View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.omid.tools.hbase;
19  
20  import org.apache.hadoop.security.UserGroupInformation;
21  import org.slf4j.Logger;
22  import org.slf4j.LoggerFactory;
23  
24  import javax.annotation.Nullable;
25  import java.io.IOException;
26  
27  public final class HBaseLogin {
28  
29      private static final Logger LOG = LoggerFactory.getLogger(HBaseLogin.class);
30  
31      private static volatile UserGroupInformation ugi;
32  
33      @Nullable
34      public static UserGroupInformation loginIfNeeded(SecureHBaseConfig config) throws IOException {
35  
36          if (UserGroupInformation.isSecurityEnabled()) {
37              LOG.info("Security enabled when connecting to HBase");
38              if (ugi == null) { // Use lazy initialization with double-checked locking
39                  synchronized (HBaseLogin.class) {
40                      if (ugi == null) {
41                          LOG.info("Login with Kerberos. User={}, keytab={}", config.getPrincipal(), config.getKeytab());
42                          UserGroupInformation.loginUserFromKeytab(config.getPrincipal(), config.getKeytab());
43                          ugi = UserGroupInformation.getCurrentUser();
44                      }
45                  }
46              } else {
47                  LOG.info("User {}, already trusted (Kerberos). Avoiding 2nd login as it causes problems", ugi.toString());
48              }
49          } else {
50              LOG.warn("Security NOT enabled when connecting to HBase. Act at your own risk. NULL UGI returned");
51          }
52          return ugi;
53      }
54  
55  }