equals(expected)) {
throw new IOException("Usernames not matched: name=" + shortName
+ " != expected=" + expected);
}
}
代码示例来源:origin: io.prestosql.hadoop/hadoop-apache
/**
* Expected user name should be a short name.
*/
public static void checkUsername(final String expected, final String name
) throws IOException {
if (expected == null && name != null) {
throw new IOException("Usernames not matched: expecting null but name="
+ name);
}
if (name == null) { //name is optional, null is okay
return;
}
KerberosName u = new KerberosName(name);
String shortName = u.getShortName();
if (!shortName.equals(expected)) {
throw new IOException("Usernames not matched: name=" + shortName
+ " != expected=" + expected);
}
}
代码示例来源:origin: cdapio/cdap
/**
* @param principal The principal whose KeytabURI is being looked up
* @param cConf To lookup the configured path for the keytabs
* @return The location of the keytab
* @throws IOException If the principal is not a valid kerberos principal
*/
static String getKeytabURIforPrincipal(String principal, CConfiguration cConf) throws IOException {
String confPath = cConf.getRaw(Constants.Security.KEYTAB_PATH);
Preconditions.checkNotNull(confPath, String.format("Failed to get a valid keytab path. " +
"Please ensure that you have specified %s in cdap-site.xml",
Constants.Security.KEYTAB_PATH));
String name = new KerberosName(principal).getShortName();
return confPath.replace(Constants.USER_NAME_SPECIFIER, name);
}
代码示例来源:origin: cdapio/cdap
@Inject
@VisibleForTesting
public DefaultImpersonator(CConfiguration cConf, UGIProvider ugiProvider) {
this.ugiProvider = ugiProvider;
this.kerberosEnabled = SecurityUtil.isKerberosEnabled(cConf);
// on kerberos disabled cluster the master principal will be null
String masterPrincipal = SecurityUtil.getMasterPrincipal(cConf);
try {
masterShortUsername = masterPrincipal == null ? null : new KerberosName(masterPrincipal).getShortName();
} catch (IOException e) {
Throwables.propagate(e);
}
}
代码示例来源:origin: cdapio/cdap
/**
* Get the effective master user, if it is specified in the {@link CConfiguration}, use it. Otherwise, use the
* current login user. If security is not enabled, null is returned.
*/
@Nullable
public static String getEffectiveMasterUser(CConfiguration cConf) {
String masterPrincipal = cConf.get(Constants.Security.CFG_CDAP_MASTER_KRB_PRINCIPAL);
try {
if (isSecurityAuthorizationEnabled(cConf)) {
masterPrincipal = masterPrincipal == null ? UserGroupInformation.getLoginUser().getShortUserName() :
new KerberosName(masterPrincipal).getShortName();
} else {
masterPrincipal = null;
}
} catch (IOException e) {
throw new RuntimeException(String.format("Failed to translate the principal name %s to an operating system " +
"user name.", masterPrincipal), e);
}
return masterPrincipal;
}
}
代码示例来源:origin: io.hops/hadoop-auth
private void checkTranslation(String from, String to) throws Exception {
System.out.println("Translate " + from);
KerberosName nm = new KerberosName(from);
String simple = nm.getShortName();
System.out.println("to " + simple);
Assert.assertEquals("short name incorrect", to, simple);
}
代码示例来源:origin: hopshadoop/hops
private void checkTranslation(String from, String to) throws Exception {
System.out.println("Translate " + from);
KerberosName nm = new KerberosName(from);
String simple = nm.getShortName();
System.out.println("to " + simple);
Assert.assertEquals("short name incorrect", to, simple);
}
代码示例来源:origin: apache/hadoop-common
private void checkTranslation(String from, String to) throws Exception {
System.out.println("Translate " + from);
KerberosName nm = new KerberosName(from);
String simple = nm.getShortName();
System.out.println("to " + simple);
Assert.assertEquals("short name incorrect", to, simple);
}
代码示例来源:origin: apache/hadoop-common
private void checkBadTranslation(String from) {
System.out.println("Checking bad translation for " + from);
KerberosName nm = new KerberosName(from);
try {
nm.getShortName();
Assert.fail("didn't get exception for " + from);
} catch (IOException ie) {
// PASS
}
}
代码示例来源:origin: cdapio/cdap
/**
* Helper function to get the authorizing user for app deployment, the authorzing user will be the app owner if it
* is present. If not, it will be the namespace owner. If that is also not present, it will be the user who is making
* the request
*/
public static String getAppAuthorizingUser(OwnerAdmin ownerAdmin, AuthenticationContext authenticationContext,
ApplicationId applicationId,
@Nullable KerberosPrincipalId appOwner) throws IOException {
KerberosPrincipalId effectiveOwner =
SecurityUtil.getEffectiveOwner(ownerAdmin, applicationId.getNamespaceId(),
appOwner == null ? null : appOwner.getPrincipal());
// CDAP-13154 If impersonation is configured for either the application or namespace the effective owner will be
// a kerberos principal which can have different form
// (refer: https://docs.oracle.com/cd/E21455_01/common/tutorials/kerberos_principal.html). For example it can be
// a complete principal name (alice/somehost.net@someREALM). For authorization we need the enforcement to happen
// on the username and not the complete principal. The user name is the shortname of the principal so return the
// shortname as authorizing user.
String appAuthorizingUser = effectiveOwner != null ?
new KerberosName(effectiveOwner.getPrincipal()).getShortName() : authenticationContext.getPrincipal().getName();
LOG.trace("Returning {} as authorizing app user for {}", appAuthorizingUser, applicationId);
return appAuthorizingUser;
}
代码示例来源:origin: io.hops/hadoop-auth
@Test(timeout=60000)
public void testNameRules() throws Exception {
KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
//destroy handler created in setUp()
handler.destroy();
KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT");
handler = getNewAuthenticationHandler();
Properties props = getDefaultProperties();
props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
try {
handler.init(props);
} catch (Exception ex) {
}
kn = new KerberosName("bar@BAR");
Assert.assertEquals("bar", kn.getShortName());
kn = new KerberosName("bar@FOO");
Assert.assertEquals("bar@FOO", kn.getShortName());
}
代码示例来源:origin: hopshadoop/hops
@Test(timeout=60000)
public void testNameRules() throws Exception {
KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
//destroy handler created in setUp()
handler.destroy();
KerberosName.setRules("RULE:[1:$1@$0](.*@FOO)s/@.*//\nDEFAULT");
handler = getNewAuthenticationHandler();
Properties props = getDefaultProperties();
props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
try {
handler.init(props);
} catch (Exception ex) {
}
kn = new KerberosName("bar@BAR");
Assert.assertEquals("bar", kn.getShortName());
kn = new KerberosName("bar@FOO");
Assert.assertEquals("bar@FOO", kn.getShortName());
}
内容来源于网络,如有侵权,请联系作者删除!