in hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java [44:78]
public static UserGroupInformation loginIfNeeded(SecureHBaseConfig config, Configuration hbaseConf) throws IOException {
boolean credsProvided = null != config.getPrincipal() && null != config.getKeytab();
if (UserGroupInformation.isSecurityEnabled()) {
// Check if we need to authenticate with kerberos so that we cache the correct ConnectionInfo
UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
boolean hasKerberosCreds = currentUser.hasKerberosCredentials()
|| (currentUser.getRealUser() != null
&& currentUser.getRealUser().hasKerberosCredentials());
if (credsProvided && (!hasKerberosCreds
|| !isSameName(currentUser.getUserName(), config.getPrincipal()))) {
synchronized (KERBEROS_LOGIN_LOCK) {
// Double check the current user, might have changed since we checked last. Don't want
// to re-login if it's the same user.
currentUser = UserGroupInformation.getCurrentUser();
if (!hasKerberosCreds || !isSameName(currentUser.getUserName(), config.getPrincipal())) {
final Configuration hbaseConfig = getConfiguration(hbaseConf, config.getPrincipal(), config.getKeytab());
LOG.info("Trying to connect to a secure cluster as {} with keytab {}",
hbaseConfig.get(SecureHBaseConfig.HBASE_CLIENT_PRINCIPAL_KEY),
hbaseConfig.get(SecureHBaseConfig.HBASE_CLIENT_KEYTAB_KEY));
UserGroupInformation.setConfiguration(hbaseConfig);
User.login(hbaseConfig, SecureHBaseConfig.HBASE_CLIENT_KEYTAB_KEY, SecureHBaseConfig.HBASE_CLIENT_PRINCIPAL_KEY, null);
LOG.info("Successful login to secure cluster");
}
}
} else {
if (hasKerberosCreds) {
// The user already has Kerberos creds, so there isn't anything to change in the ConnectionInfo.
LOG.debug("Already logged in as {}", currentUser);
} else {
LOG.warn("Security enabled but not logged in, and did not provide credentials. NULL UGI returned");
}
}
}
return ugi;
}