Search in sources :

Example 46 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hadoop by apache.

the class KMSClientProvider method createConnection.

private HttpURLConnection createConnection(final URL url, String method) throws IOException {
    HttpURLConnection conn;
    try {
        final String doAsUser = getDoAsUser();
        conn = getActualUgi().doAs(new PrivilegedExceptionAction<HttpURLConnection>() {

            @Override
            public HttpURLConnection run() throws Exception {
                DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator);
                return authUrl.openConnection(url, authToken, doAsUser);
            }
        });
    } catch (IOException ex) {
        if (ex instanceof SocketTimeoutException) {
            LOG.warn("Failed to connect to {}:{}", url.getHost(), url.getPort());
        }
        throw ex;
    } catch (UndeclaredThrowableException ex) {
        throw new IOException(ex.getUndeclaredThrowable());
    } catch (Exception ex) {
        throw new IOException(ex);
    }
    conn.setUseCaches(false);
    conn.setRequestMethod(method);
    if (method.equals(HTTP_POST) || method.equals(HTTP_PUT)) {
        conn.setDoOutput(true);
    }
    conn = configureConnection(conn);
    return conn;
}
Also used : HttpURLConnection(java.net.HttpURLConnection) SocketTimeoutException(java.net.SocketTimeoutException) DelegationTokenAuthenticatedURL(org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IOException(java.io.IOException) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) URISyntaxException(java.net.URISyntaxException) GeneralSecurityException(java.security.GeneralSecurityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SocketTimeoutException(java.net.SocketTimeoutException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) UndeclaredThrowableException(java.lang.reflect.UndeclaredThrowableException) ExecutionException(java.util.concurrent.ExecutionException)

Example 47 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hadoop by apache.

the class TestFileSystemCaching method testCacheForUgi.

@SuppressWarnings("unchecked")
@Test
public <T extends TokenIdentifier> void testCacheForUgi() throws Exception {
    final Configuration conf = new Configuration();
    conf.set("fs.cachedfile.impl", FileSystem.getFileSystemClass("file", null).getName());
    UserGroupInformation ugiA = UserGroupInformation.createRemoteUser("foo");
    UserGroupInformation ugiB = UserGroupInformation.createRemoteUser("bar");
    FileSystem fsA = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    FileSystem fsA1 = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    //Since the UGIs are the same, we should have the same filesystem for both
    assertSame(fsA, fsA1);
    FileSystem fsB = ugiB.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    //Since the UGIs are different, we should end up with different filesystems
    //corresponding to the two UGIs
    assertNotSame(fsA, fsB);
    Token<T> t1 = mock(Token.class);
    UserGroupInformation ugiA2 = UserGroupInformation.createRemoteUser("foo");
    fsA = ugiA2.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    // Although the users in the UGI are same, they have different subjects
    // and so are different.
    assertNotSame(fsA, fsA1);
    ugiA.addToken(t1);
    fsA = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    // Make sure that different UGI's with the same subject lead to the same
    // file system.
    assertSame(fsA, fsA1);
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) FileSystem(org.apache.hadoop.fs.FileSystem) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 48 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project hadoop by apache.

the class TestFileSystemCaching method testCloseAllForUGI.

@Test
public void testCloseAllForUGI() throws Exception {
    final Configuration conf = new Configuration();
    conf.set("fs.cachedfile.impl", FileSystem.getFileSystemClass("file", null).getName());
    UserGroupInformation ugiA = UserGroupInformation.createRemoteUser("foo");
    FileSystem fsA = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    //Now we should get the cached filesystem
    FileSystem fsA1 = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    assertSame(fsA, fsA1);
    FileSystem.closeAllForUGI(ugiA);
    //Now we should get a different (newly created) filesystem
    fsA1 = ugiA.doAs(new PrivilegedExceptionAction<FileSystem>() {

        @Override
        public FileSystem run() throws Exception {
            return FileSystem.get(new URI("cachedfile://a"), conf);
        }
    });
    assertNotSame(fsA, fsA1);
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) FileSystem(org.apache.hadoop.fs.FileSystem) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation) Test(org.junit.Test)

Example 49 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project ranger by apache.

the class HDFSAuditDestination method logJSON.

