/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security;
import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.*;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Writable;
/** A {@link Writable} abstract class for storing user and groups information.
*/
public abstract class UserGroupInformation implements Writable, Principal {
public static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
private static UserGroupInformation LOGIN_UGI = null;
private static final String UGI_SOURCE = "fs.security.ugi.getFromConf";
private static final ThreadLocal<Subject> currentUser =
new ThreadLocal<Subject>();
/** @return the {@link UserGroupInformation} for the current thread */
public static UserGroupInformation getCurrentUGI() {
Subject user = getCurrentUser();
if (user == null) {
user = currentUser.get();
if (user == null) {
return null;
}
}
Set<UserGroupInformation> ugiPrincipals =
user.getPrincipals(UserGroupInformation.class);
UserGroupInformation ugi = null;
if (ugiPrincipals != null && ugiPrincipals.size() == 1) {
ugi = ugiPrincipals.iterator().next();
if (ugi == null) {
throw new RuntimeException("Cannot find _current user_ UGI in the Subject!");
}
} else {
throw new RuntimeException("Cannot resolve current user from subject, " +
"which had " + ugiPrincipals.size() +
" UGI principals!");
}
return ugi;
}
/**
* Set the {@link UserGroupInformation} for the current thread
* @deprecated Use {@link #setCurrentUser(UserGroupInformation)}
*/
@Deprecated
public static void setCurrentUGI(UserGroupInformation ugi) {
setCurrentUser(ugi);
}
/**
* Return the current user <code>Subject</code>.
* @return the current user <code>Subject</code>
*/
static Subject getCurrentUser() {
return Subject.getSubject(AccessController.getContext());
}
/**
* Set the {@link UserGroupInformation} for the current thread
* WARNING - This method should be used only in test cases and other exceptional
* cases!
* @param ugi {@link UserGroupInformation} for the current thread
*/
public static void setCurrentUser(UserGroupInformation ugi) {
Subject user = SecurityUtil.getSubject(ugi);
currentUser.set(user);
}
/** Get username
*
* @return the user's name
*/
public abstract String getUserName();
/** Get the name of the groups that the user belong to
*
* @return an array of group names
*/
public abstract String[] getGroupNames();
/** Login and return a UserGroupInformation object. */
public static UserGroupInformation login(Configuration conf
) throws LoginException {
if (LOGIN_UGI == null) {
LOGIN_UGI = UnixUserGroupInformation.login(conf);
}
return LOGIN_UGI;
}
/** Read a {@link UserGroupInformation} from conf */
public static UserGroupInformation readFrom(Configuration conf
) throws IOException {
try {
return UnixUserGroupInformation.readFromConf(conf,
UnixUserGroupInformation.UGI_PROPERTY_NAME);
} catch (LoginException e) {
throw (IOException)new IOException().initCause(e);
}
}
/** get the current user id */
public static UserGroupInformation getUGI(Configuration conf)
throws LoginException {
UserGroupInformation ugi = null;
if (conf.getBoolean(UGI_SOURCE, true)) {
// get the ugi from configuration
ugi = UnixUserGroupInformation.readFromConf(conf,
UnixUserGroupInformation.UGI_PROPERTY_NAME);
} else {
// get the ugi from Subject
ugi = UserGroupInformation.getCurrentUGI();
}
// get the ugi from unix
if (ugi == null) {
ugi = UnixUserGroupInformation.login();
UnixUserGroupInformation.saveToConf(conf,
UnixUserGroupInformation.UGI_PROPERTY_NAME,
(UnixUserGroupInformation)ugi);
}
return ugi;
}
/**
* Run the given action as the user.
* @param <T> the return type of the run method
* @param action the method to execute
* @return the value from the run method
*/
public <T> T doAs(PrivilegedAction<T> action) {
return Subject.doAs(null, action);
}
/**
* Run the given action as the user, potentially throwing an exception.
* @param <T> the return type of the run method
* @param action the method to execute
* @return the value from the run method
* @throws IOException if the action throws an IOException
* @throws Error if the action throws an Error
* @throws RuntimeException if the action throws a RuntimeException
* @throws InterruptedException if the action throws an InterruptedException
* @throws java.lang.reflect.UndeclaredThrowableException if the action throws something else
*/
public <T> T doAs(PrivilegedExceptionAction<T> action
) throws IOException, InterruptedException {
try {
return Subject.doAs(null, action);
} catch (PrivilegedActionException pae) {
Throwable cause = pae.getCause();
LOG.error("PriviledgedActionException as:"+this+" cause:"+cause);
if (cause instanceof IOException) {
throw (IOException) cause;
} else if (cause instanceof Error) {
throw (Error) cause;
} else if (cause instanceof RuntimeException) {
throw (RuntimeException) cause;
} else if (cause instanceof InterruptedException) {
throw (InterruptedException) cause;
} else {
throw new UndeclaredThrowableException(pae,"Unknown exception in doAs");
}
}
}
}