Examples with PrivilegedExceptionAction java.security.PrivilegedExceptionAction used on opensource projects

Example 11 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hbase by apache.

the class UnsafeUtil method getUnsafe.

/**
   * Gets the {@code sun.misc.Unsafe} instance, or {@code null} if not available on this platform.
   */
private static sun.misc.Unsafe getUnsafe() {
    sun.misc.Unsafe unsafe = null;
    try {
        unsafe = AccessController.doPrivileged(new PrivilegedExceptionAction<Unsafe>() {

            @Override
            public sun.misc.Unsafe run() throws Exception {
                Class<sun.misc.Unsafe> k = sun.misc.Unsafe.class;
                for (Field f : k.getDeclaredFields()) {
                    f.setAccessible(true);
                    Object x = f.get(null);
                    if (k.isInstance(x)) {
                        return k.cast(x);
                    }
                }
                // The sun.misc.Unsafe field does not exist.
                return null;
            }
        });
    } catch (Throwable e) {
    // Catching Throwable here due to the fact that Google AppEngine raises NoClassDefFoundError
    // for Unsafe.
    }
    return unsafe;
}

Example 12 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hadoop by apache.

the class RMWebServices method listReservation.

/**
   * Function to retrieve a list of all the reservations.
   */
@GET
@Path("/reservation/list")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
public Response listReservation(@QueryParam("queue") @DefaultValue("default") String queue, @QueryParam("reservation-id") @DefaultValue("") String reservationId, @QueryParam("start-time") @DefaultValue("0") long startTime, @QueryParam("end-time") @DefaultValue("-1") long endTime, @QueryParam("include-resource-allocations") @DefaultValue("false") boolean includeResourceAllocations, @Context HttpServletRequest hsr) throws Exception {
    init();
    final ReservationListRequest request = ReservationListRequest.newInstance(queue, reservationId, startTime, endTime, includeResourceAllocations);
    UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
    if (callerUGI == null) {
        throw new AuthorizationException("Unable to obtain user name, " + "user not authenticated");
    }
    if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
        String msg = "The default static user cannot carry out this operation.";
        return Response.status(Status.FORBIDDEN).entity(msg).build();
    }
    ReservationListResponse resRespInfo;
    try {
        resRespInfo = callerUGI.doAs(new PrivilegedExceptionAction<ReservationListResponse>() {

            @Override
            public ReservationListResponse run() throws IOException, YarnException {
                return rm.getClientRMService().listReservations(request);
            }
        });
    } catch (UndeclaredThrowableException ue) {
        if (ue.getCause() instanceof YarnException) {
            throw new BadRequestException(ue.getCause().getMessage());
        }
        LOG.info("List reservation request failed", ue);
        throw ue;
    }
    ReservationListInfo resResponse = new ReservationListInfo(resRespInfo, includeResourceAllocations);
    return Response.status(Status.OK).entity(resResponse).build();
}

Example 13 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hadoop by apache.

the class RMWebServices method renewDelegationToken.

private Response renewDelegationToken(DelegationToken tokenData, HttpServletRequest hsr, UserGroupInformation callerUGI) throws AuthorizationException, IOException, InterruptedException, Exception {
    Token<RMDelegationTokenIdentifier> token = extractToken(tokenData.getToken());
    org.apache.hadoop.yarn.api.records.Token dToken = BuilderUtils.newDelegationToken(token.getIdentifier(), token.getKind().toString(), token.getPassword(), token.getService().toString());
    final RenewDelegationTokenRequest req = RenewDelegationTokenRequest.newInstance(dToken);
    RenewDelegationTokenResponse resp;
    try {
        resp = callerUGI.doAs(new PrivilegedExceptionAction<RenewDelegationTokenResponse>() {

            @Override
            public RenewDelegationTokenResponse run() throws IOException, YarnException {
                return rm.getClientRMService().renewDelegationToken(req);
            }
        });
    } catch (UndeclaredThrowableException ue) {
        if (ue.getCause() instanceof YarnException) {
            if (ue.getCause().getCause() instanceof InvalidToken) {
                throw new BadRequestException(ue.getCause().getCause().getMessage());
            } else if (ue.getCause().getCause() instanceof org.apache.hadoop.security.AccessControlException) {
                return Response.status(Status.FORBIDDEN).entity(ue.getCause().getCause().getMessage()).build();
            }
            LOG.info("Renew delegation token request failed", ue);
            throw ue;
        }
        LOG.info("Renew delegation token request failed", ue);
        throw ue;
    } catch (Exception e) {
        LOG.info("Renew delegation token request failed", e);
        throw e;
    }
    long renewTime = resp.getNextExpirationTime();
    DelegationToken respToken = new DelegationToken();
    respToken.setNextExpirationTime(renewTime);
    return Response.status(Status.OK).entity(respToken).build();
}

