Repository: accumulo Updated Branches: refs/heads/master 700cc0ccd -> ef6042fc5
ACCUMULO-3452 Move UGIAssumingProccessor from thrift into rpc package Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/0a799e3b Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/0a799e3b Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/0a799e3b Branch: refs/heads/master Commit: 0a799e3b7dc913007a2486adeabaf0b0978b6b4f Parents: 700cc0c Author: Josh Elser <els...@apache.org> Authored: Tue Jan 20 12:22:32 2015 -0500 Committer: Josh Elser <els...@apache.org> Committed: Wed Jan 21 18:24:24 2015 -0500 ---------------------------------------------------------------------- .../server/rpc/UGIAssumingProcessor.java | 90 ++++++++++++++++++++ .../server/thrift/UGIAssumingProcessor.java | 90 -------------------- 2 files changed, 90 insertions(+), 90 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/0a799e3b/server/base/src/main/java/org/apache/accumulo/server/rpc/UGIAssumingProcessor.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/rpc/UGIAssumingProcessor.java b/server/base/src/main/java/org/apache/accumulo/server/rpc/UGIAssumingProcessor.java new file mode 100644 index 0000000..d5787a3 --- /dev/null +++ b/server/base/src/main/java/org/apache/accumulo/server/rpc/UGIAssumingProcessor.java @@ -0,0 +1,90 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.accumulo.server.rpc; + +import java.io.IOException; + +import javax.security.sasl.SaslServer; + +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.thrift.TException; +import org.apache.thrift.TProcessor; +import org.apache.thrift.protocol.TProtocol; +import org.apache.thrift.transport.TSaslServerTransport; +import org.apache.thrift.transport.TTransport; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Processor that pulls the SaslServer object out of the transport, and assumes the remote user's UGI before calling through to the original processor. + * + * This is used on the server side to set the UGI for each specific call. + * + * Lifted from Apache Hive 0.14 + */ +public class UGIAssumingProcessor implements TProcessor { + private static final Logger log = LoggerFactory.getLogger(UGIAssumingProcessor.class); + + public static final ThreadLocal<String> principal = new ThreadLocal<String>(); + private final TProcessor wrapped; + private final UserGroupInformation loginUser; + + public UGIAssumingProcessor(TProcessor wrapped) { + this.wrapped = wrapped; + try { + this.loginUser = UserGroupInformation.getLoginUser(); + } catch (IOException e) { + log.error("Failed to obtain login user", e); + throw new RuntimeException("Failed to obtain login user", e); + } + } + + /** + * The principal of the user who authenticated over SASL. + */ + public static String currentPrincipal() { + return principal.get(); + } + + @Override + public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException { + TTransport trans = inProt.getTransport(); + if (!(trans instanceof TSaslServerTransport)) { + throw new TException("Unexpected non-SASL transport " + trans.getClass() + ": " + trans); + } + TSaslServerTransport saslTrans = (TSaslServerTransport) trans; + SaslServer saslServer = saslTrans.getSaslServer(); + String authId = saslServer.getAuthorizationID(); + String endUser = authId; + + log.trace("Received SASL RPC from {}", endUser); + + UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(endUser, loginUser); + final String remoteUser = clientUgi.getUserName(); + + try { + // Set the principal in the ThreadLocal for access to get authorizations + principal.set(remoteUser); + + return wrapped.process(inProt, outProt); + } finally { + // Unset the principal after we're done using it just to be sure that it's not incorrectly + // used in the same thread down the line. + principal.set(null); + } + } +} http://git-wip-us.apache.org/repos/asf/accumulo/blob/0a799e3b/server/base/src/main/java/org/apache/accumulo/server/thrift/UGIAssumingProcessor.java ---------------------------------------------------------------------- diff --git a/server/base/src/main/java/org/apache/accumulo/server/thrift/UGIAssumingProcessor.java b/server/base/src/main/java/org/apache/accumulo/server/thrift/UGIAssumingProcessor.java deleted file mode 100644 index 4e4f8ce..0000000 --- a/server/base/src/main/java/org/apache/accumulo/server/thrift/UGIAssumingProcessor.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.accumulo.server.thrift; - -import java.io.IOException; - -import javax.security.sasl.SaslServer; - -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.thrift.TException; -import org.apache.thrift.TProcessor; -import org.apache.thrift.protocol.TProtocol; -import org.apache.thrift.transport.TSaslServerTransport; -import org.apache.thrift.transport.TTransport; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Processor that pulls the SaslServer object out of the transport, and assumes the remote user's UGI before calling through to the original processor. - * - * This is used on the server side to set the UGI for each specific call. - * - * Lifted from Apache Hive 0.14 - */ -public class UGIAssumingProcessor implements TProcessor { - private static final Logger log = LoggerFactory.getLogger(UGIAssumingProcessor.class); - - public static final ThreadLocal<String> principal = new ThreadLocal<String>(); - private final TProcessor wrapped; - private final UserGroupInformation loginUser; - - public UGIAssumingProcessor(TProcessor wrapped) { - this.wrapped = wrapped; - try { - this.loginUser = UserGroupInformation.getLoginUser(); - } catch (IOException e) { - log.error("Failed to obtain login user", e); - throw new RuntimeException("Failed to obtain login user", e); - } - } - - /** - * The principal of the user who authenticated over SASL. - */ - public static String currentPrincipal() { - return principal.get(); - } - - @Override - public boolean process(final TProtocol inProt, final TProtocol outProt) throws TException { - TTransport trans = inProt.getTransport(); - if (!(trans instanceof TSaslServerTransport)) { - throw new TException("Unexpected non-SASL transport " + trans.getClass() + ": " + trans); - } - TSaslServerTransport saslTrans = (TSaslServerTransport) trans; - SaslServer saslServer = saslTrans.getSaslServer(); - String authId = saslServer.getAuthorizationID(); - String endUser = authId; - - log.trace("Received SASL RPC from {}", endUser); - - UserGroupInformation clientUgi = UserGroupInformation.createProxyUser(endUser, loginUser); - final String remoteUser = clientUgi.getUserName(); - - try { - // Set the principal in the ThreadLocal for access to get authorizations - principal.set(remoteUser); - - return wrapped.process(inProt, outProt); - } finally { - // Unset the principal after we're done using it just to be sure that it's not incorrectly - // used in the same thread down the line. - principal.set(null); - } - } -}
