[
https://issues.apache.org/jira/browse/NIFI-1488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15198126#comment-15198126
]
ASF GitHub Bot commented on NIFI-1488:
--------------------------------------
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/281#discussion_r56411887
--- Diff:
nifi-commons/nifi-hadoop-utils/src/main/java/org/apache/nifi/hadoop/SecurityUtil.java
---
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.hadoop;
+
+import org.apache.commons.lang3.Validate;
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.nifi.logging.ComponentLog;
+
+import java.io.IOException;
+
+/**
+ * Provides synchronized access to UserGroupInformation to avoid multiple
processors/services from
+ * interfering with each other.
+ */
+public class SecurityUtil {
+
+ /**
+ * Initializes UserGroupInformation with the given Configuration and
performs the login for the given principal
+ * and keytab. All logins should happen through this class to ensure
other threads are not concurrently modifying
+ * UserGroupInformation.
+ *
+ * @param config the configuration instance
+ * @param principal the principal to authenticate as
+ * @param keyTab the keytab to authenticate with
+ *
+ * @return the UGI for the given principal
+ *
+ * @throws IOException if login failed
+ */
+ public static synchronized UserGroupInformation loginKerberos(final
Configuration config, final String principal, final String keyTab)
+ throws IOException {
+ Validate.notNull(config);
+ Validate.notNull(principal);
+ Validate.notNull(keyTab);
+
+ UserGroupInformation.setConfiguration(config);
+ return
UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal.trim(),
keyTab.trim());
+ }
+
+ /**
+ * Initializes UserGroupInformation with the given Configuration and
returns UserGroupInformation.getLoginUser().
+ * All logins should happen through this class to ensure other threads
are not concurrently modifying
+ * UserGroupInformation.
+ *
+ * @param config the configuration instance
+ *
+ * @return the UGI for the given principal
+ *
+ * @throws IOException if login failed
+ */
+ public static synchronized UserGroupInformation loginSimple(final
Configuration config) throws IOException {
+ Validate.notNull(config);
+ UserGroupInformation.setConfiguration(config);
+ return UserGroupInformation.getLoginUser();
+ }
+
+ /**
+ * Initializes UserGroupInformation with the given Configuration and
returns UserGroupInformation.isSecurityEnabled().
+ *
+ * All checks for isSecurityEnabled() should happen through this
method.
+ *
+ * @param config the given configuration
+ *
+ * @return true if kerberos is enabled on the given configuration,
false otherwise
+ *
+ */
+ public static synchronized boolean isSecurityEnabled(final
Configuration config) {
+ Validate.notNull(config);
+ return
"kerberos".equalsIgnoreCase(config.get("hadoop.security.authentication"));
+ }
+
+ /**
+ * Start a thread that periodically attempts to renew the current
Kerberos user's ticket.
+ *
+ * Callers of this method should store the reference to the
KerberosTicketRenewer and call stop() to stop the thread.
+ *
+ * @param clazz
+ * The class that this renewal is for (i.e. PutHDFS, etc)
+ * @param ugi
+ * The current Kerberos user.
+ * @param renewalPeriod
+ * The amount of time between attempting renewals.
+ * @param logger
+ * The logger to use with in the renewer
+ *
+ * @return the KerberosTicketRenewer Runnable
+ */
+ public static KerberosTicketRenewer startTicketRenewalThread(final
Class clazz, final UserGroupInformation ugi, final long renewalPeriod, final
ComponentLog logger) {
--- End diff --
Given that the class is used only for the thread name, I think it would
make more sense to just pass in a String for the name, no?
> Add Kerberos Support to HBase processors
> ----------------------------------------
>
> Key: NIFI-1488
> URL: https://issues.apache.org/jira/browse/NIFI-1488
> Project: Apache NiFi
> Issue Type: Improvement
> Affects Versions: 0.4.0, 0.4.1
> Reporter: Bryan Bende
> Assignee: Ricky Saltzer
> Fix For: 0.6.0
>
> Attachments:
> 0001-NIFI-1488-Adjusting-unused-imports-and-adding-licens.patch,
> 0001-NIFI-1488-fixed-bug-that-returned-wrong-variable-for.patch
>
>
> Our current HBase integration does not support communicating with a
> Kerberized HBase install. We should support this just like we do for the HDFS
> processors.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
