本文整理汇总了Java中org.apache.hadoop.util.MachineList类的典型用法代码示例。如果您正苦于以下问题:Java MachineList类的具体用法?Java MachineList怎么用?Java MachineList使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
MachineList类属于org.apache.hadoop.util包,在下文中一共展示了MachineList类的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: authorize
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
@Override
public void authorize(UserGroupInformation user,
String remoteAddress) throws AuthorizationException {
UserGroupInformation realUser = user.getRealUser();
if (realUser == null) {
return;
}
AccessControlList acl = proxyUserAcl.get(configPrefix +
realUser.getShortUserName());
if (acl == null || !acl.isUserAllowed(user)) {
throw new AuthorizationException("User: " + realUser.getUserName()
+ " is not allowed to impersonate " + user.getUserName());
}
MachineList MachineList = proxyHosts.get(
getProxySuperuserIpConfKey(realUser.getShortUserName()));
if(MachineList == null || !MachineList.includes(remoteAddress)) {
throw new AuthorizationException("Unauthorized connection for super-user: "
+ realUser.getUserName() + " from IP " + remoteAddress);
}
}
开发者ID:naver,项目名称:hadoop,代码行数:25,代码来源:DefaultImpersonationProvider.java
示例2: authorize
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
@Override
public void authorize(UserGroupInformation user,
String remoteAddress) throws AuthorizationException {
if (user == null) {
throw new IllegalArgumentException("user is null.");
}
UserGroupInformation realUser = user.getRealUser();
if (realUser == null) {
return;
}
AccessControlList acl = proxyUserAcl.get(configPrefix +
realUser.getShortUserName());
if (acl == null || !acl.isUserAllowed(user)) {
throw new AuthorizationException("User: " + realUser.getUserName()
+ " is not allowed to impersonate " + user.getUserName());
}
MachineList MachineList = proxyHosts.get(
getProxySuperuserIpConfKey(realUser.getShortUserName()));
if(MachineList == null || !MachineList.includes(remoteAddress)) {
throw new AuthorizationException("Unauthorized connection for super-user: "
+ realUser.getUserName() + " from IP " + remoteAddress);
}
}
开发者ID:nucypher,项目名称:hadoop-oss,代码行数:29,代码来源:DefaultImpersonationProvider.java
示例3: getProxyHosts
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
@VisibleForTesting
public Map<String, Collection<String>> getProxyHosts() {
Map<String, Collection<String>> tmpProxyHosts =
new HashMap<String, Collection<String>>();
for (Map.Entry<String, MachineList> proxyHostEntry :proxyHosts.entrySet()) {
tmpProxyHosts.put(proxyHostEntry.getKey(),
proxyHostEntry.getValue().getCollection());
}
return tmpProxyHosts;
}
开发者ID:nucypher,项目名称:hadoop-oss,代码行数:11,代码来源:DefaultImpersonationProvider.java
示例4: authorize
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
/**
* Authorize the user to access the protocol being used.
*
* @param user user accessing the service
* @param protocol service being accessed
* @param conf configuration to use
* @param addr InetAddress of the client
* @throws AuthorizationException on authorization failure
*/
public void authorize(UserGroupInformation user,
Class<?> protocol,
Configuration conf,
InetAddress addr
) throws AuthorizationException {
AccessControlList[] acls = protocolToAcls.get(protocol);
MachineList[] hosts = protocolToMachineLists.get(protocol);
if (acls == null || hosts == null) {
throw new AuthorizationException("Protocol " + protocol +
" is not known.");
}
// get client principal key to verify (if available)
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
String clientPrincipal = null;
if (krbInfo != null) {
String clientKey = krbInfo.clientPrincipal();
if (clientKey != null && !clientKey.isEmpty()) {
try {
clientPrincipal = SecurityUtil.getServerPrincipal(
conf.get(clientKey), addr);
} catch (IOException e) {
throw (AuthorizationException) new AuthorizationException(
"Can't figure out Kerberos principal name for connection from "
+ addr + " for user=" + user + " protocol=" + protocol)
.initCause(e);
}
}
}
if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) ||
acls.length != 2 || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user)) {
String cause = clientPrincipal != null ?