@Override
public synchronized boolean logJSON(final Collection<String> events) {
    logStatusIfRequired();
    addTotalCount(events.size());
    if (!initDone) {
        addDeferredCount(events.size());
        return false;
    }
    if (isStopped) {
        addDeferredCount(events.size());
        logError("log() called after stop was requested. name=" + getName());
        return false;
    }
    PrintWriter out = null;
    try {
        if (logger.isDebugEnabled()) {
            logger.debug("UGI=" + MiscUtil.getUGILoginUser() + ". Will write to HDFS file=" + currentFileName);
        }
        out = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction<PrintWriter>() {

            @Override
            public PrintWriter run() throws Exception {
                PrintWriter out = getLogFileStream();
                for (String event : events) {
                    out.println(event);
                }
                return out;
            }
        });
        // flush and check the stream for errors
        if (out.checkError()) {
            // In theory, this count may NOT be accurate as part of the messages may have been successfully written.
            // However, in practice, since client does buffering, either all of none would succeed.
            addDeferredCount(events.size());
            out.close();
            logWriter = null;
            ostream = null;
            return false;
        }
    } catch (Throwable t) {
        addDeferredCount(events.size());
        logError("Error writing to log file.", t);
        return false;
    } finally {
        logger.info("Flushing HDFS audit. Event Size:" + events.size());
        if (out != null) {
            out.flush();
        }
    }
    addSuccessCount(events.size());
    return true;
}
Also used : PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) PrintWriter(java.io.PrintWriter)

Example 50 with PrivilegedExceptionAction

use of java.security.PrivilegedExceptionAction in project ignite by apache.

the class ConcurrentLinkedDeque8 method unsafe.

/**
 * @return Instance of Unsafe class.
 */
static Unsafe unsafe() {
    try {
        return Unsafe.getUnsafe();
    } catch (SecurityException ignored) {
        try {
            return AccessController.doPrivileged(new PrivilegedExceptionAction<Unsafe>() {

                @Override
                public Unsafe run() throws Exception {
                    Field f = Unsafe.class.getDeclaredField("theUnsafe");
                    f.setAccessible(true);
                    return (Unsafe) f.get(null);
                }
            });
        } catch (PrivilegedActionException e) {
            throw new RuntimeException("Could not initialize intrinsics.", e.getCause());
        }
    }
}
Also used : Field(java.lang.reflect.Field) PrivilegedActionException(java.security.PrivilegedActionException) Unsafe(sun.misc.Unsafe) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction)

Aggregations

PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)387 IOException (java.io.IOException)199 PrivilegedActionException (java.security.PrivilegedActionException)135 Test (org.junit.Test)104 Connection (org.apache.hadoop.hbase.client.Connection)81 UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)76 Table (org.apache.hadoop.hbase.client.Table)62 TableName (org.apache.hadoop.hbase.TableName)57 Result (org.apache.hadoop.hbase.client.Result)56 Scan (org.apache.hadoop.hbase.client.Scan)55 ResultScanner (org.apache.hadoop.hbase.client.ResultScanner)53 Delete (org.apache.hadoop.hbase.client.Delete)48 InterruptedIOException (java.io.InterruptedIOException)47 Cell (org.apache.hadoop.hbase.Cell)38 CellScanner (org.apache.hadoop.hbase.CellScanner)38 Configuration (org.apache.hadoop.conf.Configuration)36 File (java.io.File)33 AuthorizationException (org.apache.hadoop.security.authorize.AuthorizationException)33 Path (org.apache.hadoop.fs.Path)23 ArrayList (java.util.ArrayList)22