All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.hadoop.security.SecurityUtil Maven / Gradle / Ivy

Go to download 

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.security;

import java.security.Policy;
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import java.util.TreeSet;

import javax.security.auth.Subject;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.authorize.ConfiguredPolicy;
import org.apache.hadoop.security.authorize.PolicyProvider;

public class SecurityUtil {

  private static final Log LOG = LogFactory.getLog(SecurityUtil.class);
  
  static {
    // Set an empty default policy
    setPolicy(new ConfiguredPolicy(new Configuration(), 
                                   PolicyProvider.DEFAULT_POLICY_PROVIDER));
  }
  
  /**
   * Set the global security policy for Hadoop.
   * 
   * @param policy {@link Policy} used for authorization.
   */
  public static void setPolicy(Policy policy) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Setting Hadoop security policy");
    }
    Policy.setPolicy(policy);
  }

  /**
   * Get the current global security policy for Hadoop.
   * @return the current {@link Policy}
   */
  public static Policy getPolicy() {
    return Policy.getPolicy();
  }
  
  /**
   * Get the {@link Subject} for the user identified by ugi.
   * @param ugi user
   * @return the {@link Subject} for the user identified by ugi
   */
  public static Subject getSubject(UserGroupInformation ugi) {
    if (ugi == null) {
      return null;
    }
    
    Set principals =       // Number of principals = username + #groups 
      new HashSet(ugi.getGroupNames().length+1);
    User userPrincipal = new User(ugi.getUserName()); 
    principals.add(userPrincipal);
    for (String group : ugi.getGroupNames()) {
      Group groupPrincipal = new Group(group);
      principals.add(groupPrincipal);
    }
    principals.add(ugi);
    Subject user = 
      new Subject(false, principals, new HashSet(), new HashSet());
    
    return user;
  }
  
  /**
   * Class representing a configured access control list.
   */
  public static class AccessControlList {
    
    // Indicates an ACL string that represents access to all users
    public static final String WILDCARD_ACL_VALUE = "*";

    // Set of users who are granted access.
    private Set users;
    // Set of groups which are granted access
    private Set groups;
    // Whether all users are granted access.
    private boolean allAllowed;
    
    /**
     * Construct a new ACL from a String representation of the same.
     * 
     * The String is a a comma separated list of users and groups.
     * The user list comes first and is separated by a space followed 
     * by the group list. For e.g. "user1,user2 group1,group2"
     * 
     * @param aclString String representation of the ACL
     */
    public AccessControlList(String aclString) {
      users = new TreeSet();
      groups = new TreeSet();
      if (aclString.contains(WILDCARD_ACL_VALUE) && 
          aclString.trim().equals(WILDCARD_ACL_VALUE)) {
        allAllowed = true;
      } else {
        String[] userGroupStrings = aclString.split(" ", 2);
        
        if (userGroupStrings.length >= 1) {
          String[] usersStr = userGroupStrings[0].split(",");
          if (usersStr.length >= 1) {
            addToSet(users, usersStr);
          }
        }
        
        if (userGroupStrings.length == 2) {
          String[] groupsStr = userGroupStrings[1].split(",");
          if (groupsStr.length >= 1) {
            addToSet(groups, groupsStr);
          }
        }
      }
    }
    
    public boolean allAllowed() {
      return allAllowed;
    }
    
    public Set getUsers() {
      return users;
    }
    
    public Set getGroups() {
      return groups;
    }
    
    private static final void addToSet(Set set, String[] strings) {
      for (String s : strings) {
        s = s.trim();
        if (s.length() > 0) {
          set.add(s);
        }
      }
    }
  }
}
    

    

    

            

    

            



    
    






    
© 2015 - 2024 Weber Informatics LLC | Privacy Policy