Example 14 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hadoop by apache.

the class RMWebServices method createDelegationToken.

private Response createDelegationToken(DelegationToken tokenData, HttpServletRequest hsr, UserGroupInformation callerUGI) throws AuthorizationException, IOException, InterruptedException, Exception {
    final String renewer = tokenData.getRenewer();
    GetDelegationTokenResponse resp;
    try {
        resp = callerUGI.doAs(new PrivilegedExceptionAction<GetDelegationTokenResponse>() {

            @Override
            public GetDelegationTokenResponse run() throws IOException, YarnException {
                GetDelegationTokenRequest createReq = GetDelegationTokenRequest.newInstance(renewer);
                return rm.getClientRMService().getDelegationToken(createReq);
            }
        });
    } catch (Exception e) {
        LOG.info("Create delegation token request failed", e);
        throw e;
    }
    Token<RMDelegationTokenIdentifier> tk = new Token<RMDelegationTokenIdentifier>(resp.getRMDelegationToken().getIdentifier().array(), resp.getRMDelegationToken().getPassword().array(), new Text(resp.getRMDelegationToken().getKind()), new Text(resp.getRMDelegationToken().getService()));
    RMDelegationTokenIdentifier identifier = tk.decodeIdentifier();
    long currentExpiration = rm.getRMContext().getRMDelegationTokenSecretManager().getRenewDate(identifier);
    DelegationToken respToken = new DelegationToken(tk.encodeToUrlString(), renewer, identifier.getOwner().toString(), tk.getKind().toString(), currentExpiration, identifier.getMaxDate());
    return Response.status(Status.OK).entity(respToken).build();
}

Example 15 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hadoop by apache.

the class RMWebServices method deleteReservation.

/**
   * Function to delete a Reservation to the RM.
   *
   * @param resContext provides information to construct
   *          the ReservationDeleteRequest
   * @param hsr the servlet request
   * @return Response containing the status code
   * @throws AuthorizationException when the user group information cannot be
   *           retrieved.
   * @throws IOException when a {@link ReservationDeleteRequest} cannot be
   *           created from the {@link ReservationDeleteRequestInfo}. This
   *           exception is also thrown on
   *           {@code ClientRMService.deleteReservation} invokation failure.
   * @throws InterruptedException if doAs action throws an InterruptedException.
   */
@POST
@Path("/reservation/delete")
@Produces({ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8, MediaType.APPLICATION_XML + "; " + JettyUtils.UTF_8 })
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response deleteReservation(ReservationDeleteRequestInfo resContext, @Context HttpServletRequest hsr) throws AuthorizationException, IOException, InterruptedException {
    init();
    UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true);
    if (callerUGI == null) {
        throw new AuthorizationException("Unable to obtain user name, " + "user not authenticated");
    }
    if (UserGroupInformation.isSecurityEnabled() && isStaticUser(callerUGI)) {
        String msg = "The default static user cannot carry out this operation.";
        return Response.status(Status.FORBIDDEN).entity(msg).build();
    }
    final ReservationDeleteRequest reservation = createReservationDeleteRequest(resContext);
    ReservationDeleteResponseInfo resRespInfo;
    try {
        resRespInfo = callerUGI.doAs(new PrivilegedExceptionAction<ReservationDeleteResponseInfo>() {

            @Override
            public ReservationDeleteResponseInfo run() throws IOException, YarnException {
                rm.getClientRMService().deleteReservation(reservation);
                return new ReservationDeleteResponseInfo();
            }
        });
    } catch (UndeclaredThrowableException ue) {
        if (ue.getCause() instanceof YarnException) {
            throw new BadRequestException(ue.getCause().getMessage());
        }
        LOG.info("Update reservation request failed", ue);
        throw ue;
    }
    return Response.status(Status.OK).entity(resRespInfo).build();
}