": this service is only accessible by " + clientPrincipal :
": denied by configured ACL";
AUDITLOG.warn(AUTHZ_FAILED_FOR + user
+ " for protocol=" + protocol + cause);
throw new AuthorizationException("User " + user +
" is not authorized for protocol " + protocol + cause);
}
if (addr != null) {
String hostAddress = addr.getHostAddress();
if (hosts.length != 2 || !hosts[0].includes(hostAddress) ||
hosts[1].includes(hostAddress)) {
AUDITLOG.warn(AUTHZ_FAILED_FOR + " for protocol=" + protocol
+ " from host = " + hostAddress);
throw new AuthorizationException("Host " + hostAddress +
" is not authorized for protocol " + protocol) ;
}
}
AUDITLOG.info(AUTHZ_SUCCESSFUL_FOR + user + " for protocol="+protocol);
}
开发者ID:nucypher,项目名称:hadoop-oss,代码行数:61,代码来源:ServiceAuthorizationManager.java
示例5: refreshWithLoadedConfiguration
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
@Private
public void refreshWithLoadedConfiguration(Configuration conf,
PolicyProvider provider) {
final Map<Class<?>, AccessControlList[]> newAcls =
new IdentityHashMap<Class<?>, AccessControlList[]>();
final Map<Class<?>, MachineList[]> newMachineLists =
new IdentityHashMap<Class<?>, MachineList[]>();
String defaultAcl = conf.get(
CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL,
AccessControlList.WILDCARD_ACL_VALUE);
String defaultBlockedAcl = conf.get(
CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_BLOCKED_ACL, "");
String defaultServiceHostsKey = getHostKey(
CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_AUTHORIZATION_DEFAULT_ACL);
String defaultMachineList = conf.get(defaultServiceHostsKey,
MachineList.WILDCARD_VALUE);
String defaultBlockedMachineList= conf.get(
defaultServiceHostsKey+ BLOCKED, "");
// Parse the config file
Service[] services = provider.getServices();
if (services != null) {
for (Service service : services) {
AccessControlList acl =
new AccessControlList(
conf.get(service.getServiceKey(),
defaultAcl)
);
AccessControlList blockedAcl =
new AccessControlList(
conf.get(service.getServiceKey() + BLOCKED,
defaultBlockedAcl));
newAcls.put(service.getProtocol(), new AccessControlList[] {acl, blockedAcl});
String serviceHostsKey = getHostKey(service.getServiceKey());
MachineList machineList = new MachineList (conf.get(serviceHostsKey, defaultMachineList));
MachineList blockedMachineList = new MachineList(
conf.get(serviceHostsKey + BLOCKED, defaultBlockedMachineList));
newMachineLists.put(service.getProtocol(),
new MachineList[] {machineList, blockedMachineList});
}
}
// Flip to the newly parsed permissions
protocolToAcls = newAcls;
protocolToMachineLists = newMachineLists;
}
开发者ID:nucypher,项目名称:hadoop-oss,代码行数:50,代码来源:ServiceAuthorizationManager.java
示例6: getProtocolsMachineList
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
@VisibleForTesting
public MachineList getProtocolsMachineList(Class<?> className) {
return protocolToMachineLists.get(className)[0];
}
开发者ID:nucypher,项目名称:hadoop-oss,代码行数:5,代码来源:ServiceAuthorizationManager.java
示例7: getProtocolsBlockedMachineList
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
@VisibleForTesting
public MachineList getProtocolsBlockedMachineList(Class<?> className) {
return protocolToMachineLists.get(className)[1];
}
开发者ID:nucypher,项目名称:hadoop-oss,代码行数:5,代码来源:ServiceAuthorizationManager.java
示例8: authorize
import org.apache.hadoop.util.MachineList; //导入依赖的package包/类
/**
* Authorize the user to access the protocol being used.
*
* @param user user accessing the service
* @param protocol service being accessed
* @param conf configuration to use
* @param addr InetAddress of the client
* @throws AuthorizationException on authorization failure
*/
public void authorize(UserGroupInformation user,
Class<?> protocol,
Configuration conf,
InetAddress addr
) throws AuthorizationException {
AccessControlList[] acls = protocolToAcls.get(protocol);
MachineList[] hosts = protocolToMachineLists.get(protocol);
if (acls == null || hosts == null) {
throw new AuthorizationException("Protocol " + protocol +
" is not known.");
}
// get client principal key to verify (if available)
KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
String clientPrincipal = null;
if (krbInfo != null) {
String clientKey = krbInfo.clientPrincipal();
if (clientKey != null && !clientKey.isEmpty()) {
try {
clientPrincipal = SecurityUtil.getServerPrincipal(
conf.get(clientKey), addr);
} catch (IOException e) {
throw (AuthorizationException) new AuthorizationException(
"Can't figure out Kerberos principal name for connection from "
+ addr + " for user=" + user + " protocol=" + protocol)
.initCause(e);
}
}
}
if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) ||
acls.length != 2 || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user)) {
AUDITLOG.warn(AUTHZ_FAILED_FOR + user + " for protocol=" + protocol
+ ", expected client Kerberos principal is " + clientPrincipal);
throw new AuthorizationException("User " + user +
" is not authorized for protocol " + protocol +
", expected client Kerberos principal is " + clientPrincipal);
}
if (addr != null) {
String hostAddress = addr.getHostAddress();
if (hosts.length != 2 || !hosts[0].includes(hostAddress) ||
hosts[1].includes(hostAddress)) {
AUDITLOG.warn(AUTHZ_FAILED_FOR + " for protocol=" + protocol
+ " from host = " + hostAddress);
throw new AuthorizationException("Host " + hostAddress +
" is not authorized for protocol " + protocol) ;
}
}
AUDITLOG.info(AUTHZ_SUCCESSFUL_FOR + user + " for protocol="+protocol);
}
开发者ID:naver,项目名称:hadoop,代码行数:59,代码来源:ServiceAuthorizationManager.java
注:本文中的org.apache.hadoop.util.MachineList类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论