org.apache.hadoop.hdfs.server.datanode.web.webhdfs.DataNodeUGIProvider.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.apache.hadoop.hdfs.server.datanode.web.webhdfs.DataNodeUGIProvider.java

Introduction

Here is the source code for org.apache.hadoop.hdfs.server.datanode.web.webhdfs.DataNodeUGIProvider.java

Source

/**
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License. See accompanying LICENSE file.
 */
package org.apache.hadoop.hdfs.server.datanode.web.webhdfs;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
import org.apache.hadoop.hdfs.server.common.JspHelper;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;

/**
 * Create UGI from the request for the WebHDFS requests for the DNs. Note that
 * the DN does not authenticate the UGI -- the NN will authenticate them in
 * subsequent operations.
 */
public class DataNodeUGIProvider {
    private final ParameterParser params;
    @VisibleForTesting
    static Cache<String, UserGroupInformation> ugiCache;
    public static final Log LOG = LogFactory.getLog(Client.class);

    DataNodeUGIProvider(ParameterParser params) {
        this.params = params;
    }

    public static synchronized void init(Configuration conf) {
        if (ugiCache == null) {
            ugiCache = CacheBuilder.newBuilder()
                    .expireAfterAccess(
                            conf.getInt(DFSConfigKeys.DFS_WEBHDFS_UGI_EXPIRE_AFTER_ACCESS_KEY,
                                    DFSConfigKeys.DFS_WEBHDFS_UGI_EXPIRE_AFTER_ACCESS_DEFAULT),
                            TimeUnit.MILLISECONDS)
                    .build();
        }
    }

    @VisibleForTesting
    void clearCache() throws IOException {
        if (UserGroupInformation.isSecurityEnabled()) {
            params.delegationToken().decodeIdentifier().clearCache();
        }
    }

    UserGroupInformation ugi() throws IOException {
        UserGroupInformation ugi;

        try {
            if (UserGroupInformation.isSecurityEnabled()) {
                final Token<DelegationTokenIdentifier> token = params.delegationToken();

                ugi = ugiCache.get(buildTokenCacheKey(token), new Callable<UserGroupInformation>() {
                    @Override
                    public UserGroupInformation call() throws Exception {
                        return tokenUGI(token);
                    }
                });
            } else {
                final String usernameFromQuery = params.userName();
                final String doAsUserFromQuery = params.doAsUser();
                final String remoteUser = usernameFromQuery == null ? JspHelper.getDefaultWebUserName(params.conf()) // not specified in request
                        : usernameFromQuery;

                ugi = ugiCache.get(buildNonTokenCacheKey(doAsUserFromQuery, remoteUser),
                        new Callable<UserGroupInformation>() {
                            @Override
                            public UserGroupInformation call() throws Exception {
                                return nonTokenUGI(usernameFromQuery, doAsUserFromQuery, remoteUser);
                            }
                        });
            }
        } catch (ExecutionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof IOException) {
                throw (IOException) cause;
            } else {
                throw new IOException(cause);
            }
        }

        return ugi;
    }

    private String buildTokenCacheKey(Token<DelegationTokenIdentifier> token) {
        return token.buildCacheKey();
    }

    private UserGroupInformation tokenUGI(Token<DelegationTokenIdentifier> token) throws IOException {
        ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
        DataInputStream in = new DataInputStream(buf);
        DelegationTokenIdentifier id = new DelegationTokenIdentifier();
        id.readFields(in);
        UserGroupInformation ugi = id.getUser();
        ugi.addToken(token);
        return ugi;
    }

    private String buildNonTokenCacheKey(String doAsUserFromQuery, String remoteUser) throws IOException {
        String key = doAsUserFromQuery == null ? String.format("{%s}", remoteUser)
                : String.format("{%s}:{%s}", remoteUser, doAsUserFromQuery);
        return key;
    }

    private UserGroupInformation nonTokenUGI(String usernameFromQuery, String doAsUserFromQuery, String remoteUser)
            throws IOException {

        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(remoteUser);
        JspHelper.checkUsername(ugi.getShortUserName(), usernameFromQuery);
        if (doAsUserFromQuery != null) {
            // create and attempt to authorize a proxy user
            ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi);
        }
        return ugi;
    }
}